def test_apikey_and_authentication_enforce_user(self): session_auth = SessionAuthentication() api_key_auth = ApiKeyAuthentication() auth = MultiAuthentication(api_key_auth, session_auth) john_doe = User.objects.get(username="******") request1 = HttpRequest() request2 = HttpRequest() request3 = HttpRequest() request1.method = "POST" request1.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"} request1.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"} request1.user = john_doe request2.POST["username"] = "******" request2.POST["api_key"] = "invalid key" request3.method = "POST" request3.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"} request3.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"} request3.user = john_doe request3.POST["username"] = "******" request3.POST["api_key"] = "invalid key" # session auth should pass if since john_doe is logged in self.assertEqual(session_auth.is_authenticated(request1), True) # api key auth should fail because of invalid api key self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True) # multi auth shouldn't change users if api key auth fails # multi auth passes since session auth is valid self.assertEqual(request3.user.username, "johndoe") self.assertEqual(auth.is_authenticated(request3), True) self.assertEqual(request3.user.username, "johndoe")
def test_is_authenticated(self): auth = SessionAuthentication() request = HttpRequest() request.method = 'POST' request.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } # No CSRF token. request.META = {} self.assertFalse(auth.is_authenticated(request)) # Invalid CSRF token. request.META = { 'HTTP_X_CSRFTOKEN': 'abc123' } self.assertFalse(auth.is_authenticated(request)) # Not logged in. request.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request.user = AnonymousUser() self.assertFalse(auth.is_authenticated(request)) # Logged in. request.user = User.objects.get(username='******') self.assertTrue(auth.is_authenticated(request)) # Logged in (with GET & no token). request.method = 'GET' request.META = {} request.user = User.objects.get(username='******') self.assertTrue(auth.is_authenticated(request)) # Secure & wrong referrer. class SecureRequest(HttpRequest): def _get_scheme(self): return 'https' request = SecureRequest() request.method = 'POST' request.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request.META['HTTP_HOST'] = 'example.com' request.META['HTTP_REFERER'] = '' request.user = User.objects.get(username='******') self.assertFalse(auth.is_authenticated(request)) # Secure & correct referrer. request.META['HTTP_REFERER'] = 'https://example.com/' self.assertTrue(auth.is_authenticated(request))
def test_is_authenticated(self): auth = SessionAuthentication() request = HttpRequest() request.method = 'POST' request.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } # No CSRF token. request.META = {} self.assertFalse(auth.is_authenticated(request)) # Invalid CSRF token. request.META = { 'HTTP_X_CSRFTOKEN': 'abc123' } self.assertFalse(auth.is_authenticated(request)) # Not logged in. request.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request.user = AnonymousUser() self.assertFalse(auth.is_authenticated(request)) # Logged in. request.user = User.objects.get(username='******') self.assertTrue(auth.is_authenticated(request)) # Logged in (with GET & no token). request.method = 'GET' request.META = {} request.user = User.objects.get(username='******') self.assertTrue(auth.is_authenticated(request)) # Secure & wrong referrer. class SecureRequest(HttpRequest): def _get_scheme(self): return 'https' request = SecureRequest() request.method = 'POST' request.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request.META['HTTP_HOST'] = 'example.com' request.META['HTTP_REFERER'] = '' request.user = User.objects.get(username='******') self.assertFalse(auth.is_authenticated(request)) # Secure & correct referrer. request.META['HTTP_REFERER'] = 'https://example.com/' self.assertTrue(auth.is_authenticated(request))
def build_request(get_query=None, post_query=None, session={}, cookies={}, ip_address=None): """ Returns request object with useful attributes """ from django.http import HttpRequest, QueryDict from django.contrib.auth.middleware import LazyUser request = HttpRequest() # GET and POST if get_query: request.GET = QueryDict(get_query) if post_query: request.POST = QueryDict(post_query) # Session and cookies request.session = SessionWrapper(session) request.session.session_key = 'XXX' request.COOKIES = cookies # User request.__class__.user = LazyUser() # Meta request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0' return request
