def wrapped(self, request, *args, **kwargs):
if not has_sudo_privileges(request):
# TODO(dcramer): support some kind of auth flow to allow this
# externally
data = {"error": "Account verification required.", "sudoRequired": True, "username": request.user.username}
return HttpResponse(json.dumps(data), status=401)
return func(self, request, *args, **kwargs)
def test_cookie_bad_signature(self):
self.login()
def get_signed_cookie(key, salt='', max_age=None):
raise BadSignature
self.request.session[COOKIE_NAME] = 'abc123'
self.assertFalse(has_sudo_privileges(self.request))
def test_cookie_and_token_mismatch(self):
self.login()
def get_signed_cookie(key, salt='', max_age=None):
return 'nope'
self.request.session[COOKIE_NAME] = 'abc123'
self.assertFalse(has_sudo_privileges(self.request))
def test_cookie_and_token_mismatch(self):
self.login()
def get_signed_cookie(key, salt='', max_age=None):
return 'nope'
self.request.session[COOKIE_NAME] = 'abc123'
self.assertFalse(has_sudo_privileges(self.request))
def test_cookie_bad_signature(self):
self.login()
def get_signed_cookie(key, salt="", max_age=None):
raise BadSignature
self.request.session[COOKIE_NAME] = "abc123"
self.assertFalse(has_sudo_privileges(self.request))
def test_cookie_and_token_match(self):
self.login()
def get_signed_cookie(key, salt="", max_age=None):
return "abc123"
self.request.session[COOKIE_NAME] = "abc123"
self.request.get_signed_cookie = get_signed_cookie
self.assertTrue(has_sudo_privileges(self.request))
def test_cookie_and_token_match(self):
self.login()
def get_signed_cookie(key, salt="", max_age=None):
return "abc123"
self.request.session[COOKIE_NAME] = "abc123"
self.request.get_signed_cookie = get_signed_cookie
self.assertTrue(has_sudo_privileges(self.request))
def test_revoked(self):
self.login()
grant_sudo_privileges(self.request)
revoke_sudo_privileges(self.request)
self.assertFalse(has_sudo_privileges(self.request))
def test_user_logged_out(self):
self.login()
grant_sudo_privileges(self.request)
self.assertTrue(has_sudo_privileges(self.request))
user_logged_out.send_robust(sender=User, request=self.request)
self.assertFalse(has_sudo_privileges(self.request))
def test_untouched(self):
self.assertFalse(has_sudo_privileges(self.request))
def test_granted(self):
self.login()
grant_sudo_privileges(self.request)
self.assertTrue(has_sudo_privileges(self.request))
def test_untouched(self):
self.assertFalse(has_sudo_privileges(self.request))
def test_missing_keys(self):
self.login()
self.assertFalse(has_sudo_privileges(self.request))
def has_sudo_privileges(self, request):
# Override me to alter behavior
return has_sudo_privileges(request)
def has_sudo_privileges(self, request):
# Override me to alter behavior
return has_sudo_privileges(request)
def test_grant(self):
self.login()
grant(User, self.request)
self.assertTrue(has_sudo_privileges(self.request))
def test_cookie_and_token_mismatch(self):
self.login()
self.request.COOKIES[COOKIE_NAME] = 'nope'
self.request.session[COOKIE_NAME] = 'abc123'
self.assertFalse(has_sudo_privileges(self.request))
def test_user_logged_in(self):
self.login()
user_logged_in.send_robust(sender=User, request=self.request)
self.assertTrue(has_sudo_privileges(self.request))
def test_revoke(self):
self.login()
grant(User, self.request)
revoke(User, self.request)
self.assertFalse(has_sudo_privileges(self.request))
def test_missing_keys(self):
self.login()
self.assertFalse(has_sudo_privileges(self.request))