class ViewPermDecoratorCase(TestCase):
def setUp(self):
self.client=Client(enforce_csrf_checks=True)
self.passwd=''.join(random.sample(string.ascii_letters,10))
self.superuser=User.objects.create_superuser(
username='******',
email='*****@*****.**',
password=self.passwd)
self.normaluser=User.objects.create_user(
username='******',
email='*****@*****.**',
password=self.passwd)
self.anonuser=AnonymousUser()
def test_all_methods(self):
methods=('GET','POST','HEAD','PUT','DELETE','OPTIONS','TRACE','PATCH')
self.assertTrue(self.client.login(username='******',password=self.passwd))
self.assertEqual(self.client.get('/test',follow=True).status_code,200)
self.assertEqual(self.client.post('/test',follow=True).status_code,200)
self.assertEqual(self.client.head('/test',follow=True).status_code,200)
self.assertEqual(self.client.put('/test',follow=True).status_code,200)
self.assertEqual(self.client.delete('/test',follow=True).status_code,200)
self.assertEqual(self.client.options('/test',follow=True).status_code,200)
self.assertEqual(self.client.patch('/test',follow=True).status_code,200)
self.assertTrue(self.client.login(username='******',password=self.passwd))
self.assertEqual(self.client.get('/test',follow=True).status_code,403)
self.assertEqual(self.client.post('/test',follow=True).status_code,403)
self.assertEqual(self.client.head('/test',follow=True).status_code,403)
self.assertEqual(self.client.put('/test',follow=True).status_code,403)
self.assertEqual(self.client.delete('/test',follow=True).status_code,403)
self.assertEqual(self.client.options('/test',follow=True).status_code,403)
self.assertEqual(self.client.patch('/test',follow=True).status_code,403)
def test_requires_get_or_post(self):
client = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=False):
self.assertEquals(client.get(self.str_uri).status_code, 403)
self.assertEquals(client.post(self.str_uri).status_code, 403)
self.assertEquals(client.head(self.str_uri).status_code, 405)
self.assertEquals(client.options(self.str_uri).status_code, 405)
self.assertEquals(client.put(self.str_uri).status_code, 405)
self.assertEquals(client.delete(self.str_uri).status_code, 405)
self.assertEquals(client.get(self.str_class_uri).status_code, 403)
self.assertEquals(client.post(self.str_class_uri).status_code, 403)
self.assertEquals(client.head(self.str_class_uri).status_code, 405)
self.assertEquals(client.put(self.str_class_uri).status_code, 405)
self.assertEquals(client.delete(self.str_class_uri).status_code, 405)
with override_settings(DEBUG=True):
self.assertEquals(client.get(self.str_uri).status_code, 200)
self.assertEquals(client.post(self.str_uri).status_code, 200)
self.assertEquals(client.head(self.str_uri).status_code, 200)
self.assertEquals(client.options(self.str_uri).status_code, 200)
self.assertEquals(client.put(self.str_uri).status_code, 200)
self.assertEquals(client.delete(self.str_uri).status_code, 200)
self.assertEquals(client.get(self.str_class_uri).status_code, 200)
self.assertEquals(client.post(self.str_class_uri).status_code, 200)
self.assertEquals(client.head(self.str_class_uri).status_code, 200)
def test_requires_get_or_post(self):
client = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=False):
self.assertEquals(client.get(self.str_uri).status_code, 403)
self.assertEquals(client.post(self.str_uri).status_code, 403)
self.assertEquals(client.head(self.str_uri).status_code, 405)
self.assertEquals(client.options(self.str_uri).status_code, 405)
self.assertEquals(client.put(self.str_uri).status_code, 405)
self.assertEquals(client.delete(self.str_uri).status_code, 405)
self.assertEquals(client.get(self.str_class_uri).status_code, 403)
self.assertEquals(client.post(self.str_class_uri).status_code, 403)
self.assertEquals(client.head(self.str_class_uri).status_code, 405)
self.assertEquals(client.put(self.str_class_uri).status_code, 405)
self.assertEquals(
client.delete(self.str_class_uri).status_code, 405)
with override_settings(DEBUG=True):
self.assertEquals(client.get(self.str_uri).status_code, 200)
self.assertEquals(client.post(self.str_uri).status_code, 200)
