Пример #1
0
    def test_requires_get_or_post(self):
        client = Client(enforce_csrf_checks=True)
        with override_settings(DEBUG=False):
            self.assertEquals(client.get(self.str_uri).status_code, 403)
            self.assertEquals(client.post(self.str_uri).status_code, 403)
            self.assertEquals(client.head(self.str_uri).status_code, 405)
            self.assertEquals(client.options(self.str_uri).status_code, 405)
            self.assertEquals(client.put(self.str_uri).status_code, 405)
            self.assertEquals(client.delete(self.str_uri).status_code, 405)

            self.assertEquals(client.get(self.str_class_uri).status_code, 403)
            self.assertEquals(client.post(self.str_class_uri).status_code, 403)
            self.assertEquals(client.head(self.str_class_uri).status_code, 405)
            self.assertEquals(client.put(self.str_class_uri).status_code, 405)
            self.assertEquals(client.delete(self.str_class_uri).status_code, 405)

        with override_settings(DEBUG=True):
            self.assertEquals(client.get(self.str_uri).status_code, 200)
            self.assertEquals(client.post(self.str_uri).status_code, 200)
            self.assertEquals(client.head(self.str_uri).status_code, 200)
            self.assertEquals(client.options(self.str_uri).status_code, 200)
            self.assertEquals(client.put(self.str_uri).status_code, 200)
            self.assertEquals(client.delete(self.str_uri).status_code, 200)

            self.assertEquals(client.get(self.str_class_uri).status_code, 200)
            self.assertEquals(client.post(self.str_class_uri).status_code, 200)
            self.assertEquals(client.head(self.str_class_uri).status_code, 200)
Пример #2
0
 def test_unused_image_methods(self):
     """
     Tests that the following methods are correctly  
     rejected by the image endpoint
     """
     """
     These fail as disallowed methods, so should return
     405 status codes
     """
     c = Client()
     response = c.get("/api/image")
     self.assertEqual(response.status_code, 405)
     c = Client()
     response = c.put("/api/image", {})
     self.assertEqual(response.status_code, 405)
     c = Client()
     response = c.delete("/api/image")
     self.assertEqual(response.status_code, 405)
     c = Client()
     response = c.options("/api/image")
     self.assertEqual(response.status_code, 405)
     """
     This has bad post syntax, so should return 400
     """
     c = Client()
     response = c.post("/api/image", {})
     self.assertEqual(response.status_code, 400)
     """
Пример #3
0
 def test_requires_get_or_post(self):
     c = Client(enforce_csrf_checks=True)
     with override_settings(DEBUG=False):
         for uri in self.uris:
             self._assertStatusCode(c.get(uri).status_code, 403, uri)
             self._assertStatusCode(c.post(uri).status_code, 403, uri)
             self._assertStatusCode(c.head(uri).status_code, 405, uri)
             self._assertStatusCode(c.options(uri).status_code, 405, uri)
             self._assertStatusCode(c.put(uri).status_code, 405, uri)
             self._assertStatusCode(c.delete(uri).status_code, 405, uri)
Пример #4
0
class TestEnibarImport(TestCase):
    def setUp(self):
        self.client = Client()
        super().setUp()

    def test_note_import_404(self):
        response = self.client.options("/enibar/note/", "{}")
        self.assertEqual(response.status_code, 404)
        response = self.client.put("/enibar/note", "pouet")
        self.assertEqual(response.status_code, 404)

    def test_note_put_403(self):
        response = self.client.put("/enibar/note", '{"id": 1, "nickname": "coucou", "mail": "test@test.fr", "note": 52.2}')
        self.assertEqual(response.status_code, 403)

    def test_note_delete_403(self):
        response = self.client.delete("/enibar/note", '{"id": 2}')
        self.assertEqual(response.status_code, 403)