def test_request_view(self): # Fill DB with random requests for req in range(10): request = HttpRequest() request.method = random.sample([u'POST', u'GET'], 1)[0] request.path = random.sample([u'/requests/', u'/edit/', u'/admin/'], 1)[0] request.user = AnonymousUser() request.POST = QueryDict(u'k_post=v_post') request.COOKIES = QueryDict(u'k_coo=v_coo') request.META['HTTP_ACCEPT_LANGUAGE'] = u'en' request.META['HTTP_HOST'] = get_random_ip() request.META['HTTP_REFERER'] = u'' request.META['HTTP_USER_AGENT'] = u'' request.META['QUERY_STRING'] = u'&t=1' request.META['REMOTE_ADDR'] = get_random_ip() request.META['REMOTE_USER'] = u'' request.META['REQUEST_METHOD'] = request.method request.META['SERVER_NAME'] = u'localhost' request.META['SERVER_PORT'] = u'80' response = HttpResponse() response.status_code = random.sample( [200, 302, 404, 500], 1)[0] middleware = RequestMiddleware() resp = middleware.process_response(request, response) self.assertEquals(response, resp) self.check_request_view() self.add_priorities() self.check_request_view()
def build_http_request(self): request = HttpRequest() query_string = self.scope.get("query_string", "") if isinstance(query_string, bytes): query_string = query_string.decode("utf-8") request.method = "GET" request.path_info = self.scope["path"] request.GET = QueryDict(query_string=query_string) for name, value in self.scope.get("headers", []): name = name.decode("latin1") if name == "content-length": corrected_name = "CONTENT_LENGTH" elif name == "content-type": corrected_name = "CONTENT_TYPE" else: corrected_name = "HTTP_%s" % name.upper().replace("-", "_") # HTTPbis say only ASCII chars are allowed in headers, but we latin1 just in case value = value.decode("latin1") if corrected_name in request.META: value = request.META[corrected_name] + "," + value request.META[corrected_name] = value if self.scope.get("client", None): request.META["REMOTE_ADDR"] = self.scope["client"][0] request.META["REMOTE_HOST"] = request.META["REMOTE_ADDR"] request.META["REMOTE_PORT"] = self.scope["client"][1] if self.scope.get("server", None): request.META["SERVER_NAME"] = self.scope["server"][0] request.META["SERVER_PORT"] = str(self.scope["server"][1]) else: request.META["SERVER_NAME"] = "unknown" request.META["SERVER_PORT"] = "0" request.META["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest" request.COOKIES = http.parse_cookie(request.META.get("HTTP_COOKIE", "")) return request
def test_httprequest_repr(self): request = HttpRequest() request.path = "/somepath/" request.GET = {"get-key": "get-value"} request.POST = {"post-key": "post-value"} request.COOKIES = {"post-key": "post-value"} request.META = {"post-key": "post-value"} self.assertEqual( repr(request), str_prefix( "<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>" ), ) self.assertEqual(build_request_repr(request), repr(request)) self.assertEqual( build_request_repr( request, path_override="/otherpath/", GET_override={"a": "b"}, POST_override={"c": "d"}, COOKIES_override={"e": "f"}, META_override={"g": "h"}, ), str_prefix( "<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>" ), )
def test_httprequest_repr(self): request = HttpRequest() request.path = '/somepath/' request.method = 'GET' request.GET = {'get-key': 'get-value'} request.POST = {'post-key': 'post-value'} request.COOKIES = {'post-key': 'post-value'} request.META = {'post-key': 'post-value'} self.assertEqual(repr(request), str_prefix("<HttpRequest: GET '/somepath/'>")) self.assertEqual( build_request_repr(request), str_prefix( "<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>" )) self.assertEqual( build_request_repr(request, path_override='/otherpath/', GET_override={'a': 'b'}, POST_override={'c': 'd'}, COOKIES_override={'e': 'f'}, META_override={'g': 'h'}), str_prefix( "<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>" ))
def test_vary(self): """ Ensure caching works even when cookies are present and `Vary: Cookie` is on. """ request = HttpRequest() request.method = 'GET' request.COOKIES = {'test': 'foo'} request.META['HTTP_COOKIE'] = 'test=foo' response = HttpResponse() patch_vary_headers(response, ['Cookie']) response.set_cookie('test', 'foo') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertEqual(cache_hit, None) response = PatchedVaryUpdateCacheMiddleware().process_response(request, response) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(isinstance(cache_hit, HttpResponse)) new_request = HttpRequest() new_request.method = 'GET' # note: not using cookies here. this demonstrates that cookies don't # affect the cache key cache_hit = FetchFromCacheMiddleware().process_request(new_request) self.assertTrue(isinstance(cache_hit, HttpResponse))
