def test_state_embargo(self): # Azerbaijan and France should not be blocked good_states = ['AZ', 'FR'] # Gah block USA and Antartica blocked_states = ['US', 'AQ'] currently_blocked = EmbargoedState.current().embargoed_countries_list for state in blocked_states + good_states: self.assertNotIn(state, currently_blocked) # Block cauth = EmbargoedState(embargoed_countries='US, AQ') cauth.save() currently_blocked = EmbargoedState.current().embargoed_countries_list for state in good_states: self.assertNotIn(state, currently_blocked) for state in blocked_states: self.assertIn(state, currently_blocked) # Change embargo - block Isle of Man too blocked_states.append('IM') cauth.embargoed_countries = 'US, AQ, IM' cauth.save() currently_blocked = EmbargoedState.current().embargoed_countries_list for state in good_states: self.assertNotIn(state, currently_blocked) for state in blocked_states: self.assertIn(state, currently_blocked)
def test_state_embargo(self): # Azerbaijan and France should not be blocked good_states = ['AZ', 'FR'] # Gah block USA and Antartica blocked_states = ['US', 'AQ'] currently_blocked = EmbargoedState.current().embargoed_countries_list for state in blocked_states + good_states: self.assertFalse(state in currently_blocked) # Block cauth = EmbargoedState(embargoed_countries='US, AQ') cauth.save() currently_blocked = EmbargoedState.current().embargoed_countries_list for state in good_states: self.assertFalse(state in currently_blocked) for state in blocked_states: self.assertTrue(state in currently_blocked) # Change embargo - block Isle of Man too blocked_states.append('IM') cauth.embargoed_countries = 'US, AQ, IM' cauth.save() currently_blocked = EmbargoedState.current().embargoed_countries_list for state in good_states: self.assertFalse(state in currently_blocked) for state in blocked_states: self.assertTrue(state in currently_blocked)
def setUp(self): super(EmbargoMiddlewareTests, self).setUp() self.user = UserFactory(username='******', password='******') self.client.login(username='******', password='******') self.embargo_course = CourseFactory.create() self.embargo_course.save() self.regular_course = CourseFactory.create(org="Regular") self.regular_course.save() self.embargoed_page = '/courses/' + self.embargo_course.id.to_deprecated_string( ) + '/info' self.regular_page = '/courses/' + self.regular_course.id.to_deprecated_string( ) + '/info' EmbargoedCourse(course_id=self.embargo_course.id, embargoed=True).save() EmbargoedState(embargoed_countries="cu, ir, Sy, SD", changed_by=self.user, enabled=True).save() CourseEnrollment.enroll(self.user, self.regular_course.id) CourseEnrollment.enroll(self.user, self.embargo_course.id) # Text from lms/templates/static_templates/embargo.html self.embargo_text = "Unfortunately, at this time edX must comply with export controls, and we cannot allow you to access this course." self.patcher = mock.patch.object(pygeoip.GeoIP, 'country_code_by_addr', self.mock_country_code_by_addr) self.patcher.start()
def process_request(self, request): """ Processes embargo requests """ url = request.path course_id = course_id_from_url(url) # If they're trying to access a course that cares about embargoes if EmbargoedCourse.is_embargoed(course_id): # If we're having performance issues, add caching here ip_addr = get_ip(request) # if blacklisted, immediately fail if ip_addr in IPFilter.current().blacklist_ips: log.info("Embargo: Restricting IP address %s to course %s because IP is blacklisted.", ip_addr, course_id) return redirect('embargo') country_code_from_ip = pygeoip.GeoIP(settings.GEOIP_PATH).country_code_by_addr(ip_addr) is_embargoed = country_code_from_ip in EmbargoedState.current().embargoed_countries_list # Fail if country is embargoed and the ip address isn't explicitly whitelisted if is_embargoed and ip_addr not in IPFilter.current().whitelist_ips: log.info( "Embargo: Restricting IP address %s to course %s because IP is from country %s.", ip_addr, course_id, country_code_from_ip ) return redirect('embargo')
def test_add_valid_states(self): # test adding valid two letter states # case and spacing should not matter form_data = {'embargoed_countries': 'cu, Sy , US'} form = EmbargoedStateForm(data=form_data) self.assertTrue(form.is_valid()) form.save() current_embargoes = EmbargoedState.current().embargoed_countries_list for country in ["CU", "SY", "US"]: self.assertIn(country, current_embargoes) # Test clearing by adding an empty list is OK too form_data = {'embargoed_countries': ''} form = EmbargoedStateForm(data=form_data) self.assertTrue(form.is_valid()) form.save() self.assertTrue(len(EmbargoedState.current().embargoed_countries_list) == 0)