    def test_import_note_put(self):
        response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "test@test.fr", "note": 52.2}')
        self.assertEqual(response.status_code, 200)
        note = Note.objects.get(foreign_id=1)
        self.assertEqual(note.foreign_id, 1)
        self.assertEqual(note.nickname, "coucou")
        self.assertEqual(note.mail, "test@test.fr")
        self.assertEqual(note.note, Decimal("52.2"))
        response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "test@test.fr", "note": 50.2}')
        self.assertEqual(response.status_code, 200)
        note = Note.objects.get(foreign_id=1)
        self.assertEqual(note.foreign_id, 1)
        self.assertEqual(note.nickname, "coucou")
        self.assertEqual(note.mail, "test@test.fr")
        self.assertEqual(note.note, Decimal("50.2"))

    def test_import_note_delete(self):
        Note.objects.create(foreign_id=2, nickname="toto", mail="coucou@test.fr", note=Decimal("10"))
        response = self.client.delete("/enibar/note", '{"token": "changeme", "id": 2}')
        self.assertEqual(response.status_code, 200)
        with self.assertRaises(Note.DoesNotExist):
            Note.objects.get(foreign_id=2)

    def test_get_note(self):
        Note.objects.create(foreign_id=2, nickname="toto", mail="coucou@test.fr", note=Decimal("10"))
        Note.objects.create(foreign_id=3, nickname="toto2", mail="cou@test.com", note=Decimal("11"))

        response = self.client.get("/enibar/note")
        self.assertEqual(response.json(), [{'note': '10.00', 'nickname': 'toto', 'foreign_id': 2, 'mail': 'coucou@test.fr'}, {'note': '11.00', 'nickname': 'toto2', 'foreign_id': 3, 'mail': 'cou@test.com'}])
        response = self.client.get("/enibar/note", {"foreign_id": 2})
        self.assertEqual(response.json(), [{'mail': 'coucou@test.fr', 'note': '10.00', 'nickname': 'toto', 'foreign_id': 2}])
        response = self.client.get("/enibar/note", {"pouet": 2})
        self.assertEqual(response.status_code, 404)
Пример #5
0
 def test_all_return_statuses_when_debug_true(self):
     c = Client(enforce_csrf_checks=True)
     with override_settings(DEBUG=True):
         for uri in self.uris:
             self._assertStatusCode(c.get(uri).status_code, 200, uri)
             self._assertStatusCode(c.post(uri).status_code, 200, uri)
             self._assertStatusCode(c.head(uri).status_code, 200, uri)
             self._assertStatusCode(c.options(uri).status_code, 200, uri)
             if uri.endswith('class_view/'):
                 self._assertStatusCode(c.put(uri).status_code, 405, uri)
                 self._assertStatusCode(c.delete(uri).status_code, 405, uri)
             else:
                 self._assertStatusCode(c.put(uri).status_code, 200, uri)
                 self._assertStatusCode(c.delete(uri).status_code, 200, uri)
Пример #6
0
 def setUp(self):
     client = Client()
     self.response = client.options('/', {}, **{'HTTP_ORIGIN': 'https://www.example.com/'})
Пример #7
0
class TwilioViewTestCase(TestCase):
    fixtures = ['django_twilio.json']
    urls = 'django_twilio.tests.urls'

    def setUp(self):
        self.client = Client(enforce_csrf_checks=True)
        self.factory = RequestFactory(enforce_csrf_checks=True)

        # Test URIs.
        self.uri = 'http://testserver/tests/decorators'
        self.str_uri = '/tests/decorators/str_view/'
        self.verb_uri = '/tests/decorators/verb_view/'
        self.response_uri = '/tests/decorators/response_view/'

        # Guarantee a value for the required configuration settings after each
        # test case.
        django_twilio_settings.TWILIO_ACCOUNT_SID = 'xxx'
        django_twilio_settings.TWILIO_AUTH_TOKEN = 'xxx'