def test_force_switch(self): """ If enabled, you can force a switch to be a specific value. """ # Request params OVERRIDE = ("__switcher_force=i.am.enabled:False&" + "__switcher_force=i.am.disabled:True") request = HttpRequest() request.GET = QueryDict(OVERRIDE) # Not testing POST request.REQUEST = request.GET with override_settings(SWITCHER_ALLOW_FORCE=False): self.assertIs(switch_is_enabled("i.am.enabled", request), True) self.assertIs(switch_is_enabled("i.am.disabled", request), False) with override_settings(SWITCHER_ALLOW_FORCE=True): self.assertIs(switch_is_enabled("i.am.enabled", request), False) self.assertIs(switch_is_enabled("i.am.disabled", request), True) # Cookies request = HttpRequest() request.COOKIES = { '__switcher_force_i.am.enabled': 'False', '__switcher_force_i.am.disabled': 'True' } with override_settings(SWITCHER_ALLOW_FORCE=False): self.assertIs(switch_is_enabled("i.am.enabled", request), True) self.assertIs(switch_is_enabled("i.am.disabled", request), False) with override_settings(SWITCHER_ALLOW_FORCE=True): self.assertIs(switch_is_enabled("i.am.enabled", request), False) self.assertIs(switch_is_enabled("i.am.disabled", request), True)
def decode_request(value): """ Decodes a request JSONish value to a HttpRequest object. """ request = HttpRequest() request.GET = CustomQueryDict(value['get']) request.POST = CustomQueryDict(value['post']) request.COOKIES = value['cookies'] request.path = value['path'] request.method = value['method'] request.reply_channel = value['reply_channel'] # Channels requests are more high-level than the dumping ground that is # META; re-combine back into it request.META = { "REQUEST_METHOD": value["method"], "SERVER_NAME": value["server"][0], "SERVER_PORT": value["server"][1], "REMOTE_ADDR": value["client"][0], "REMOTE_HOST": value["client"][0], # Not the DNS name, hopefully fine. } for header, header_value in value.get("headers", {}).items(): request.META["HTTP_%s" % header.upper()] = header_value # We don't support non-/ script roots request.path_info = value['path'] return request
def test_vary_with_original_update_cache_middleware(self): """ Mainly to demonstrate the need to remove the Vary: Cookie header during caching. Same basic test as test_vary() but with django's UpdateCacheMiddleware instead of PatchedVaryUpdateCacheMiddleware. This does not get a cache hit if the cookies are not the same. """ request = HttpRequest() request.method = 'GET' request.COOKIES = {'test': 'foo'} request.META['HTTP_COOKIE'] = 'test=foo' response = HttpResponse() patch_vary_headers(response, ['Cookie']) response.set_cookie('test', 'foo') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertEqual(cache_hit, None) response = UpdateCacheMiddleware().process_response(request, response) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(isinstance(cache_hit, HttpResponse)) new_request = HttpRequest() new_request.method = 'GET' # note: not using cookies here. this demonstrates that cookies don't # affect the cache key cache_hit = FetchFromCacheMiddleware().process_request(new_request) self.assertEqual(cache_hit, None)
def test_is_authenticated(self): auth = SessionAuthentication() request = HttpRequest() request.method = "POST" request.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"} # No CSRF token. request.META = {} self.assertFalse(auth.is_authenticated(request)) # Invalid CSRF token. request.META = {"HTTP_X_CSRFTOKEN": "abc123"} self.assertFalse(auth.is_authenticated(request)) # Not logged in. request.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"} request.user = AnonymousUser() self.assertFalse(auth.is_authenticated(request)) # Logged in. request.user = User.objects.get(username="******") self.assertEqual(auth.is_authenticated(request), True) # Logged in (with GET & no token). request.method = "GET" request.META = {} request.user = User.objects.get(username="******") self.assertEqual(auth.is_authenticated(request), True) # Secure & wrong referrer. class SecureRequest(HttpRequest): def _get_scheme(self): return "https" request = SecureRequest() request.method = "POST" request.COOKIES = {settings.CSRF_COOKIE_NAME: "abcdef1234567890abcdef1234567890"} request.META = {"HTTP_X_CSRFTOKEN": "abcdef1234567890abcdef1234567890"} request.META["HTTP_HOST"] = "example.com" request.META["HTTP_REFERER"] = "" request.user = User.objects.get(username="******") self.assertFalse(auth.is_authenticated(request)) # Secure & correct referrer. request.META["HTTP_REFERER"] = "https://example.com/" self.assertEqual(auth.is_authenticated(request), True)
