def test_html(self):
transform = ProtectTransform(self.portal, self.request)
result = transform.transform([(
'<html>\n<body>'
'<form action="http://nohost/myaction" method="POST">'
'</form></body>\n</html>')], 'utf-8')
self.assertTrue(b'_authenticator' in result.serialize())
class TileProtectTransform(object):
"""Replacement transform for plone.protect's ProtectTransform, to drop
X-Tile-Url-header from unauthorized responses and disable the default
ProtectTransform for authorized responses (to avoid causing issues
like extra protect.js-injections for tile editors)
"""
order = 9000
def __init__(self, published, request):
self.published = published
self.request = request
try:
from plone.protect.auto import ProtectTransform
self.protect = ProtectTransform(published, request)
except ImportError:
self.protect = None
def transform(self, result, encoding):
from plone.protect import CheckAuthenticator
CheckAuthenticator(self.request)
return None
def transformBytes(self, result, encoding):
try:
return self.transform(result, encoding)
except Forbidden:
if 'x-tile-url' in self.request.response.headers:
del self.request.response.headers['x-tile-url']
if self.protect is not None:
return self.protect.transformBytes(result, encoding)
else:
return None
def transformUnicode(self, result, encoding):
try:
return self.transform(result, encoding)
except Forbidden:
if 'x-tile-url' in self.request.response.headers:
del self.request.response.headers['x-tile-url']
if self.protect is not None:
return self.protect.transformUnicode(result, encoding)
else:
return None
def transformIterable(self, result, encoding):
try:
return self.transform(result, encoding)
except Forbidden:
if 'x-tile-url' in self.request.response.headers:
del self.request.response.headers['x-tile-url']
if self.protect is not None:
return self.protect.transformIterable(result, encoding)
else:
return None
def __init__(self, published, request):
self.published = published
self.request = request
try:
from plone.protect.auto import ProtectTransform
self.protect = ProtectTransform(published, request)
except ImportError:
self.protect = None
def test_safe_write_empty_returns_true(self):
safeWrite(self.portal, self.request)
transform = ProtectTransform(self.portal, self.request)
transform._registered_objects = lambda: [self.portal]
self.assertTrue(transform._check())
def test_safe_write_empty_returns_false(self):
transform = ProtectTransform(self.portal, self.request)
transform._registered_objects = lambda: [self.portal]
self.assertRaises(Forbidden, transform._check)
def test_safe_write_empty_returns_true(self):
safeWrite(self.portal, self.request)
transform = ProtectTransform(self.portal, self.request)
transform._registered_objects = lambda: [self.portal]
self.assertTrue(transform._check())
def test_safe_write_empty_returns_false(self):
transform = ProtectTransform(self.portal, self.request)
transform._registered_objects = lambda: [self.portal]
self.assertRaises(Forbidden, transform._check)
def test_empty_no_error(self):
# empty pages (eg. tiles or ajax requests) should not lead to
# transform errors or warnings
transform = ProtectTransform(self.portal, self.request)
result = transform.transform(['\n'], 'utf-8')
self.assertEqual(result, None)
def test_html(self):
transform = ProtectTransform(self.portal, self.request)
result = transform.transform([(
'<html>\n<body><form action="http://nohost/myaction" method="POST">'
'</form></body>\n</html>')], 'utf-8')
self.failUnless('_authenticator' in result.serialize())
def test_empty_no_error(self):
# empty pages (eg. tiles or ajax requests) should not lead to
# transform errors or warnings
transform = ProtectTransform(self.portal, self.request)
result = transform.transform(['\n'], 'utf-8')
self.assertEqual(result, None)
