def test_apikey_and_authentication_enforce_user(self):
session_auth = SessionAuthentication()
api_key_auth = ApiKeyAuthentication()
auth = MultiAuthentication(api_key_auth, session_auth)
john_doe = User.objects.get(username="******")
request1 = HttpRequest()
request2 = HttpRequest()
request3 = HttpRequest()
request1.method = "POST"
request1.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"}
request1.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"}
request1.user = john_doe
request2.POST["username"] = "******"
request2.POST["api_key"] = "invalid key"
request3.method = "POST"
request3.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"}
request3.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"}
request3.user = john_doe
request3.POST["username"] = "******"
request3.POST["api_key"] = "invalid key"
# session auth should pass if since john_doe is logged in
self.assertEqual(session_auth.is_authenticated(request1), True)
# api key auth should fail because of invalid api key
self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True)
# multi auth shouldn't change users if api key auth fails
# multi auth passes since session auth is valid
self.assertEqual(request3.user.username, "johndoe")
self.assertEqual(auth.is_authenticated(request3), True)
self.assertEqual(request3.user.username, "johndoe")
def test_is_authenticated(self):
auth = SessionAuthentication()
request = HttpRequest()
request.method = 'POST'
request.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
# No CSRF token.
request.META = {}
self.assertFalse(auth.is_authenticated(request))
# Invalid CSRF token.
request.META = {
'HTTP_X_CSRFTOKEN': 'abc123'
}
self.assertFalse(auth.is_authenticated(request))
# Not logged in.
request.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request.user = AnonymousUser()
self.assertFalse(auth.is_authenticated(request))
# Logged in.
request.user = User.objects.get(username='******')
self.assertTrue(auth.is_authenticated(request))
# Logged in (with GET & no token).
request.method = 'GET'
request.META = {}
request.user = User.objects.get(username='******')
self.assertTrue(auth.is_authenticated(request))
# Secure & wrong referrer.
class SecureRequest(HttpRequest):
def _get_scheme(self):
return 'https'
request = SecureRequest()
request.method = 'POST'
request.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request.META['HTTP_HOST'] = 'example.com'
request.META['HTTP_REFERER'] = ''
request.user = User.objects.get(username='******')
self.assertFalse(auth.is_authenticated(request))
# Secure & correct referrer.
request.META['HTTP_REFERER'] = 'https://example.com/'
self.assertTrue(auth.is_authenticated(request))
def test_is_authenticated(self):
auth = SessionAuthentication()
request = HttpRequest()
request.method = 'POST'
request.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
# No CSRF token.
request.META = {}
self.assertFalse(auth.is_authenticated(request))
# Invalid CSRF token.
request.META = {
'HTTP_X_CSRFTOKEN': 'abc123'
}
self.assertFalse(auth.is_authenticated(request))
# Not logged in.
request.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request.user = AnonymousUser()
self.assertFalse(auth.is_authenticated(request))
# Logged in.
request.user = User.objects.get(username='******')
self.assertTrue(auth.is_authenticated(request))
# Logged in (with GET & no token).
request.method = 'GET'
request.META = {}
request.user = User.objects.get(username='******')
self.assertTrue(auth.is_authenticated(request))
# Secure & wrong referrer.
class SecureRequest(HttpRequest):
def _get_scheme(self):
return 'https'
request = SecureRequest()
request.method = 'POST'
request.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request.META['HTTP_HOST'] = 'example.com'
request.META['HTTP_REFERER'] = ''
request.user = User.objects.get(username='******')
self.assertFalse(auth.is_authenticated(request))