def process_request(self, request): """ Processes embargo requests """ url = request.path course_id = course_id_from_url(url) # If they're trying to access a course that cares about embargoes if EmbargoedCourse.is_embargoed(course_id): # If we're having performance issues, add caching here ip_addr = get_ip(request) # if blacklisted, immediately fail if ip_addr in IPFilter.current().blacklist_ips: log.info( "Embargo: Restricting IP address %s to course %s because IP is blacklisted.", ip_addr, course_id) return redirect('embargo') country_code_from_ip = pygeoip.GeoIP( settings.GEOIP_PATH).country_code_by_addr(ip_addr) is_embargoed = country_code_from_ip in EmbargoedState.current( ).embargoed_countries_list # Fail if country is embargoed and the ip address isn't explicitly whitelisted if is_embargoed and ip_addr not in IPFilter.current( ).whitelist_ips: log.info( "Embargo: Restricting IP address %s to course %s because IP is from country %s.", ip_addr, course_id, country_code_from_ip) return redirect('embargo')
def test_add_invalid_states(self): # test adding invalid codes # xx is not valid # usa is not valid form_data = {'embargoed_countries': 'usa, xx'} form = EmbargoedStateForm(data=form_data) self.assertFalse(form.is_valid()) msg = 'COULD NOT PARSE COUNTRY CODE(S) FOR: {0}'.format([u'USA', u'XX']) msg += ' Please check the list of country codes and verify your entries.' self.assertEquals(msg, form._errors['embargoed_countries'][0]) # pylint: disable=protected-access with self.assertRaisesRegexp(ValueError, "The EmbargoedState could not be created because the data didn't validate."): form.save() self.assertFalse('USA' in EmbargoedState.current().embargoed_countries_list) self.assertFalse('XX' in EmbargoedState.current().embargoed_countries_list)
def _embargoed_countries(self): """ Return the list of 2-letter country codes for embargoed countries. The result is cached within the scope of the response. Returns: list """ return EmbargoedState.current().embargoed_countries_list
def process_request(self, request): """ Processes embargo requests """ url = request.path course_id = course_id_from_url(url) course_is_embargoed = EmbargoedCourse.is_embargoed(course_id) # If they're trying to access a course that cares about embargoes if self.site_enabled or course_is_embargoed: response = redirect('embargo') # Set the proper response if site is enabled if self.site_enabled: redirect_url = getattr(settings, 'EMBARGO_SITE_REDIRECT_URL', None) response = HttpResponseRedirect(redirect_url) if redirect_url \ else HttpResponseForbidden('Access Denied') # If we're having performance issues, add caching here ip_addr = get_ip(request) # if blacklisted, immediately fail if ip_addr in IPFilter.current().blacklist_ips: if course_is_embargoed: msg = "Embargo: Restricting IP address %s to course %s because IP is blacklisted." % \ (ip_addr, course_id) else: msg = "Embargo: Restricting IP address %s because IP is blacklisted." % ip_addr log.info(msg) return response # ipv6 support if ip_addr.find(':') >= 0: country_code_from_ip = pygeoip.GeoIP( settings.GEOIPV6_PATH).country_code_by_addr(ip_addr) else: country_code_from_ip = pygeoip.GeoIP( settings.GEOIP_PATH).country_code_by_addr(ip_addr) is_embargoed = country_code_from_ip in EmbargoedState.current( ).embargoed_countries_list # Fail if country is embargoed and the ip address isn't explicitly # whitelisted if is_embargoed and ip_addr not in IPFilter.current( ).whitelist_ips: if course_is_embargoed: msg = "Embargo: Restricting IP address %s to course %s because IP is from country %s." % \ (ip_addr, course_id, country_code_from_ip) else: msg = "Embargo: Restricting IP address %s because IP is from country %s." % \ (ip_addr, country_code_from_ip) log.info(msg) return response
def process_request(self, request): """ Processes embargo requests """ url = request.path course_id = course_id_from_url(url) course_is_embargoed = EmbargoedCourse.is_embargoed(course_id) # If they're trying to access a course that cares about embargoes if self.site_enabled or course_is_embargoed: response = redirect("embargo") # Set the proper response if site is enabled if self.site_enabled: redirect_url = getattr(settings, "EMBARGO_SITE_REDIRECT_URL", None) response = ( HttpResponseRedirect(redirect_url) if redirect_url else HttpResponseForbidden("Access Denied") ) # If we're having performance issues, add caching here ip_addr = get_ip(request) # if blacklisted, immediately fail if ip_addr in IPFilter.current().blacklist_ips: if course_is_embargoed: msg = "Embargo: Restricting IP address %s to course %s because IP is blacklisted." % ( ip_addr, course_id, ) else: msg = "Embargo: Restricting IP address %s because IP is blacklisted." % ip_addr log.info(msg) return response country_code_from_ip = pygeoip.GeoIP(settings.GEOIP_PATH).country_code_by_addr(ip_addr) is_embargoed = country_code_from_ip in EmbargoedState.current().embargoed_countries_list # Fail if country is embargoed and the ip address isn't explicitly whitelisted if is_embargoed and ip_addr not in IPFilter.current().whitelist_ips: if course_is_embargoed: msg = "Embargo: Restricting IP address %s to course %s because IP is from country %s." % ( ip_addr, course_id, country_code_from_ip, ) else: msg = "Embargo: Restricting IP address %s because IP is from country %s." % ( ip_addr, country_code_from_ip, ) log.info(msg) return response