self.assertEquals(client.head(self.str_uri).status_code, 200)
self.assertEquals(client.options(self.str_uri).status_code, 200)
self.assertEquals(client.put(self.str_uri).status_code, 200)
self.assertEquals(client.delete(self.str_uri).status_code, 200)
self.assertEquals(client.get(self.str_class_uri).status_code, 200)
self.assertEquals(client.post(self.str_class_uri).status_code, 200)
self.assertEquals(client.head(self.str_class_uri).status_code, 200)
def test_signout(self):
client = Client()
# not get
response = client.options('/api/signout/')
self.assertEqual(response.status_code, 405)
# create test user
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# log in
response = client.post('/api/signin/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# regular signout
self.assertTrue(get_user(client).is_authenticated)
response = client.get('/api/signout/')
self.assertEqual(response.status_code, 204)
self.assertFalse(get_user(client).is_authenticated)
# signout while signed out is an error
response = client.get('/api/signout/')
self.assertEqual(response.status_code, 401)
def test_signin(self):
client = Client()
# not post
response = client.options('/api/signin/')
self.assertEqual(response.status_code, 405)
# bad json
response = client.post('/api/signin/', {'invalid': 'payload'})
self.assertEqual(response.status_code, 400)
# test user
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# incorrect
response = client.post('/api/signin/', {
'username': '******',
'password': '******'
},
content_type='application/json')
self.assertEqual(response.status_code, 401)
self.assertFalse(get_user(client).is_authenticated)
# correct password
response = client.post('/api/signin/', {
'username': '******',
'password': '******'
},
content_type='application/json')
self.assertEqual(response.status_code, 204)
self.assertTrue(get_user(client).is_authenticated)
def test_csrf(self):
client = Client(enforce_csrf_checks=True)
# not get
response = client.options('/api/token/')
self.assertEqual(response.status_code, 405)
# no csrf
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
self.assertEqual(response.status_code, 403)
# add csrf
response = client.get('/api/token/')
self.assertEqual(response.status_code, 204)
csrftoken = response.cookies['csrftoken'].value
# re-request
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json',
HTTP_X_CSRFTOKEN=csrftoken)
self.assertEqual(response.status_code, 201)
def test_unused_image_methods(self):
"""
Tests that the following methods are correctly
rejected by the image endpoint
"""
"""
These fail as disallowed methods, so should return
405 status codes
"""
c = Client()
response = c.get("/api/image")
self.assertEqual(response.status_code, 405)
c = Client()
response = c.put("/api/image", {})
self.assertEqual(response.status_code, 405)
c = Client()
response = c.delete("/api/image")
self.assertEqual(response.status_code, 405)
c = Client()
response = c.options("/api/image")
self.assertEqual(response.status_code, 405)
"""
This has bad post syntax, so should return 400
"""
c = Client()
response = c.post("/api/image", {})
self.assertEqual(response.status_code, 400)
"""
def test_signup(self):
client = Client()
# not post
response = client.options('/api/signup/')
self.assertEqual(response.status_code, 405)
# bad json
response = client.post('/api/signup/', {'invalid': 'payload'})
self.assertEqual(response.status_code, 400)
# normal signup
resposne = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
self.assertEqual(resposne.status_code, 201)
# duplicate user
resposne = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
self.assertEqual(resposne.status_code, 400)
def test_article_comments(self):
client = Client()
# not get,post
response = client.options('/api/article/1/comment/')
self.assertEqual(response.status_code, 405)
# not signed in
response = client.get('/api/article/1/comment/')
self.assertEqual(response.status_code, 403)
# test user
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# log in
response = client.post('/api/signin/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# nonexistent