# Secure & correct referrer.
request.META['HTTP_REFERER'] = 'https://example.com/'
self.assertTrue(auth.is_authenticated(request))
def build_request(get_query=None,
post_query=None,
session={},
cookies={},
ip_address=None):
"""
Returns request object with useful attributes
"""
from django.http import HttpRequest, QueryDict
from django.contrib.auth.middleware import LazyUser
request = HttpRequest()
# GET and POST
if get_query:
request.GET = QueryDict(get_query)
if post_query:
request.POST = QueryDict(post_query)
# Session and cookies
request.session = SessionWrapper(session)
request.session.session_key = 'XXX'
request.COOKIES = cookies
# User
request.__class__.user = LazyUser()
# Meta
request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0'
return request
def test_request_view(self):
# Fill DB with random requests
for req in range(10):
request = HttpRequest()
request.method = random.sample([u'POST', u'GET'], 1)[0]
request.path = random.sample([u'/requests/',
u'/edit/',
u'/admin/'], 1)[0]
request.user = AnonymousUser()
request.POST = QueryDict(u'k_post=v_post')
request.COOKIES = QueryDict(u'k_coo=v_coo')
request.META['HTTP_ACCEPT_LANGUAGE'] = u'en'
request.META['HTTP_HOST'] = get_random_ip()
request.META['HTTP_REFERER'] = u''
request.META['HTTP_USER_AGENT'] = u''
request.META['QUERY_STRING'] = u'&t=1'
request.META['REMOTE_ADDR'] = get_random_ip()
request.META['REMOTE_USER'] = u''
request.META['REQUEST_METHOD'] = request.method
request.META['SERVER_NAME'] = u'localhost'
request.META['SERVER_PORT'] = u'80'
response = HttpResponse()
response.status_code = random.sample(
[200, 302, 404, 500], 1)[0]
middleware = RequestMiddleware()
resp = middleware.process_response(request, response)
self.assertEquals(response, resp)
self.check_request_view()
self.add_priorities()
self.check_request_view()
def build_http_request(self):
request = HttpRequest()
query_string = self.scope.get("query_string", "")
if isinstance(query_string, bytes):
query_string = query_string.decode("utf-8")
request.method = "GET"
request.path_info = self.scope["path"]
request.GET = QueryDict(query_string=query_string)
for name, value in self.scope.get("headers", []):
name = name.decode("latin1")
if name == "content-length":
corrected_name = "CONTENT_LENGTH"
elif name == "content-type":
corrected_name = "CONTENT_TYPE"
else:
corrected_name = "HTTP_%s" % name.upper().replace("-", "_")
# HTTPbis say only ASCII chars are allowed in headers, but we latin1 just in case
value = value.decode("latin1")
if corrected_name in request.META:
value = request.META[corrected_name] + "," + value
request.META[corrected_name] = value
if self.scope.get("client", None):
request.META["REMOTE_ADDR"] = self.scope["client"][0]
request.META["REMOTE_HOST"] = request.META["REMOTE_ADDR"]
request.META["REMOTE_PORT"] = self.scope["client"][1]
if self.scope.get("server", None):
request.META["SERVER_NAME"] = self.scope["server"][0]
request.META["SERVER_PORT"] = str(self.scope["server"][1])
else:
request.META["SERVER_NAME"] = "unknown"
request.META["SERVER_PORT"] = "0"
request.META["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
request.COOKIES = http.parse_cookie(request.META.get("HTTP_COOKIE", ""))
return request
def test_httprequest_repr(self):
request = HttpRequest()
request.path = "/somepath/"
request.GET = {"get-key": "get-value"}
request.POST = {"post-key": "post-value"}
request.COOKIES = {"post-key": "post-value"}
request.META = {"post-key": "post-value"}
self.assertEqual(
repr(request),
str_prefix(
"<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>"
),
)
self.assertEqual(build_request_repr(request), repr(request))
self.assertEqual(
build_request_repr(
request,
path_override="/otherpath/",
GET_override={"a": "b"},
POST_override={"c": "d"},
COOKIES_override={"e": "f"},
META_override={"g": "h"},
),
str_prefix(
"<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>"
),
)
def test_httprequest_repr(self):
request = HttpRequest()
request.path = '/somepath/'
request.method = 'GET'
request.GET = {'get-key': 'get-value'}
request.POST = {'post-key': 'post-value'}
request.COOKIES = {'post-key': 'post-value'}
request.META = {'post-key': 'post-value'}
self.assertEqual(repr(request),
str_prefix("<HttpRequest: GET '/somepath/'>"))
self.assertEqual(
build_request_repr(request),
str_prefix(
"<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>"
))
self.assertEqual(
build_request_repr(request,
path_override='/otherpath/',
GET_override={'a': 'b'},
POST_override={'c': 'd'},
COOKIES_override={'e': 'f'},
META_override={'g': 'h'}),
str_prefix(
"<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>"
))
def test_vary(self):
"""
Ensure caching works even when cookies are present and `Vary: Cookie` is on.
"""
request = HttpRequest()
request.method = 'GET'
request.COOKIES = {'test': 'foo'}
request.META['HTTP_COOKIE'] = 'test=foo'
response = HttpResponse()
patch_vary_headers(response, ['Cookie'])
response.set_cookie('test', 'foo')
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
cache_hit = FetchFromCacheMiddleware().process_request(request)
self.assertEqual(cache_hit, None)
response = PatchedVaryUpdateCacheMiddleware().process_response(request, response)
cache_hit = FetchFromCacheMiddleware().process_request(request)
self.assertTrue(isinstance(cache_hit, HttpResponse))
new_request = HttpRequest()
new_request.method = 'GET'
# note: not using cookies here. this demonstrates that cookies don't
# affect the cache key
cache_hit = FetchFromCacheMiddleware().process_request(new_request)
self.assertTrue(isinstance(cache_hit, HttpResponse))
def test_force_switch(self):
"""
If enabled, you can force a switch to be a specific value.