def test_httprequest_repr(self): request = HttpRequest() request.path = "/somepath/" request.method = "GET" request.GET = {"get-key": "get-value"} request.POST = {"post-key": "post-value"} request.COOKIES = {"post-key": "post-value"} request.META = {"post-key": "post-value"} self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_httprequest_repr(self): request = HttpRequest() request.path = '/somepath/' request.method = 'GET' request.GET = {'get-key': 'get-value'} request.POST = {'post-key': 'post-value'} request.COOKIES = {'post-key': 'post-value'} request.META = {'post-key': 'post-value'} self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_httprequest_repr(self): request = HttpRequest() request.path = "/somepath/" request.method = "GET" request.GET = {"get-key": "get-value"} request.POST = {"post-key": "post-value"} request.COOKIES = {"post-key": "post-value"} request.META = {"post-key": "post-value"} self.assertEqual(repr(request), str_prefix("<HttpRequest: GET '/somepath/'>"))
def test_httprequest_repr(self): request = HttpRequest() request.path = '/somepath/' request.method = 'GET' request.GET = {'get-key': 'get-value'} request.POST = {'post-key': 'post-value'} request.COOKIES = {'post-key': 'post-value'} request.META = {'post-key': 'post-value'} self.assertEqual(repr(request), "<HttpRequest: GET '/somepath/'>")
def test_apikey_and_authentication_enforce_user(self): session_auth = SessionAuthentication() api_key_auth = ApiKeyAuthentication() auth = MultiAuthentication(api_key_auth, session_auth) john_doe = User.objects.get(username='******') request1 = HttpRequest() request2 = HttpRequest() request3 = HttpRequest() request1.method = 'POST' request1.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request1.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request1.user = john_doe request2.POST['username'] = '******' request2.POST['api_key'] = 'invalid key' request3.method = 'POST' request3.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request3.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request3.user = john_doe request3.POST['username'] = '******' request3.POST['api_key'] = 'invalid key' # session auth should pass if since john_doe is logged in self.assertTrue(session_auth.is_authenticated(request1)) # api key auth should fail because of invalid api key self.assertEqual( isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True) # multi auth shouldn't change users if api key auth fails # multi auth passes since session auth is valid self.assertEqual(request3.user.username, 'johndoe') self.assertTrue(auth.is_authenticated(request3)) self.assertEqual(request3.user.username, 'johndoe')
def build_request(user_agent='', cookies={}): """ Returns request object with useful attributes """ request = HttpRequest() # Session and cookies request.session = {} request.COOKIES = cookies request.META['HTTP_USER_AGENT'] = user_agent return request
def build_request(user_agent="", cookies={}): """ Returns request object with useful attributes """ request = HttpRequest() # Session and cookies request.session = {} request.COOKIES = cookies request.META["HTTP_USER_AGENT"] = user_agent return request
def test_apikey_and_authentication_enforce_user(self): session_auth = SessionAuthentication() api_key_auth = ApiKeyAuthentication() auth = MultiAuthentication(api_key_auth, session_auth) john_doe = User.objects.get(username='******') request1 = HttpRequest() request2 = HttpRequest() request3 = HttpRequest() request1.method = 'POST' request1.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request1.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request1.user = john_doe request2.POST['username'] = '******' request2.POST['api_key'] = 'invalid key' request3.method = 'POST' request3.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request3.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request3.user = john_doe request3.POST['username'] = '******' request3.POST['api_key'] = 'invalid key' #session auth should pass if since john_doe is logged in self.assertTrue(session_auth.is_authenticated(request1)) #api key auth should fail because of invalid api key self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True) #multi auth shouldn't change users if api key auth fails #multi auth passes since session auth is valid self.assertEqual(request3.user.username, 'johndoe') self.assertTrue(auth.is_authenticated(request3)) self.assertEqual(request3.user.username, 'johndoe')
def test_httprequest_repr(self): request = HttpRequest() request.path = u'/somepath/' request.GET = {u'get-key': u'get-value'} request.POST = {u'post-key': u'post-value'} request.COOKIES = {u'post-key': u'post-value'} request.META = {u'post-key': u'post-value'} self.assertEqual(repr(request), u"<HttpRequest\npath:/somepath/,\nGET:{u'get-key': u'get-value'},\nPOST:{u'post-key': u'post-value'},\nCOOKIES:{u'post-key': u'post-value'},\nMETA:{u'post-key': u'post-value'}>") self.assertEqual(build_request_repr(request), repr(request)) self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={u'a': u'b'}, POST_override={u'c': u'd'}, COOKIES_override={u'e': u'f'}, META_override={u'g': u'h'}), u"<HttpRequest\npath:/otherpath/,\nGET:{u'a': u'b'},\nPOST:{u'c': u'd'},\nCOOKIES:{u'e': u'f'},\nMETA:{u'g': u'h'}>")
