def setUp(self): super(TestCorsMiddlewareProcessRequest, self).setUp() self.middleware = CorsCSRFMiddleware()
class TestCorsMiddlewareProcessRequest(TestCase): """ Test processing a request through the middleware """ def get_request(self, is_secure, http_referer): """ Build a test request """ request = Mock() request.META = {'HTTP_REFERER': http_referer} request.is_secure = lambda: is_secure return request @override_settings(FEATURES={'ENABLE_CORS_HEADERS': True}) def setUp(self): super(TestCorsMiddlewareProcessRequest, self).setUp() self.middleware = CorsCSRFMiddleware() def check_not_enabled(self, request): """ Check that the middleware does NOT process the provided request """ with patch.object(CsrfViewMiddleware, 'process_view') as mock_method: res = self.middleware.process_view(request, None, None, None) self.assertIsNone(res) self.assertFalse(mock_method.called) def check_enabled(self, request): """ Check that the middleware does process the provided request """ def cb_check_req_is_secure_false(request, callback, args, kwargs): """ Check that the request doesn't pass (yet) the `is_secure()` test """ self.assertFalse(request.is_secure()) return SENTINEL with patch.object(CsrfViewMiddleware, 'process_view') as mock_method: mock_method.side_effect = cb_check_req_is_secure_false res = self.middleware.process_view(request, None, None, None) self.assertIs(res, SENTINEL) self.assertTrue(request.is_secure()) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_enabled(self): request = self.get_request(is_secure=True, http_referer='https://foo.com/bar') self.check_enabled(request) @override_settings( FEATURES={'ENABLE_CORS_HEADERS': False}, CORS_ORIGIN_WHITELIST=['foo.com'] ) def test_disabled_no_cors_headers(self): with self.assertRaises(MiddlewareNotUsed): CorsCSRFMiddleware() @override_settings(CORS_ORIGIN_WHITELIST=['bar.com']) def test_disabled_wrong_cors_domain(self): request = self.get_request(is_secure=True, http_referer='https://foo.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_wrong_cors_domain_reversed(self): request = self.get_request(is_secure=True, http_referer='https://bar.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_http_request(self): request = self.get_request(is_secure=False, http_referer='https://foo.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_http_referer(self): request = self.get_request(is_secure=True, http_referer='http://foo.com/bar') self.check_not_enabled(request)
def test_disabled_no_cors_headers(self): with self.assertRaises(MiddlewareNotUsed): CorsCSRFMiddleware()
def setUp(self): super(TestCorsMiddlewareProcessRequest, self).setUp() self.middleware = CorsCSRFMiddleware()
class TestCorsMiddlewareProcessRequest(TestCase): """ Test processing a request through the middleware """ def get_request(self, is_secure, http_referer): """ Build a test request """ request = Mock() request.META = {'HTTP_REFERER': http_referer} request.is_secure = lambda: is_secure return request @override_settings(FEATURES={'ENABLE_CORS_HEADERS': True}) def setUp(self): super(TestCorsMiddlewareProcessRequest, self).setUp() self.middleware = CorsCSRFMiddleware() def check_not_enabled(self, request): """ Check that the middleware does NOT process the provided request """ with patch.object(CsrfViewMiddleware, 'process_view') as mock_method: res = self.middleware.process_view(request, None, None, None) self.assertIsNone(res) self.assertFalse(mock_method.called) def check_enabled(self, request): """ Check that the middleware does process the provided request """ def cb_check_req_is_secure_false(request, callback, args, kwargs): """ Check that the request doesn't pass (yet) the `is_secure()` test """ self.assertFalse(request.is_secure()) return SENTINEL with patch.object(CsrfViewMiddleware, 'process_view') as mock_method: mock_method.side_effect = cb_check_req_is_secure_false res = self.middleware.process_view(request, None, None, None) self.assertIs(res, SENTINEL) self.assertTrue(request.is_secure()) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_enabled(self): request = self.get_request(is_secure=True, http_referer='https://foo.com/bar') self.check_enabled(request) @override_settings(FEATURES={'ENABLE_CORS_HEADERS': False}, CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_no_cors_headers(self): with self.assertRaises(MiddlewareNotUsed): CorsCSRFMiddleware() @override_settings(CORS_ORIGIN_WHITELIST=['bar.com']) def test_disabled_wrong_cors_domain(self): request = self.get_request(is_secure=True, http_referer='https://foo.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_wrong_cors_domain_reversed(self): request = self.get_request(is_secure=True, http_referer='https://bar.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_http_request(self): request = self.get_request(is_secure=False, http_referer='https://foo.com/bar') self.check_not_enabled(request) @override_settings(CORS_ORIGIN_WHITELIST=['foo.com']) def test_disabled_http_referer(self): request = self.get_request(is_secure=True, http_referer='http://foo.com/bar') self.check_not_enabled(request)
def setUp(self): self.middleware = CorsCSRFMiddleware()