"""
# Request params
OVERRIDE = ("__switcher_force=i.am.enabled:False&" +
"__switcher_force=i.am.disabled:True")
request = HttpRequest()
request.GET = QueryDict(OVERRIDE)
# Not testing POST
request.REQUEST = request.GET
with override_settings(SWITCHER_ALLOW_FORCE=False):
self.assertIs(switch_is_enabled("i.am.enabled", request), True)
self.assertIs(switch_is_enabled("i.am.disabled", request), False)
with override_settings(SWITCHER_ALLOW_FORCE=True):
self.assertIs(switch_is_enabled("i.am.enabled", request), False)
self.assertIs(switch_is_enabled("i.am.disabled", request), True)
# Cookies
request = HttpRequest()
request.COOKIES = {
'__switcher_force_i.am.enabled': 'False',
'__switcher_force_i.am.disabled': 'True'
}
with override_settings(SWITCHER_ALLOW_FORCE=False):
self.assertIs(switch_is_enabled("i.am.enabled", request), True)
self.assertIs(switch_is_enabled("i.am.disabled", request), False)
with override_settings(SWITCHER_ALLOW_FORCE=True):
self.assertIs(switch_is_enabled("i.am.enabled", request), False)
self.assertIs(switch_is_enabled("i.am.disabled", request), True)
def decode_request(value):
"""
Decodes a request JSONish value to a HttpRequest object.
"""
request = HttpRequest()
request.GET = CustomQueryDict(value['get'])
request.POST = CustomQueryDict(value['post'])
request.COOKIES = value['cookies']
request.path = value['path']
request.method = value['method']
request.reply_channel = value['reply_channel']
# Channels requests are more high-level than the dumping ground that is
# META; re-combine back into it
request.META = {
"REQUEST_METHOD": value["method"],
"SERVER_NAME": value["server"][0],
"SERVER_PORT": value["server"][1],
"REMOTE_ADDR": value["client"][0],
"REMOTE_HOST": value["client"][0], # Not the DNS name, hopefully fine.
}
for header, header_value in value.get("headers", {}).items():
request.META["HTTP_%s" % header.upper()] = header_value
# We don't support non-/ script roots
request.path_info = value['path']
return request
def test_vary_with_original_update_cache_middleware(self):
"""
Mainly to demonstrate the need to remove the Vary: Cookie header
during caching. Same basic test as test_vary() but with django's
UpdateCacheMiddleware instead of PatchedVaryUpdateCacheMiddleware.
This does not get a cache hit if the cookies are not the same.
"""
request = HttpRequest()
request.method = 'GET'
request.COOKIES = {'test': 'foo'}
request.META['HTTP_COOKIE'] = 'test=foo'
response = HttpResponse()
patch_vary_headers(response, ['Cookie'])
response.set_cookie('test', 'foo')
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
cache_hit = FetchFromCacheMiddleware().process_request(request)
self.assertEqual(cache_hit, None)
response = UpdateCacheMiddleware().process_response(request, response)
cache_hit = FetchFromCacheMiddleware().process_request(request)
self.assertTrue(isinstance(cache_hit, HttpResponse))
new_request = HttpRequest()
new_request.method = 'GET'
# note: not using cookies here. this demonstrates that cookies don't
# affect the cache key
cache_hit = FetchFromCacheMiddleware().process_request(new_request)
self.assertEqual(cache_hit, None)
def test_is_authenticated(self):
auth = SessionAuthentication()
request = HttpRequest()
request.method = "POST"
request.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"}
# No CSRF token.
request.META = {}
self.assertFalse(auth.is_authenticated(request))
# Invalid CSRF token.
request.META = {"HTTP_X_CSRFTOKEN": "abc123"}
self.assertFalse(auth.is_authenticated(request))
# Not logged in.
request.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"}
request.user = AnonymousUser()
self.assertFalse(auth.is_authenticated(request))
# Logged in.
request.user = User.objects.get(username="******")
self.assertEqual(auth.is_authenticated(request), True)
# Logged in (with GET & no token).
request.method = "GET"
request.META = {}
request.user = User.objects.get(username="******")
self.assertEqual(auth.is_authenticated(request), True)
# Secure & wrong referrer.
class SecureRequest(HttpRequest):
def _get_scheme(self):
return "https"
request = SecureRequest()
request.method = "POST"
request.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"}
request.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"}
request.META["HTTP_HOST"] = "example.com"
request.META["HTTP_REFERER"] = ""
request.user = User.objects.get(username="******")
self.assertFalse(auth.is_authenticated(request))