        # Pre-calculate Twilio signatures for our test views.
        self.response_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
                '%s/response_view/' % self.uri, sha1).digest()).strip()
        self.str_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
                '%s/str_view/' % self.uri, sha1).digest()).strip()
        self.str_signature_with_from_field_normal_caller = encodestring(new(
                django_twilio_settings.TWILIO_AUTH_TOKEN,
                '%s/str_view/From+12222222222' % self.uri,
                sha1).digest()).strip()
        self.str_signature_with_from_field_blacklisted_caller = encodestring(
                new(django_twilio_settings.TWILIO_AUTH_TOKEN,
                '%s/str_view/From+13333333333' % self.uri,
                sha1).digest()).strip()
        self.verb_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
                '%s/verb_view/' % self.uri, sha1).digest()).strip()

    def test_is_csrf_exempt(self):
        self.assertTrue(self.client.post(self.str_uri).csrf_exempt)

    def test_requires_post(self):
        debug_orig = settings.DEBUG
        settings.DEBUG = False
        self.assertEquals(self.client.get(self.str_uri).status_code, 405)
        self.assertEquals(self.client.head(self.str_uri).status_code, 405)
        self.assertEquals(self.client.options(self.str_uri).status_code, 405)
        self.assertEquals(self.client.put(self.str_uri).status_code, 405)
        self.assertEquals(self.client.delete(self.str_uri).status_code, 405)
        settings.DEBUG = True
        self.assertEquals(self.client.get(self.str_uri).status_code, 200)
        self.assertEquals(self.client.head(self.str_uri).status_code, 200)
        self.assertEquals(self.client.options(self.str_uri).status_code, 200)
        self.assertEquals(self.client.put(self.str_uri).status_code, 200)
        self.assertEquals(self.client.delete(self.str_uri).status_code, 200)
        settings.DEBUG = debug_orig

    def test_allows_post(self):
        request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature)
        self.assertEquals(str_view(request).status_code, 200)

    def test_decorator_preserves_metadata(self):
        self.assertEqual(str_view.__name__, 'str_view')

    def test_missing_settings_return_forbidden(self):
        del django_twilio_settings.TWILIO_ACCOUNT_SID
        del django_twilio_settings.TWILIO_AUTH_TOKEN
        debug_orig = settings.DEBUG
        settings.DEBUG = False
        self.assertEquals(self.client.post(self.str_uri).status_code, 403)
        settings.DEBUG = True
        self.assertEquals(self.client.post(self.str_uri).status_code, 200)
        settings.DEBUG = debug_orig

    def test_missing_signature_returns_forbidden(self):
        debug_orig = settings.DEBUG
        settings.DEBUG = False
        self.assertEquals(self.client.post(self.str_uri).status_code, 403)
        settings.DEBUG = True
        self.assertEquals(self.client.post(self.str_uri).status_code, 200)
        settings.DEBUG = debug_orig

    def test_incorrect_signature_returns_forbidden(self):
        debug_orig = settings.DEBUG
        settings.DEBUG = False
        request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE='fakesignature')
        self.assertEquals(str_view(request).status_code, 403)
        settings.DEBUG = True
        self.assertEquals(str_view(request).status_code, 200)
        settings.DEBUG = debug_orig

    def test_no_from_field(self):
        request = self.factory.post(self.str_uri,
                HTTP_X_TWILIO_SIGNATURE=self.str_signature)
        self.assertEquals(str_view(request).status_code, 200)

    def test_from_field_no_caller(self):
        request = self.factory.post(self.str_uri, {'From': '+12222222222'},
                HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_normal_caller)
        self.assertEquals(str_view(request).status_code, 200)

    def test_blacklist_works(self):
        debug_orig = settings.DEBUG
        settings.DEBUG = False
        request = self.factory.post(self.str_uri, {'From': '+13333333333'},
                HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller)
        response = str_view(request)
        r = Response()
        r.reject()
        self.assertEquals(response.content, str(r))
        settings.DEBUG = True
        request = self.factory.post(self.str_uri, {'From': '+13333333333'},
                HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller)
        response = str_view(request)
        r = Response()
        r.reject()
        self.assertEquals(response.content, str(r))
        settings.DEBUG = debug_orig