def test_httprequest_repr(self): request = HttpRequest() request.path = '/somepath/' request.GET = {'get-key': 'get-value'} request.POST = {'post-key': 'post-value'} request.COOKIES = {'post-key': 'post-value'} request.META = {'post-key': 'post-value'} self.assertEqual(repr(request), str_prefix("<HttpRequest\npath:/somepath/,\nGET:{%(_)s'get-key': %(_)s'get-value'},\nPOST:{%(_)s'post-key': %(_)s'post-value'},\nCOOKIES:{%(_)s'post-key': %(_)s'post-value'},\nMETA:{%(_)s'post-key': %(_)s'post-value'}>")) self.assertEqual(build_request_repr(request), repr(request)) self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={'a': 'b'}, POST_override={'c': 'd'}, COOKIES_override={'e': 'f'}, META_override={'g': 'h'}), str_prefix("<HttpRequest\npath:/otherpath/,\nGET:{%(_)s'a': %(_)s'b'},\nPOST:{%(_)s'c': %(_)s'd'},\nCOOKIES:{%(_)s'e': %(_)s'f'},\nMETA:{%(_)s'g': %(_)s'h'}>"))
def test_httprequest_repr(self): request = HttpRequest() request.path = u'/somepath/' request.GET = {u'get-key': u'get-value'} request.POST = {u'post-key': u'post-value'} request.COOKIES = {u'post-key': u'post-value'} request.META = {u'post-key': u'post-value'} self.assertEqual(repr(request), u"<HttpRequest\npath:/somepath/,\nGET:{u'get-key': u'get-value'},\nPOST:{u'post-key': u'post-value'},\nCOOKIES:{u'post-key': u'post-value'},\nMETA:{u'post-key': u'post-value'}>") self.assertEqual(build_request_repr(request), repr(request)) self.assertEqual(build_request_repr(request, path_override='/otherpath/', GET_override={u'a': u'b'}, POST_override={u'c': u'd'}, COOKIES_override={u'e': u'f'}, META_override={u'g': u'h'}), u"<HttpRequest\npath:/otherpath/,\nGET:{u'a': u'b'},\nPOST:{u'c': u'd'},\nCOOKIES:{u'e': u'f'},\nMETA:{u'g': u'h'}>")
def get_http_request(aiohttp_request): """Build a Django request from a aiohttp request: required to get sessions and topics. :param aiohttp_request: websocket request provided :type aiohttp_request: :class:`Request` """ assert isinstance(aiohttp_request, Request) django_request = HttpRequest() django_request.GET = aiohttp_request.rel_url.query django_request.COOKIES = aiohttp_request.cookies django_request.session = None django_request.user = None return django_request
def get_http_request(aiohttp_request): """Build a Django request from a aiohttp request: required to get sessions and topics. :param aiohttp_request: websocket request provided :type aiohttp_request: :class:`Request` """ assert isinstance(aiohttp_request, Request) django_request = HttpRequest() django_request.GET = aiohttp_request.rel_url.query django_request.COOKIES = aiohttp_request.cookies django_request.session = None django_request.user = None return django_request
def test_js_force_switch(self): # Force the existing switches to different values, and non-existent # (but with default value) switches non-default values defaults = { "auto.enabled": { "description": "foo", "enabled": 1 }, "auto.disabled": { "description": "bar", "enabled": 0 } } # Query params OVERRIDE = ("__switcher_force=i.am.enabled:False&" + "__switcher_force=i.am.disabled:True&" + "__switcher_force=auto.enabled:False&" + "__switcher_force=auto.disabled:True") request = HttpRequest() request.GET = QueryDict(OVERRIDE) # Not testing POST request.REQUEST = request.GET expected = (u'<script type="text/javascript">Modernizr' + u".addTest('i_am_enabled', false)" + u".addTest('i_am_disabled', true)" + u".addTest('auto_enabled', false)" + u".addTest('auto_disabled', true);" + u"</script>\n") with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True): t = Template("{% load switcher_tags %}{% switcher_js request %}") c = RequestContext(request, processors=(request_processor,)) result = t.render(c) self.assertEqual(expected, result) # Cookies request = HttpRequest() request.COOKIES = { '__switcher_force_i.am.enabled': 'False', '__switcher_force_i.am.disabled': 'True', '__switcher_force_auto.enabled': 'False', '__switcher_force_auto.disabled': 'True' } with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True): t = Template("{% load switcher_tags %}{% switcher_js request %}") c = RequestContext(request, processors=(request_processor,)) result = t.render(c) self.assertEqual(expected, result)
def decode_request(value): """ Decodes a request JSONish value to a HttpRequest object. """ request = HttpRequest() request.GET = MultiValueDict(value['GET']) request.POST = MultiValueDict(value['POST']) request.COOKIES = value['COOKIES'] request.META = value['META'] request.path = value['path'] request.method = value['method'] request.path_info = value['path_info'] request.response_channel = value['response_channel'] return request