# Secure & correct referrer.
request.META["HTTP_REFERER"] = "https://example.com/"
self.assertEqual(auth.is_authenticated(request), True)
def test_httprequest_repr(self):
request = HttpRequest()
request.path = "/somepath/"
request.method = "GET"
request.GET = {"get-key": "get-value"}
request.POST = {"post-key": "post-value"}
request.COOKIES = {"post-key": "post-value"}
request.META = {"post-key": "post-value"}
self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_httprequest_repr(self):
request = HttpRequest()
request.path = '/somepath/'
request.method = 'GET'
request.GET = {'get-key': 'get-value'}
request.POST = {'post-key': 'post-value'}
request.COOKIES = {'post-key': 'post-value'}
request.META = {'post-key': 'post-value'}
self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_httprequest_repr(self):
request = HttpRequest()
request.path = "/somepath/"
request.method = "GET"
request.GET = {"get-key": "get-value"}
request.POST = {"post-key": "post-value"}
request.COOKIES = {"post-key": "post-value"}
request.META = {"post-key": "post-value"}
self.assertEqual(repr(request), str_prefix("<HttpRequest: GET '/somepath/'>"))
def test_httprequest_repr(self):
request = HttpRequest()
request.path = '/somepath/'
request.method = 'GET'
request.GET = {'get-key': 'get-value'}
request.POST = {'post-key': 'post-value'}
request.COOKIES = {'post-key': 'post-value'}
request.META = {'post-key': 'post-value'}
self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_apikey_and_authentication_enforce_user(self):
session_auth = SessionAuthentication()
api_key_auth = ApiKeyAuthentication()
auth = MultiAuthentication(api_key_auth, session_auth)
john_doe = User.objects.get(username='******')
request1 = HttpRequest()
request2 = HttpRequest()
request3 = HttpRequest()
request1.method = 'POST'
request1.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request1.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request1.user = john_doe
request2.POST['username'] = '******'
request2.POST['api_key'] = 'invalid key'
request3.method = 'POST'
request3.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request3.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request3.user = john_doe
request3.POST['username'] = '******'
request3.POST['api_key'] = 'invalid key'
# session auth should pass if since john_doe is logged in
self.assertTrue(session_auth.is_authenticated(request1))
# api key auth should fail because of invalid api key
self.assertEqual(
isinstance(api_key_auth.is_authenticated(request2),
HttpUnauthorized), True)
# multi auth shouldn't change users if api key auth fails
# multi auth passes since session auth is valid
self.assertEqual(request3.user.username, 'johndoe')
self.assertTrue(auth.is_authenticated(request3))
self.assertEqual(request3.user.username, 'johndoe')
def build_request(user_agent='', cookies={}):
"""
Returns request object with useful attributes
"""
request = HttpRequest()
# Session and cookies
request.session = {}
request.COOKIES = cookies
request.META['HTTP_USER_AGENT'] = user_agent
return request
def build_request(user_agent="", cookies={}):
"""
Returns request object with useful attributes
"""
request = HttpRequest()
# Session and cookies
request.session = {}
request.COOKIES = cookies
request.META["HTTP_USER_AGENT"] = user_agent
return request
def test_apikey_and_authentication_enforce_user(self):
session_auth = SessionAuthentication()
api_key_auth = ApiKeyAuthentication()
auth = MultiAuthentication(api_key_auth, session_auth)
john_doe = User.objects.get(username='******')
request1 = HttpRequest()
request2 = HttpRequest()
request3 = HttpRequest()
request1.method = 'POST'
request1.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request1.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request1.user = john_doe
request2.POST['username'] = '******'
request2.POST['api_key'] = 'invalid key'
request3.method = 'POST'
request3.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request3.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request3.user = john_doe
request3.POST['username'] = '******'
request3.POST['api_key'] = 'invalid key'
#session auth should pass if since john_doe is logged in
self.assertTrue(session_auth.is_authenticated(request1))
#api key auth should fail because of invalid api key
self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True)
#multi auth shouldn't change users if api key auth fails
#multi auth passes since session auth is valid
self.assertEqual(request3.user.username, 'johndoe')
self.assertTrue(auth.is_authenticated(request3))
self.assertEqual(request3.user.username, 'johndoe')
def test_httprequest_repr(self):
request = HttpRequest()
request.path = u'/somepath/'