response = client.get('/api/article/1/comment/')
self.assertEqual(response.status_code, 404)
# test article
response = client.post('/api/article/', {
'title': 'title',
'content': 'content'
},
content_type='application/json')
article = response.json()
# bad json
response = client.post(f'/api/article/{article["id"]}/comment/',
{'invalid': 'payload'})
self.assertEqual(response.status_code, 400)
# create
response = client.post(f'/api/article/{article["id"]}/comment/',
{'content': 'content'},
content_type='application/json')
self.assertEqual(response.status_code, 201)
new_comment = response.json()
self.assertEqual(new_comment['article'], article['id'])
self.assertEqual(new_comment['content'], 'content')
self.assertEqual(new_comment['article'], get_user(client).id)
# retrieve comment
response = client.get(f'/api/article/{article["id"]}/comment/')
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.json()[0], new_comment)
def test_supports_cors(self):
client = Client()
response = client.options('/',
HTTP_ORIGIN='https://example.com/',
secure=True)
self.assertEqual(response.status_code, 200)
self.assertEqual(response['Access-Control-Allow-Origin'], '*')
class BasicAPIPageTest(TestCase):
"""Test the basic views"""
fixtures = ["judge_judy.json", "test_objects_search.json"]
def setUp(self):
self.client = Client()
def test_api_index(self):
r = self.client.get(reverse("api_index"))
self.assertEqual(r.status_code, 200)
def test_swagger_interface(self):
r = self.client.get(reverse("swagger_schema"))
self.assertEqual(r.status_code, 200)
def test_options_request(self):
r = self.client.options(reverse("court_index"))
self.assertEqual(r.status_code, 200)
def test_court_index(self):
r = self.client.get(reverse("court_index"))
self.assertEqual(r.status_code, 200)
def test_rest_docs(self):
r = self.client.get(reverse("rest_docs"))
self.assertEqual(r.status_code, 200)
def test_bulk_data_index(self):
r = self.client.get(reverse("bulk_data_index"))
self.assertEqual(r.status_code, 200)
def test_coverage_api(self):
r = self.client.get(
reverse("coverage_data", kwargs={
"version": 2,
"court": "ca1"
}))
self.assertEqual(r.status_code, 200)
def test_coverage_api_via_url(self):
r = self.client.get("/api/rest/v2/coverage/ca1/")
self.assertEqual(r.status_code, 200)
def test_api_info_page_displays_latest_rest_docs_by_default(self):
response = self.client.get(reverse("rest_docs"))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "rest-docs-vlatest.html")
def test_api_info_page_can_display_different_versions_of_rest_docs(self):
for version in ["v1", "v2"]:
response = self.client.get(
reverse("rest_docs", kwargs={"version": version}))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response,
"rest-docs-%s.html" % (version, ))
header = "REST API – %s" % (version.upper(), )
self.assertContains(response, header)
def test_requires_get_or_post(self):
c = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=False):
for uri in self.uris:
self._assertStatusCode(c.get(uri).status_code, 403, uri)
self._assertStatusCode(c.post(uri).status_code, 403, uri)
self._assertStatusCode(c.head(uri).status_code, 405, uri)
self._assertStatusCode(c.options(uri).status_code, 405, uri)
self._assertStatusCode(c.put(uri).status_code, 405, uri)
self._assertStatusCode(c.delete(uri).status_code, 405, uri)
def test_requires_get_or_post(self):
c = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=False):
for uri in self.uris:
self._assertStatusCode(c.get(uri).status_code, 403, uri)
self._assertStatusCode(c.post(uri).status_code, 403, uri)
self._assertStatusCode(c.head(uri).status_code, 405, uri)
self._assertStatusCode(c.options(uri).status_code, 405, uri)
self._assertStatusCode(c.put(uri).status_code, 405, uri)
self._assertStatusCode(c.delete(uri).status_code, 405, uri)
class TestEnibarImport(TestCase):
def setUp(self):
self.client = Client()
super().setUp()
def test_note_import_404(self):
response = self.client.options("/enibar/note/", "{}")
self.assertEqual(response.status_code, 404)