def call_view(self, action: str, **kwargs): request = HttpRequest() request.path = self.scope.get("path") request.session = self.scope.get("session", None) request.META["HTTP_CONTENT_TYPE"] = "application/json" request.META["HTTP_ACCEPT"] = "application/json" for (header_name, value) in self.scope.get("headers", []): request.META[header_name.decode("utf-8")] = value.decode("utf-8") args, view_kwargs = self.get_view_args(action=action, **kwargs) request.method = self.actions[action] request.POST = json.dumps(kwargs.get("data", {})) if self.scope.get("cookies"): request.COOKIES = self.scope.get("cookies") for key, value in kwargs.get("query", {}).items(): if isinstance(value, list): request.GET.setlist(key, value) else: request.GET[key] = value view = getattr(self.__class__, "view") response = view(request, *args, **view_kwargs) status = response.status_code if isinstance(response, Response): data = response.data try: # check if we can json encode it! # there must be a better way fo doing this? json.dumps(data) return data, status except Exception as e: pass if isinstance(response, SimpleTemplateResponse): response.render() response_content = response.content if isinstance(response_content, bytes): try: response_content = response_content.decode("utf-8") except Exception as e: response_content = response_content.hex() return response_content, status
def decode_request(value): """ Decodes a request JSONish value to a HttpRequest object. """ request = HttpRequest() request.GET = CustomQueryDict(value['get']) request.POST = CustomQueryDict(value['post']) request.COOKIES = value['cookies'] request.META = value['meta'] request.path = value['path'] request.method = value['method'] request.path_info = value['path_info'] request.reply_channel = value['reply_channel'] return request
def decode_request(value): """ Decodes a request JSONish value to a HttpRequest object. """ request = HttpRequest() request.GET = MultiValueDict(value['GET']) request.POST = MultiValueDict(value['POST']) request.COOKIES = value['COOKIES'] request.META = value['META'] request.path = value['path'] request.method = value['method'] request.path_info = value['path_info'] request.response_channel = value['response_channel'] return request
def test_request_middleware(self): # Middleware related test request = HttpRequest() request.method = random.sample([u'POST', u'GET'], 1)[0] request.path = random.sample([u'/requests/', u'/edit/', u'/admin/'], 1)[0] request.user = AnonymousUser() request.POST = QueryDict(u'k_post=v_post') request.COOKIES = QueryDict(u'k_coo=v_coo') request.META['HTTP_ACCEPT_LANGUAGE'] = u'en' request.META['HTTP_HOST'] = get_random_ip() request.META['HTTP_REFERER'] = u'' request.META['HTTP_USER_AGENT'] = u'' request.META['QUERY_STRING'] = u'&t=1' request.META['REMOTE_ADDR'] = get_random_ip() request.META['REMOTE_USER'] = u'' request.META['REQUEST_METHOD'] = request.method request.META['SERVER_NAME'] = u'localhost' request.META['SERVER_PORT'] = u'80' response = HttpResponse() response.status_code = random.sample( [200, 302, 404, 500], 1)[0] middleware = RequestMiddleware() resp = middleware.process_response(request, response) self.assertEquals(response, resp) r = Request.objects.all().order_by('-time')[:1][0] self.assertEquals(r.status_code, response.status_code) self.assertEquals(r.host, request.get_host()) self.assertEquals(r.path, request.path) self.assertEquals(r.user, None) self.assertEquals(r.method, request.method) self.assertEquals(r.user_agent, request.META.get('HTTP_USER_AGENT', '')) self.assertEquals(r.language, request.META.get('HTTP_ACCEPT_LANGUAGE', '')) self.assertEquals(r.timezone, request.META.get('TZ', '')) self.assertEquals(r.remote_address, request.META.get('REMOTE_ADDR', '')) self.assertEquals(r.referer, request.META.get('HTTP_REFERER', '')) self.assertEquals(r.is_secure, request.is_secure()) self.assertEquals(r.is_ajax, request.is_ajax()) self.assertEquals(r.GET, json.dumps(request.GET)) self.assertEquals(r.POST, json.dumps(request.POST)) self.assertEquals(r.cookies, json.dumps(request.COOKIES))
def build_request(user=None, session={}, cookies={}, ip_address=None): """ Returns request object with useful attributes """ from django.http import HttpRequest from django.contrib.auth.middleware import LazyUser request = HttpRequest() # Session and cookies request.session = session request.COOKIES = cookies # User request.__class__.user = user or LazyUser() # Meta request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0' return request
def build_request(user=None, session={}, cookies={}, ip_address=None): """ Returns request object with useful attributes """ from django.http import HttpRequest from django.contrib.auth.middleware import LazyUser request = HttpRequest() # Session and cookies request.session = session request.COOKIES = cookies # User request.__class__.user = user or LazyUser() # Meta request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0' return request