request.GET = {u'get-key': u'get-value'}
request.POST = {u'post-key': u'post-value'}
request.COOKIES = {u'post-key': u'post-value'}
request.META = {u'post-key': u'post-value'}
self.assertEqual(repr(request), u"<HttpRequest\npath:/somepath/,\nGET:{u'get-key': u'get-value'},\nPOST:{u'post-key': u'post-value'},\nCOOKIES:{u'post-key': u'post-value'},\nMETA:{u'post-key': u'post-value'}>")
self.assertEqual(build_request_repr(request), repr(request))
self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={u'a': u'b'}, POST_override={u'c': u'd'}, COOKIES_override={u'e': u'f'}, META_override={u'g': u'h'}),
u"<HttpRequest\npath:/otherpath/,\nGET:{u'a': u'b'},\nPOST:{u'c': u'd'},\nCOOKIES:{u'e': u'f'},\nMETA:{u'g': u'h'}>")
def test_httprequest_repr(self):
request = HttpRequest()
request.path = '/somepath/'
request.GET = {'get-key': 'get-value'}
request.POST = {'post-key': 'post-value'}
request.COOKIES = {'post-key': 'post-value'}
request.META = {'post-key': 'post-value'}
self.assertEqual(repr(request), str_prefix("<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>"))
self.assertEqual(build_request_repr(request), repr(request))
self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={'a': 'b'}, POST_override={'c': 'd'}, COOKIES_override={'e': 'f'}, META_override={'g': 'h'}),
str_prefix("<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>"))
def test_httprequest_repr(self):
request = HttpRequest()
request.path = u'/somepath/'
request.GET = {u'get-key': u'get-value'}
request.POST = {u'post-key': u'post-value'}
request.COOKIES = {u'post-key': u'post-value'}
request.META = {u'post-key': u'post-value'}
self.assertEqual(repr(request), u"<HttpRequest\npath:/somepath/,\nGET:{u'get-key': u'get-value'},\nPOST:{u'post-key': u'post-value'},\nCOOKIES:{u'post-key': u'post-value'},\nMETA:{u'post-key': u'post-value'}>")
self.assertEqual(build_request_repr(request), repr(request))
self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={u'a': u'b'}, POST_override={u'c': u'd'}, COOKIES_override={u'e': u'f'}, META_override={u'g': u'h'}),
u"<HttpRequest\npath:/otherpath/,\nGET:{u'a': u'b'},\nPOST:{u'c': u'd'},\nCOOKIES:{u'e': u'f'},\nMETA:{u'g': u'h'}>")
def get_http_request(aiohttp_request):
"""Build a Django request from a aiohttp request: required to get sessions and topics.
:param aiohttp_request: websocket request provided
:type aiohttp_request: :class:`Request`
"""
assert isinstance(aiohttp_request, Request)
django_request = HttpRequest()
django_request.GET = aiohttp_request.rel_url.query
django_request.COOKIES = aiohttp_request.cookies
django_request.session = None
django_request.user = None
return django_request
def get_http_request(aiohttp_request):
"""Build a Django request from a aiohttp request: required to get sessions and topics.
:param aiohttp_request: websocket request provided
:type aiohttp_request: :class:`Request`
"""
assert isinstance(aiohttp_request, Request)
django_request = HttpRequest()
django_request.GET = aiohttp_request.rel_url.query
django_request.COOKIES = aiohttp_request.cookies
django_request.session = None
django_request.user = None
return django_request
def test_js_force_switch(self):
# Force the existing switches to different values, and non-existent
# (but with default value) switches non-default values
defaults = {
"auto.enabled": {
"description": "foo",
"enabled": 1
},
"auto.disabled": {
"description": "bar",
"enabled": 0
}
}
# Query params
OVERRIDE = ("__switcher_force=i.am.enabled:False&" +
"__switcher_force=i.am.disabled:True&" +
"__switcher_force=auto.enabled:False&" +
"__switcher_force=auto.disabled:True")
request = HttpRequest()
request.GET = QueryDict(OVERRIDE)
# Not testing POST
request.REQUEST = request.GET
expected = (u'<script type="text/javascript">Modernizr' +
u".addTest('i_am_enabled', false)" +
u".addTest('i_am_disabled', true)" +
u".addTest('auto_enabled', false)" +
u".addTest('auto_disabled', true);" +
u"</script>\n")
with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True):
t = Template("{% load switcher_tags %}{% switcher_js request %}")
c = RequestContext(request, processors=(request_processor,))
result = t.render(c)
self.assertEqual(expected, result)
# Cookies
request = HttpRequest()
request.COOKIES = {
'__switcher_force_i.am.enabled': 'False',
'__switcher_force_i.am.disabled': 'True',
'__switcher_force_auto.enabled': 'False',
'__switcher_force_auto.disabled': 'True'
}
with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True):
t = Template("{% load switcher_tags %}{% switcher_js request %}")
c = RequestContext(request, processors=(request_processor,))
result = t.render(c)
self.assertEqual(expected, result)
def decode_request(value):
"""
Decodes a request JSONish value to a HttpRequest object.
