예제 #1
0
 def setUp(self):
     self.factory = RequestFactory()
     self.request = self.factory.get('/')
     # spoof the Auth and Session middleware
     self.request.user = User()
     self.request.session = {}
     self.middleware = PerimeterAccessMiddleware()
예제 #2
0
class PerimeterMiddlewareTests(TestCase):

    def setUp(self):
        self.factory = RequestFactory()
        self.request = self.factory.get('/')
        # spoof the Auth and Session middleware
        self.request.user = User()
        self.request.session = {}
        self.middleware = PerimeterAccessMiddleware()

    def _assertRedirectsToGateway(self, request):
        # NB assertRedirects doesn't work!
        resp = self.middleware.process_request(request)
        self.assertEqual(resp.status_code, 302)
        # use a resolver to strip off any quesrystring params
        resolver = resolve(resp.url)
        self.assertEqual(resolver.url_name, 'gateway')
        self.assertEqual(resolver.namespace, 'perimeter')

    def test_bypass_perimeter(self):
        """Perimeter login urls excluded."""
        request = self.factory.get('/')
        self.assertFalse(bypass_perimeter(request))
        request = self.factory.get(reverse('perimeter:gateway'))
        self.assertTrue(bypass_perimeter(request))

    def test_get_request_token(self):
        at = AccessToken.objects.create_access_token()
        self.request.session[PERIMETER_SESSION_KEY] = at.token
        self.assertEqual(get_request_token(self.request), at)

    def test_get_request_token_empty(self):
        token = get_request_token(self.request)
        self.assertTrue(type(token) == EmptyToken)

    @override_settings(PERIMETER_ENABLED=False)
    def test_disabled(self):
        """Check the PERIMETER_ENABLED setting is honoured."""
        self.assertRaises(
            MiddlewareNotUsed,
            PerimeterAccessMiddleware  # runs __init__()
        )

    def test_missing_session(self):
        """Missing request.session should raise AssertionError."""
        del self.request.session
        self.assertRaises(
            AssertionError,
            get_request_token,
            self.request
        )

    def test_missing_token(self):
        """AnonymousUser without a token should be denied."""
        self.request.user = AnonymousUser()
        self._assertRedirectsToGateway(self.request)

    def test_invalid_token(self):
        self.request.user = AnonymousUser()
        self.request.session['token'] = "foobar"
        self._assertRedirectsToGateway(self.request)

    def test_valid_token(self):
        """AnonymousUser with a valid session token should pass through."""
        at = AccessToken(token="foobar").save()
        self.request.user = AnonymousUser()
        self.request.session['token'] = "foobar"
        self._assertRedirectsToGateway(self.request)