def test_it_returns_wrapped_view_function_response(self, pyramid_request,
testview):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response.body == b'OK'
def test_it_sets_cors_headers(self, pyramid_request, testview,
set_cors_headers):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert set_cors_headers.called
def test_it_returns_set_cors_headers_value(self, pyramid_request, testview,
set_cors_headers):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response == set_cors_headers.return_value
def test_it_calls_wrapped_view_for_preflight_request_when_disabled(
self, pyramid_request, testview):
cors_policy = policy(allow_preflight=False)
pyramid_request.request_method = 'OPTIONS'
cors_policy(testview)(None, pyramid_request)
assert testview.called
def test_it_calls_wrapped_view_for_preflight_request_when_disabled(self,
pyramid_request,
testview):
cors_policy = policy(allow_preflight=False)
pyramid_request.request_method = 'OPTIONS'
cors_policy(testview)(None, pyramid_request)
assert testview.called
def test_it_returns_set_cors_headers_value_for_preflight_request_when_enabled(
self, pyramid_request, testview, set_cors_headers):
cors_policy = policy(allow_preflight=True)
pyramid_request.method = 'OPTIONS'
pyramid_request.headers['Origin'] = 'https://example.org'
pyramid_request.headers['Access-Control-Request-Method'] = 'GET'
response = cors_policy(testview)(None, pyramid_request)
assert response == set_cors_headers.return_value
def test_it_skips_wrapped_view_for_preflight_request_when_enabled(
self, pyramid_request, testview):
cors_policy = policy(allow_preflight=True)
pyramid_request.method = 'OPTIONS'
pyramid_request.headers['Origin'] = 'https://example.org'
pyramid_request.headers['Access-Control-Request-Method'] = 'GET'
cors_policy(testview)(None, pyramid_request)
assert not testview.called
def test_it_returns_set_cors_headers_value_for_preflight_request_when_enabled(
self, pyramid_request, testview, set_cors_headers):
cors_policy = policy(allow_preflight=True)
pyramid_request.method = 'OPTIONS'
pyramid_request.headers['Origin'] = 'https://example.org'
pyramid_request.headers['Access-Control-Request-Method'] = 'GET'
response = cors_policy(testview)(None, pyramid_request)
assert response == set_cors_headers.return_value
def test_preflight_view_uses_cors_decorator(self, pyramid_config):
def view(request):
pass # noop
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
pyramid_config.add_view = mock.Mock()
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
(_, kwargs) = pyramid_config.add_view.call_args
assert kwargs['decorator'] == cors_policy
def test_it_skips_wrapped_view_for_preflight_request_when_enabled(self,
pyramid_request,
testview):
cors_policy = policy(allow_preflight=True)
pyramid_request.method = 'OPTIONS'
pyramid_request.headers['Origin'] = 'https://example.org'
pyramid_request.headers['Access-Control-Request-Method'] = 'GET'
cors_policy(testview)(None, pyramid_request)
assert not testview.called
def test_it_adds_one_preflight_view_per_route(self, pyramid_config):
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
pyramid_config.add_view = mock.Mock()
def view(request):
pass # noop
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
assert pyramid_config.add_view.call_count == 1
def test_preflight_view_uses_cors_decorator(self, pyramid_config):
def view(request):
pass # noop
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
pyramid_config.add_view = mock.Mock()
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
(_, kwargs) = pyramid_config.add_view.call_args
assert kwargs['decorator'] == cors_policy
def test_it_adds_one_preflight_view_per_route(self, pyramid_config):
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
pyramid_config.add_view = mock.Mock()
def view(request):
pass # noop
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
assert pyramid_config.add_view.call_count == 1
def test_it_adds_preflight_view(self, pyramid_config):
def view(request):
pass # noop
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
app = pyramid_config.make_wsgi_app()
headers = {'Origin': 'https://custom-client.herokuapp.com',
'Access-Control-Request-Method': 'POST'}
request = Request.blank('/api/thing', method='OPTIONS', headers=headers)
resp = request.get_response(app)
assert resp.status_code == 200
assert resp.body == b''
def test_it_adds_preflight_view(self, pyramid_config):
def view(request):
pass # noop
cors_policy = policy()
pyramid_config.add_route("api.read_thing", "/api/thing")
add_preflight_view(pyramid_config, "api.read_thing", cors_policy)
app = pyramid_config.make_wsgi_app()
headers = {
"Origin": "https://custom-client.herokuapp.com",
"Access-Control-Request-Method": "POST",
}
request = Request.blank("/api/thing",
method="OPTIONS",
headers=headers)
resp = request.get_response(app)
assert resp.status_code == 200
assert resp.body == b""
def test_it_adds_preflight_view(self, pyramid_config):
def view(request):
pass # noop
cors_policy = policy()
pyramid_config.add_route('api.read_thing', '/api/thing')
add_preflight_view(pyramid_config, 'api.read_thing', cors_policy)
app = pyramid_config.make_wsgi_app()
headers = {
'Origin': 'https://custom-client.herokuapp.com',
'Access-Control-Request-Method': 'POST'
}
request = Request.blank('/api/thing',
method='OPTIONS',
headers=headers)
resp = request.get_response(app)
assert resp.status_code == 200
assert resp.body == b''
from h.events import AnnotationEvent
from h.interfaces import IGroupService
from h.presenters import AnnotationJSONPresenter, AnnotationJSONLDPresenter
from h.resources import AnnotationResource
from h.schemas.annotation import CreateAnnotationSchema, UpdateAnnotationSchema
from h.util import cors
_ = i18n.TranslationStringFactory(__package__)
# FIXME: unify (or at least deduplicate) CORS policy between this file and
# `h.util.view`
cors_policy = cors.policy(
allow_headers=(
'Authorization',
'Content-Type',
'X-Annotator-Auth-Token',
'X-Client-Id',
),
allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE'),
allow_preflight=True)
def add_api_view(config, view, link_name=None, description=None, **settings):
"""
Add a view configuration for an API view.
