def test_missing_session(self): # test check for request is None context = {'request': None} notification = hijack_notification(context) self.assertEqual(notification, '') self.assertFalse(is_hijacked(context['request'])) # test check for missing request.sesssion property factory = RequestFactory() request = factory.get('/') context = {'request': request} notification = hijack_notification(context) self.assertEqual(notification, '') self.assertFalse(is_hijacked(context['request'])) # test check for request.sesssion == None request.session = None notification = hijack_notification(context) self.assertEqual(notification, '') self.assertFalse(is_hijacked(context['request'])) # test all good request.session = { 'is_hijacked_user': True, 'display_hijack_warning': True } notification = hijack_notification(context) self.assertTrue(notification != '') self.assertTrue(is_hijacked(context['request'])) # bring it all together: empty MIDDLEWARE ensures request.session is not set # and hijack_notification and is_hijacked will be invoked from hello template with SettingsOverride(settings, MIDDLEWARE=()): response = self.client.get('/hello/') self.assertEqual(response.status_code, 200)
def __call__(self, request): if request.path.startswith(get_script_prefix() + 'control' ) and request.user.is_authenticated: if is_hijacked(request): hijack_history = request.session.get('hijack_history', False) hijacker = get_object_or_404(User, pk=hijack_history[0]) ss = hijacker.get_active_staff_session( request.session.get('hijacker_session')) if ss: ss.logs.create(url=request.path, method=request.method, impersonating=request.user) else: ss = request.user.get_active_staff_session( request.session.session_key) if ss: ss.logs.create(url=request.path, method=request.method) response = self.get_response(request) return response
def __call__(self, request): if request.path.startswith(get_script_prefix() + 'control') and request.user.is_authenticated: if is_hijacked(request): hijack_history = request.session.get('hijack_history', False) hijacker = get_object_or_404(User, pk=hijack_history[0]) ss = hijacker.get_active_staff_session(request.session.get('hijacker_session')) if ss: ss.logs.create( url=request.path, method=request.method, impersonating=request.user ) else: ss = request.user.get_active_staff_session(request.session.session_key) if ss: ss.logs.create( url=request.path, method=request.method ) response = self.get_response(request) return response