"""
request = HttpRequest()
request.GET = MultiValueDict(value['GET'])
request.POST = MultiValueDict(value['POST'])
request.COOKIES = value['COOKIES']
request.META = value['META']
request.path = value['path']
request.method = value['method']
request.path_info = value['path_info']
request.response_channel = value['response_channel']
return request
def call_view(self, action: str, **kwargs):
request = HttpRequest()
request.path = self.scope.get("path")
request.session = self.scope.get("session", None)
request.META["HTTP_CONTENT_TYPE"] = "application/json"
request.META["HTTP_ACCEPT"] = "application/json"
for (header_name, value) in self.scope.get("headers", []):
request.META[header_name.decode("utf-8")] = value.decode("utf-8")
args, view_kwargs = self.get_view_args(action=action, **kwargs)
request.method = self.actions[action]
request.POST = json.dumps(kwargs.get("data", {}))
if self.scope.get("cookies"):
request.COOKIES = self.scope.get("cookies")
for key, value in kwargs.get("query", {}).items():
if isinstance(value, list):
request.GET.setlist(key, value)
else:
request.GET[key] = value
view = getattr(self.__class__, "view")
response = view(request, *args, **view_kwargs)
status = response.status_code
if isinstance(response, Response):
data = response.data
try:
# check if we can json encode it!
# there must be a better way fo doing this?
json.dumps(data)
return data, status
except Exception as e:
pass
if isinstance(response, SimpleTemplateResponse):
response.render()
response_content = response.content
if isinstance(response_content, bytes):
try:
response_content = response_content.decode("utf-8")
except Exception as e:
response_content = response_content.hex()
return response_content, status
def decode_request(value):
"""
Decodes a request JSONish value to a HttpRequest object.
"""
request = HttpRequest()
request.GET = CustomQueryDict(value['get'])
request.POST = CustomQueryDict(value['post'])
request.COOKIES = value['cookies']
request.META = value['meta']
request.path = value['path']
request.method = value['method']
request.path_info = value['path_info']
request.reply_channel = value['reply_channel']
return request
def decode_request(value):
"""
Decodes a request JSONish value to a HttpRequest object.
"""
request = HttpRequest()
request.GET = MultiValueDict(value['GET'])
request.POST = MultiValueDict(value['POST'])
request.COOKIES = value['COOKIES']
request.META = value['META']
request.path = value['path']
request.method = value['method']
request.path_info = value['path_info']
request.response_channel = value['response_channel']
return request
def test_request_middleware(self):
# Middleware related test
request = HttpRequest()
request.method = random.sample([u'POST', u'GET'], 1)[0]
request.path = random.sample([u'/requests/',
u'/edit/',
u'/admin/'], 1)[0]
request.user = AnonymousUser()
request.POST = QueryDict(u'k_post=v_post')
request.COOKIES = QueryDict(u'k_coo=v_coo')
request.META['HTTP_ACCEPT_LANGUAGE'] = u'en'
request.META['HTTP_HOST'] = get_random_ip()
request.META['HTTP_REFERER'] = u''
request.META['HTTP_USER_AGENT'] = u''
request.META['QUERY_STRING'] = u'&t=1'
request.META['REMOTE_ADDR'] = get_random_ip()
request.META['REMOTE_USER'] = u''
request.META['REQUEST_METHOD'] = request.method
request.META['SERVER_NAME'] = u'localhost'
request.META['SERVER_PORT'] = u'80'
response = HttpResponse()
response.status_code = random.sample(
[200, 302, 404, 500], 1)[0]
middleware = RequestMiddleware()
resp = middleware.process_response(request, response)
self.assertEquals(response, resp)
r = Request.objects.all().order_by('-time')[:1][0]
self.assertEquals(r.status_code, response.status_code)
self.assertEquals(r.host, request.get_host())
self.assertEquals(r.path, request.path)
self.assertEquals(r.user, None)
self.assertEquals(r.method, request.method)
self.assertEquals(r.user_agent,
request.META.get('HTTP_USER_AGENT', ''))
self.assertEquals(r.language,
request.META.get('HTTP_ACCEPT_LANGUAGE', ''))
self.assertEquals(r.timezone, request.META.get('TZ', ''))
self.assertEquals(r.remote_address,
request.META.get('REMOTE_ADDR', ''))
self.assertEquals(r.referer,
request.META.get('HTTP_REFERER', ''))
self.assertEquals(r.is_secure, request.is_secure())
self.assertEquals(r.is_ajax, request.is_ajax())
self.assertEquals(r.GET, json.dumps(request.GET))
self.assertEquals(r.POST, json.dumps(request.POST))
self.assertEquals(r.cookies, json.dumps(request.COOKIES))
def build_request(user=None, session={}, cookies={}, ip_address=None):
"""
Returns request object with useful attributes
"""
from django.http import HttpRequest
from django.contrib.auth.middleware import LazyUser
request = HttpRequest()
# Session and cookies
request.session = session
request.COOKIES = cookies
# User
request.__class__.user = user or LazyUser()
# Meta
request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0'
return request
def build_request(user=None, session={}, cookies={}, ip_address=None):
"""