This adds a new view using `config.add_view` with appropriate defaults for
API methods (JSON in & out, CORS support). Additionally if `link_name` is
specified it adds the view to the list of views returned by the `api.index`
route.
def test_it_calls_wrapped_view_function(self, pyramid_request, testview):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert testview.called
from h.util import cors
#: Decorator that adds CORS headers to API responses.
#:
#: This decorator enables web applications not running on the same domain as h
#: to make API requests and read the responses.
#:
#: For standard API views the decorator is automatically applied by the
#: ``api_config`` decorator.
#:
#: Exception views need to independently apply this policy because any response
#: headers set during standard request processing are discarded if an exception
#: occurs and an exception view is invoked to generate the response instead.
cors_policy = cors.policy(
allow_headers=("Authorization", "Content-Type", "X-Client-Id"),
allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"),
)
def add_api_view(config,
view,
link_name=None,
description=None,
enable_preflight=True,
**settings):
"""
Add a view configuration for an API view.
This adds a new view using `config.add_view` with appropriate defaults for
API methods (JSON in & out, CORS support). Additionally if `link_name` is
specified it adds the view to the list of views returned by the `api.index`
from __future__ import unicode_literals
import venusian
from h.util import cors
cors_policy = cors.policy(allow_headers=(
'Authorization',
'Content-Type',
'X-Client-Id',
),
allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT',
'DELETE'))
def add_api_view(config,
view,
link_name=None,
description=None,
enable_preflight=True,
**settings):
"""
Add a view configuration for an API view.
This adds a new view using `config.add_view` with appropriate defaults for
API methods (JSON in & out, CORS support). Additionally if `link_name` is
specified it adds the view to the list of views returned by the `api.index`
route.
:param config: The Pyramid `Configurator`
:param view: The view callable
:param link_name: Dotted path of the metadata for this route in the output
def test_it_calls_wrapped_view_function(self, pyramid_request, testview):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert testview.called
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from pyramid.view import view_config
from h.util import cors
cors_policy = cors.policy(
allow_headers=(
'Authorization',
'Content-Type',
),
allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE'),
allow_preflight=True)
def handle_exception(request):
"""Handle an uncaught exception for the passed request."""
request.response.status_int = 500
request.sentry.captureException()
# In debug mode we should just reraise, so that the exception is caught by
# the debug toolbar.
if request.debug:
raise
def json_view(**settings):
"""A view configuration decorator with JSON defaults."""
settings.setdefault('accept', 'application/json')
settings.setdefault('renderer', 'json')
def test_it_returns_wrapped_view_function_response(self, pyramid_request, testview):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response.body == 'OK'
def test_it_sets_cors_headers(self, pyramid_request, testview, set_cors_headers):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert set_cors_headers.called
def test_it_returns_set_cors_headers_value(self, pyramid_request, testview, set_cors_headers):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response == set_cors_headers.return_value
from h.events import AnnotationEvent
from h.interfaces import IGroupService
from h.presenters import AnnotationJSONPresenter, AnnotationJSONLDPresenter
from h.resources import AnnotationResource
from h.schemas.annotation import CreateAnnotationSchema, UpdateAnnotationSchema
from h.util import cors
_ = i18n.TranslationStringFactory(__package__)
# FIXME: unify (or at least deduplicate) CORS policy between this file and
# `h.util.view`
cors_policy = cors.policy(allow_headers=(
'Authorization',
'Content-Type',
'X-Annotator-Auth-Token',
'X-Client-Id',
),
allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT',
'DELETE'),
allow_preflight=True)
def add_api_view(config, view, link_name=None, description=None, **settings):
"""
Add a view configuration for an API view.
This adds a new view using `config.add_view` with appropriate defaults for
API methods (JSON in & out, CORS support). Additionally if `link_name` is
specified it adds the view to the list of views returned by the `api.index`
route.
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from pyramid.view import view_config
from h.util import cors
cors_policy = cors.policy(allow_headers=(
'Authorization',
'Content-Type',
),
allow_methods=('HEAD', 'GET', 'POST', 'PUT',
'DELETE'),
allow_preflight=True)
def handle_exception(request):
"""Handle an uncaught exception for the passed request."""
request.response.status_int = 500
request.sentry.captureException()
# In debug mode we should just reraise, so that the exception is caught by
# the debug toolbar.
if request.debug:
raise
def json_view(**settings):
"""A view configuration decorator with JSON defaults."""
settings.setdefault('accept', 'application/json')
settings.setdefault('renderer', 'json')
