def update(self, request, workspace_id): user = get_user_authentication(request) content_type = request.META.get('CONTENT_TYPE', '') if content_type == None: content_type = '' if content_type.startswith('application/json'): received_json = request.raw_post_data else: received_json = PUT_parameter(request, 'variables') if not received_json: return HttpResponseBadRequest(get_xml_error(_("variables JSON expected")), mimetype='application/xml; charset=UTF-8') try: variables = simplejson.loads(received_json) igadgetVariables = variables['igadgetVars'] variables_to_notify = [] for igVar in igadgetVariables: variables_to_notify += set_variable_value(igVar['id'], user, igVar['value']) data = {'igadgetVars': variables_to_notify} return HttpResponse(json_encode(data), mimetype='application/json; charset=UTF-8') except Exception, e: transaction.rollback() msg = _("cannot update variables: ") + unicode(e) raise TracedServerError(e, received_json, request, msg)
def test_secure_data_using_cookies(self): set_variable_value(1, self.user, 'test_password') self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password') client = Client() client.login(username='******', password='******') EZWEB_PROXY._do_request.reset() EZWEB_PROXY._do_request.set_echo_response('http://example.com/path') pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=|username|&password=|password|') # Secure data header with empty parameters secure_data_header = 'action=basic_auth, user_ref=, pass_ref=' client.cookies['X-EzWeb-Secure-Data'] = secure_data_header response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost') self.assertEquals(response.status_code, 200)
def test_secure_data(self): set_variable_value(1, self.user, 'test_password') self.assertTrue(VariableValue.objects.get(pk=1).value != 'test_password') client = Client() client.login(username='******', password='******') EZWEB_PROXY._do_request.reset() EZWEB_PROXY._do_request.set_echo_response('http://example.com/path') pass_ref = '1/password' user_ref = '1/username' secure_data_header = 'action=data, substr=|password|, var_ref=' + pass_ref secure_data_header += '&action=data, substr=|username|, var_ref=' + user_ref response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=test_username&password=test_password') secure_data_header = 'action=basic_auth, user_ref=' + user_ref + ', pass_ref=' + pass_ref response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=|username|&password=|password|') # Secure data header using constants EZWEB_PROXY._do_request.reset() EZWEB_PROXY._do_request.set_echo_response('http://example.com/path') secure_data_header = 'action=data, substr=|password|, var_ref=c/test_password' secure_data_header += '&action=data, substr=|username|, var_ref=c/test_username' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=test_username&password=test_password') # Secure data header using encoding=url EZWEB_PROXY._do_request.reset() EZWEB_PROXY._do_request.set_echo_response('http://example.com/path') secure_data_header = 'action=data, substr=|password|, var_ref=c%2Fa%3D%2C%20z , encoding=url' secure_data_header += '&action=data, substr=|username|, var_ref=c%2Fa%3D%2C%20z' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEquals(response.status_code, 200) self.assertEquals(response.content, 'username=a=, z&password=a%3D%2C%20z') # Secure data header with empty parameters secure_data_header = 'action=basic_auth, user_ref=, pass_ref=' response = client.post('/proxy/http/example.com/path', 'username=|username|&password=|password|', content_type='application/x-www-form-urlencoded', HTTP_HOST='localhost', HTTP_REFERER='http://localhost', HTTP_X_EZWEB_SECURE_DATA=secure_data_header) self.assertEquals(response.status_code, 422)