Returns request object with useful attributes
"""
from django.http import HttpRequest
from django.contrib.auth.middleware import LazyUser
request = HttpRequest()
# Session and cookies
request.session = session
request.COOKIES = cookies
# User
request.__class__.user = user or LazyUser()
# Meta
request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0'
return request
def test_force_switch_priority(self):
"""
If a switch is forced both in a cookie and in query params, the value in
the query params takes precedence
"""
OVERRIDE = ("__switcher_force=i.am.enabled:False")
request = HttpRequest()
request.GET = QueryDict(OVERRIDE)
# Not testing POST
request.REQUEST = request.GET
request.COOKIES = {"__switcher_force_i.am.enabled": True}
with override_settings(SWITCHER_ALLOW_FORCE=True):
self.assertIs(switch_is_enabled("i.am.enabled", request), False)
OVERRIDE = ("__switcher_force=i.am.enabled:True")
request = HttpRequest()
request.GET = QueryDict(OVERRIDE)
# Not testing POST
request.REQUEST = request.GET
request.COOKIES = {"__switcher_force_i.am.enabled": False}
with override_settings(SWITCHER_ALLOW_FORCE=True):
self.assertIs(switch_is_enabled("i.am.enabled", request), True)
def test_css_force_switch(self):
# Force the existing switches to different values, and non-existent
# (but with default value) switches non-default values
defaults = {
"auto.enabled": {
"description": "foo",
"enabled": 1
},
"auto.disabled": {
"description": "bar",
"enabled": 0
}
}
# Query params
OVERRIDE = ("__switcher_force=i.am.enabled:False&" +
"__switcher_force=i.am.disabled:True&" +
"__switcher_force=auto.enabled:False&" +
"__switcher_force=auto.disabled:True")
request = HttpRequest()
request.GET = QueryDict(OVERRIDE)
# Not testing POST
request.REQUEST = request.GET
with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True):
t = Template("{% load switcher_tags %}{% switcher_css request %}")
c = RequestContext(request, processors=(request_processor,))
result = t.render(c)
self.assertEqual("no-i-am-enabled i-am-disabled no-auto-enabled auto-disabled",
result)
# Cookies
request = HttpRequest()
request.COOKIES = {
'__switcher_force_i.am.enabled': 'False',
'__switcher_force_i.am.disabled': 'True',
'__switcher_force_auto.enabled': 'False',
'__switcher_force_auto.disabled': 'True'
}
with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True):
t = Template("{% load switcher_tags %}{% switcher_css request %}")
c = RequestContext(request, processors=(request_processor,))
result = t.render(c)
self.assertEqual("no-i-am-enabled i-am-disabled no-auto-enabled auto-disabled",
result)
def call_view(self, action: str, **kwargs):
request = HttpRequest()
request.path = self.scope.get('path')
request.session = self.scope.get('session', None)
request.META['HTTP_CONTENT_TYPE'] = 'application/json'
request.META['HTTP_ACCEPT'] = 'application/json'
for (header_name, value) in self.scope.get('headers', []):
request.META[header_name.decode('utf-8')] = value.decode('utf-8')
args, view_kwargs = self.get_view_args(action=action, **kwargs)
request.method = self.actions[action]
request.POST = json.dumps(kwargs.get('data', {}))
if self.scope.get('cookies'):
request.COOKIES = self.scope.get('cookies')
view = getattr(self.__class__, 'view')
response = view(request, *args, **view_kwargs)
status = response.status_code
if isinstance(response, Response):
data = response.data
try:
# check if we can json encode it!
# there must be a better way fo doing this?
json.dumps(data)
return data, status
except Exception as e:
pass
if isinstance(response, SimpleTemplateResponse):
response.render()
response_content = response.content
if isinstance(response_content, bytes):
try:
response_content = response_content.decode('utf-8')
except Exception as e:
response_content = response_content.hex()
return response_content, status
def http_request(self):
request = HttpRequest()
request.COOKIES = {}
request.path = '/login/'
request.method = 'POST'
request.META = {
'PATH_INFO': request.path,
'SERVER_NAME': u'test_server',
'SERVER_PORT': 80,
'SERVER_PROTOCOL': 'HTTP/1.1',
'REQUEST_METHOD': request.method,
'REMOTE_ADDR': self.real_ip
}
request.POST = {
self.setting_username_form_field: self.invalid_username,
'password': self.random_password
}
return request
def build_request(get_query=None, post_query=None, session={}, cookies={}, ip_address=None):
"""
Returns request object with useful attributes
"""
from django.http import HttpRequest, QueryDict
from django.contrib.auth.middleware import LazyUser
request = HttpRequest()
# GET and POST
if get_query:
request.GET = QueryDict(get_query)
if post_query:
request.POST = QueryDict(post_query)
# Session and cookies
request.session = SessionWrapper(session)
request.session.session_key = 'XXX'
request.COOKIES = cookies
# User
request.__class__.user = LazyUser()
# Meta
request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0'
return request
def test_is_authenticated(self):
auth = SessionAuthentication()
request = HttpRequest()