def test_force_switch_priority(self): """ If a switch is forced both in a cookie and in query params, the value in the query params takes precedence """ OVERRIDE = ("__switcher_force=i.am.enabled:False") request = HttpRequest() request.GET = QueryDict(OVERRIDE) # Not testing POST request.REQUEST = request.GET request.COOKIES = {"__switcher_force_i.am.enabled": True} with override_settings(SWITCHER_ALLOW_FORCE=True): self.assertIs(switch_is_enabled("i.am.enabled", request), False) OVERRIDE = ("__switcher_force=i.am.enabled:True") request = HttpRequest() request.GET = QueryDict(OVERRIDE) # Not testing POST request.REQUEST = request.GET request.COOKIES = {"__switcher_force_i.am.enabled": False} with override_settings(SWITCHER_ALLOW_FORCE=True): self.assertIs(switch_is_enabled("i.am.enabled", request), True)
def test_css_force_switch(self): # Force the existing switches to different values, and non-existent # (but with default value) switches non-default values defaults = { "auto.enabled": { "description": "foo", "enabled": 1 }, "auto.disabled": { "description": "bar", "enabled": 0 } } # Query params OVERRIDE = ("__switcher_force=i.am.enabled:False&" + "__switcher_force=i.am.disabled:True&" + "__switcher_force=auto.enabled:False&" + "__switcher_force=auto.disabled:True") request = HttpRequest() request.GET = QueryDict(OVERRIDE) # Not testing POST request.REQUEST = request.GET with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True): t = Template("{% load switcher_tags %}{% switcher_css request %}") c = RequestContext(request, processors=(request_processor,)) result = t.render(c) self.assertEqual("no-i-am-enabled i-am-disabled no-auto-enabled auto-disabled", result) # Cookies request = HttpRequest() request.COOKIES = { '__switcher_force_i.am.enabled': 'False', '__switcher_force_i.am.disabled': 'True', '__switcher_force_auto.enabled': 'False', '__switcher_force_auto.disabled': 'True' } with override_settings(SWITCHER_DEFAULTS=defaults, SWITCHER_ALLOW_FORCE=True): t = Template("{% load switcher_tags %}{% switcher_css request %}") c = RequestContext(request, processors=(request_processor,)) result = t.render(c) self.assertEqual("no-i-am-enabled i-am-disabled no-auto-enabled auto-disabled", result)
def call_view(self, action: str, **kwargs): request = HttpRequest() request.path = self.scope.get('path') request.session = self.scope.get('session', None) request.META['HTTP_CONTENT_TYPE'] = 'application/json' request.META['HTTP_ACCEPT'] = 'application/json' for (header_name, value) in self.scope.get('headers', []): request.META[header_name.decode('utf-8')] = value.decode('utf-8') args, view_kwargs = self.get_view_args(action=action, **kwargs) request.method = self.actions[action] request.POST = json.dumps(kwargs.get('data', {})) if self.scope.get('cookies'): request.COOKIES = self.scope.get('cookies') view = getattr(self.__class__, 'view') response = view(request, *args, **view_kwargs) status = response.status_code if isinstance(response, Response): data = response.data try: # check if we can json encode it! # there must be a better way fo doing this? json.dumps(data) return data, status except Exception as e: pass if isinstance(response, SimpleTemplateResponse): response.render() response_content = response.content if isinstance(response_content, bytes): try: response_content = response_content.decode('utf-8') except Exception as e: response_content = response_content.hex() return response_content, status
def http_request(self): request = HttpRequest() request.COOKIES = {} request.path = '/login/' request.method = 'POST' request.META = { 'PATH_INFO': request.path, 'SERVER_NAME': u'test_server', 'SERVER_PORT': 80, 'SERVER_PROTOCOL': 'HTTP/1.1', 'REQUEST_METHOD': request.method, 'REMOTE_ADDR': self.real_ip } request.POST = { self.setting_username_form_field: self.invalid_username, 'password': self.random_password } return request
def build_request(get_query=None, post_query=None, session={}, cookies={}, ip_address=None): """ Returns request object with useful attributes """ from django.http import HttpRequest, QueryDict from django.contrib.auth.middleware import LazyUser request = HttpRequest() # GET and POST if get_query: request.GET = QueryDict(get_query) if post_query: request.POST = QueryDict(post_query) # Session and cookies request.session = SessionWrapper(session) request.session.session_key = 'XXX' request.COOKIES = cookies # User request.__class__.user = LazyUser() # Meta request.META['REMOTE_ADDR'] = ip_address or '0.0.0.0' return request