    def test_decorator_modifies_str(self):
        request = self.factory.post(self.str_uri,
                HTTP_X_TWILIO_SIGNATURE=self.str_signature)
        self.assertTrue(isinstance(str_view(request), HttpResponse))

    def test_decorator_modifies_verb(self):
        request = self.factory.post(self.verb_uri, HTTP_X_TWILIO_SIGNATURE=self.verb_signature)
        self.assertTrue(isinstance(verb_view(request), HttpResponse))

    def test_decorator_preserves_httpresponse(self):
        request = self.factory.post(self.response_uri, HTTP_X_TWILIO_SIGNATURE=self.response_signature)
        self.assertTrue(isinstance(response_view(request), HttpResponse))
class ChallengeTest(TestCase):
    def setUp(self):
        self.client = Client()
        self.user = User.objects.create_user(username="john",
                        email="john.smith@domain.com",
                        challenge="randomstring",
                        encrypted_challenge="encryptedrandomstring")

    def test_get_challenge_invalid_parameters(self):
        response = self.client.get("/challenge/")
        self.assertEqual(response.status_code, 400)

    def test_get_challenge_invalid_username(self):
        response = self.client.get("/challenge/", {"username":"invalidusername"})
        self.assertEqual(response.status_code, 404)

    def test_get_challenge_valid_username(self):
        response = self.client.get("/challenge/", {"username":"john"})
        self.assertEqual(response.status_code, 200)

    def test_get_challenge_valid_json(self):
        response = self.client.get("/challenge/", {"username":"john", 'format':'json'})
        try:
            json.loads(response.content)
        except ValueError:
            self.fail("Bad JSON format")

    def test_get_challenge_invalid_format(self):
        response = self.client.get("/challenge/", {"username":"john", 'format':'invalidformat'})
        self.assertEqual(response.status_code, 400)


    def test_get_challenge_valid_encrypted_challenge(self):
        response = self.client.get("/challenge/", {"username":"john", 'format':'json'})
        try:
            challenge_json = json.loads(response.content)
            self.assertEqual("encrypted_challenge" in challenge_json, True)
            self.assertEqual(challenge_json["encrypted_challenge"], "encryptedrandomstring")
        except ValueError:
            self.fail("Bad JSON format")

    def test_post_challenge_invalid_parameters(self):
        response = self.client.post("/challenge/")
        self.assertEqual(response.status_code, 400)
        response = self.client.post("/challenge/", {"username":"john"})
        self.assertEqual(response.status_code, 400)
        response = self.client.post("/challenge/", {"challenge":"randomstring"})
        self.assertEqual(response.status_code, 400)

    def test_post_challenge_valid_parameters(self):
        response = self.client.post("/challenge/", {"username":"john", "challenge":"randomstring"})
        self.assertEqual(response.status_code, 200)

    def test_get_challenge_valid_json(self):
        response = self.client.post("/challenge/", {"username":"john", "challenge":"randomstring", 'format':'json'})
        try:
            rsa_json = json.loads(response.content)
            self.assertEqual("rsa_public" in rsa_json, True)
        except ValueError:
            self.fail("Bad JSON format")

    def test_post_challenge_invalid_format(self):
        response = self.client.post("/challenge/", {"username":"john", "challenge":"randomstring", "format":"invalidformat"})
        self.assertEqual(response.status_code, 400)

    def test_post_challenge_invalid_credentials(self):
        response = self.client.post("/challenge/", {"username":"john", "challenge":"invalidchallenge"})
        self.assertEqual(response.status_code, 403)

    def test_challenge_invalid_methods(self):
        response = self.client.head("/challenge/")
        self.assertEqual(response.status_code, 405)
        response = self.client.options("/challenge/", {})
        self.assertEqual(response.status_code, 405)
        response = self.client.put("/challenge/", {})
        self.assertEqual(response.status_code, 405)
        response = self.client.delete("/challenge/", {})
        self.assertEqual(response.status_code, 405)