request.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
# No CSRF token.
request.META = {}
self.assertFalse(auth.is_authenticated(request))
# Invalid CSRF token.
request.META = {
'HTTP_X_CSRFTOKEN': 'abc123'
}
self.assertFalse(auth.is_authenticated(request))
# Not logged in.
request.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request.user = AnonymousUser()
self.assertFalse(auth.is_authenticated(request))
# Logged in.
request.user = User.objects.get(username='******')
self.assertTrue(auth.is_authenticated(request))
# Secure & wrong referrer.
os.environ["HTTPS"] = "on"
request.META['HTTP_HOST'] = 'example.com'
request.META['HTTP_REFERER'] = ''
self.assertFalse(auth.is_authenticated(request))
# Secure & correct referrer.
request.META['HTTP_REFERER'] = 'https://example.com/'
self.assertTrue(auth.is_authenticated(request))
os.environ["HTTPS"] = "off"
def get_messages_from_cookie(cookies):
"""Get :mod:`~django.contrib.messages` from ``cookies``"""
request = HttpRequest()
request.COOKIES = {CookieStorage.cookie_name: cookies.get(
CookieStorage.cookie_name).value}
return CookieStorage(request)
def get_messages_from_cookie(cookies):
request = HttpRequest()
request.COOKIES = {CookieStorage.cookie_name: cookies.get(
CookieStorage.cookie_name).value}
return CookieStorage(request)
def get_messages_from_cookie(cookies):
request = HttpRequest()
request.COOKIES = {CookieStorage.cookie_name: cookies.get(
CookieStorage.cookie_name).value}
return CookieStorage(request)
def parse_request(data, allowed_methods, responses, request):
if not isinstance(data, dict):
raise BinderRequestError('requests should be dicts')
# Transform data
transforms = data.pop('transforms', [])
str_params = defaultdict(dict)
if not isinstance(transforms, list):
raise BinderRequestError('transforms should be a list')
for transform in transforms:
if 'source' not in transform:
raise BinderRequestError('transforms require the field source')
if 'target' not in transform:
raise BinderRequestError('transforms require the field target')
if (not isinstance(transform['source'], list)
or len(transform['source']) < 1):
raise BinderRequestError('source must be a non empty list')
if (not isinstance(transform['target'], list)
or len(transform['target']) < 2):
raise BinderRequestError('target must be a non empty list')
# Get value through source
value = responses
for key in transform['source']:
if not isinstance(value, (list, dict)):
raise BinderRequestError(
'source can only iterate through lists and dicts')
try:
value = value[key]
except (KeyError, IndexError):
raise BinderRequestError(
'invalid source {}, error at key {}'.format(
transform['source'], key))
# Set value according to target
target = data
target_key = transform['target'][0]
for i, key in enumerate(transform['target'][1:]):
if isinstance(target, (list, dict)):
try:
target = target[target_key]
except (KeyError, IndexError):
raise BinderRequestError(
'invalid target {}, error at key {}'.format(
transform['target'], target_key))
target_key = key
else:
raise BinderRequestError(
'target can only iterate through lists and dicts')
if isinstance(target, (list, dict)):
try:
target[target_key] = value
except IndexError:
raise BinderRequestError(
'invalid target {}, error at key {}'.format(
transform['target'], target_key))
elif isinstance(target, str):
str_params[tuple(
transform['target'][:-1])][transform['target'][-1]] = value
else:
raise BinderRequestError(
'target can only modify lists, dicts and strs')
try:
for keys, params in str_params.items():
target = data
target_key = keys[0]
for key in keys[1:]:
target = target[target_key]
target_key = key
s = target[target_key]
try:
s = s.format(**params)
except KeyError as e:
raise BinderRequestError(
'str formatting at {}, missing key: {}'.format(
keys, e.args[0]))
target[target_key] = target[target_key].format(**params)
except Exception:
# All kind of things can go wrong when the data is altered through
# a transform that occured after the str_params where determined
# causing the target not to exist anymore or not be a str
raise BinderRequestError(
'transforms altered data in such a way that str params became '
'invalid')
# Validate request
if 'method' not in data:
raise BinderRequestError('requests require the field method')
if 'path' not in data:
raise BinderRequestError('requests require the field path')
# Validate method is allowed
if data['method'] not in allowed_methods:
raise BinderMethodNotAllowed()
# Create request
req = HttpRequest()
req.method = data['method']
req.path = data['path']
req.path_info = req.path
req.COOKIES = request.COOKIES
req.META = request.META
req.content_type = 'application/json'
if 'body' in data:
req._body = jsondumps(data['body']).encode()
else:
req._body = b''
return req