def test_is_authenticated(self): auth = SessionAuthentication() request = HttpRequest() request.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } # No CSRF token. request.META = {} self.assertFalse(auth.is_authenticated(request)) # Invalid CSRF token. request.META = { 'HTTP_X_CSRFTOKEN': 'abc123' } self.assertFalse(auth.is_authenticated(request)) # Not logged in. request.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request.user = AnonymousUser() self.assertFalse(auth.is_authenticated(request)) # Logged in. request.user = User.objects.get(username='******') self.assertTrue(auth.is_authenticated(request)) # Secure & wrong referrer. os.environ["HTTPS"] = "on" request.META['HTTP_HOST'] = 'example.com' request.META['HTTP_REFERER'] = '' self.assertFalse(auth.is_authenticated(request)) # Secure & correct referrer. request.META['HTTP_REFERER'] = 'https://example.com/' self.assertTrue(auth.is_authenticated(request)) os.environ["HTTPS"] = "off"
def get_messages_from_cookie(cookies): """Get :mod:`~django.contrib.messages` from ``cookies``""" request = HttpRequest() request.COOKIES = {CookieStorage.cookie_name: cookies.get( CookieStorage.cookie_name).value} return CookieStorage(request)
def get_messages_from_cookie(cookies): request = HttpRequest() request.COOKIES = {CookieStorage.cookie_name: cookies.get( CookieStorage.cookie_name).value} return CookieStorage(request)
def get_messages_from_cookie(cookies): request = HttpRequest() request.COOKIES = {CookieStorage.cookie_name: cookies.get( CookieStorage.cookie_name).value} return CookieStorage(request)
def parse_request(data, allowed_methods, responses, request): if not isinstance(data, dict): raise BinderRequestError('requests should be dicts') # Transform data transforms = data.pop('transforms', []) str_params = defaultdict(dict) if not isinstance(transforms, list): raise BinderRequestError('transforms should be a list') for transform in transforms: if 'source' not in transform: raise BinderRequestError('transforms require the field source') if 'target' not in transform: raise BinderRequestError('transforms require the field target') if (not isinstance(transform['source'], list) or len(transform['source']) < 1): raise BinderRequestError('source must be a non empty list') if (not isinstance(transform['target'], list) or len(transform['target']) < 2): raise BinderRequestError('target must be a non empty list') # Get value through source value = responses for key in transform['source']: if not isinstance(value, (list, dict)): raise BinderRequestError( 'source can only iterate through lists and dicts') try: value = value[key] except (KeyError, IndexError): raise BinderRequestError( 'invalid source {}, error at key {}'.format( transform['source'], key)) # Set value according to target target = data target_key = transform['target'][0] for i, key in enumerate(transform['target'][1:]): if isinstance(target, (list, dict)): try: target = target[target_key] except (KeyError, IndexError): raise BinderRequestError( 'invalid target {}, error at key {}'.format( transform['target'], target_key)) target_key = key else: raise BinderRequestError( 'target can only iterate through lists and dicts') if isinstance(target, (list, dict)): try: target[target_key] = value except IndexError: raise BinderRequestError( 'invalid target {}, error at key {}'.format( transform['target'], target_key)) elif isinstance(target, str): str_params[tuple( transform['target'][:-1])][transform['target'][-1]] = value else: raise BinderRequestError( 'target can only modify lists, dicts and strs') try: for keys, params in str_params.items(): target = data target_key = keys[0] for key in keys[1:]: target = target[target_key] target_key = key s = target[target_key] try: s = s.format(**params) except KeyError as e: raise BinderRequestError( 'str formatting at {}, missing key: {}'.format( keys, e.args[0])) target[target_key] = target[target_key].format(**params) except Exception: # All kind of things can go wrong when the data is altered through # a transform that occured after the str_params where determined # causing the target not to exist anymore or not be a str raise BinderRequestError( 'transforms altered data in such a way that str params became ' 'invalid') # Validate request if 'method' not in data: raise BinderRequestError('requests require the field method') if 'path' not in data: raise BinderRequestError('requests require the field path') # Validate method is allowed if data['method'] not in allowed_methods: raise BinderMethodNotAllowed() # Create request req = HttpRequest() req.method = data['method'] req.path = data['path'] req.path_info = req.path req.COOKIES = request.COOKIES req.META = request.META req.content_type = 'application/json' if 'body' in data: req._body = jsondumps(data['body']).encode() else: req._body = b'' return req