response = self.client.put("/enibar/note", "pouet")
self.assertEqual(response.status_code, 404)
def test_note_put_403(self):
response = self.client.put("/enibar/note", '{"id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 52.2}')
self.assertEqual(response.status_code, 403)
def test_note_delete_403(self):
response = self.client.delete("/enibar/note", '{"id": 2}')
self.assertEqual(response.status_code, 403)
def test_import_note_put(self):
response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 52.2}')
self.assertEqual(response.status_code, 200)
note = Note.objects.get(foreign_id=1)
self.assertEqual(note.foreign_id, 1)
self.assertEqual(note.nickname, "coucou")
self.assertEqual(note.mail, "*****@*****.**")
self.assertEqual(note.note, Decimal("52.2"))
response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 50.2}')
self.assertEqual(response.status_code, 200)
note = Note.objects.get(foreign_id=1)
self.assertEqual(note.foreign_id, 1)
self.assertEqual(note.nickname, "coucou")
self.assertEqual(note.mail, "*****@*****.**")
self.assertEqual(note.note, Decimal("50.2"))
def test_import_note_delete(self):
Note.objects.create(foreign_id=2, nickname="toto", mail="*****@*****.**", note=Decimal("10"))
response = self.client.delete("/enibar/note", '{"token": "changeme", "id": 2}')
self.assertEqual(response.status_code, 200)
with self.assertRaises(Note.DoesNotExist):
Note.objects.get(foreign_id=2)
def test_get_note(self):
Note.objects.create(foreign_id=2, nickname="toto", mail="*****@*****.**", note=Decimal("10"))
Note.objects.create(foreign_id=3, nickname="toto2", mail="*****@*****.**", note=Decimal("11"))
response = self.client.get("/enibar/note")
self.assertEqual(response.json(), [{'note': '10.00', 'nickname': 'toto', 'foreign_id': 2, 'mail': '*****@*****.**'}, {'note': '11.00', 'nickname': 'toto2', 'foreign_id': 3, 'mail': '*****@*****.**'}])
response = self.client.get("/enibar/note", {"foreign_id": 2})
self.assertEqual(response.json(), [{'mail': '*****@*****.**', 'note': '10.00', 'nickname': 'toto', 'foreign_id': 2}])
response = self.client.get("/enibar/note", {"pouet": 2})
self.assertEqual(response.status_code, 404)
def test_all_return_statuses_when_debug_true(self):
c = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=True):
for uri in self.uris:
self._assertStatusCode(c.get(uri).status_code, 200, uri)
self._assertStatusCode(c.post(uri).status_code, 200, uri)
self._assertStatusCode(c.head(uri).status_code, 200, uri)
self._assertStatusCode(c.options(uri).status_code, 200, uri)
if uri.endswith('class_view/'):
self._assertStatusCode(c.put(uri).status_code, 405, uri)
self._assertStatusCode(c.delete(uri).status_code, 405, uri)
else:
self._assertStatusCode(c.put(uri).status_code, 200, uri)
self._assertStatusCode(c.delete(uri).status_code, 200, uri)
def test_all_return_statuses_when_debug_true(self):
c = Client(enforce_csrf_checks=True)
with override_settings(DEBUG=True):
for uri in self.uris:
self._assertStatusCode(c.get(uri).status_code, 200, uri)
self._assertStatusCode(c.post(uri).status_code, 200, uri)
self._assertStatusCode(c.head(uri).status_code, 200, uri)
self._assertStatusCode(c.options(uri).status_code, 200, uri)
if uri.endswith('class_view/'):
self._assertStatusCode(c.put(uri).status_code, 405, uri)
self._assertStatusCode(c.delete(uri).status_code, 405, uri)
else:
self._assertStatusCode(c.put(uri).status_code, 200, uri)
self._assertStatusCode(c.delete(uri).status_code, 200, uri)
def test_comments(self):
client = Client()
# not get, put, delete
response = client.options('/api/comment/1/')
self.assertEqual(response.status_code, 405)
# not signed in
response = client.get('/api/comment/1/')
self.assertEqual(response.status_code, 403)
# test user
response = client.post('/api/signup/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# log in
response = client.post('/api/signin/', {
'username': '******',
'password': '******'
},
content_type='application/json')
# nonexistent
response = client.get('/api/comment/1/')
self.assertEqual(response.status_code, 404)
# test article
response = client.post('/api/article/', {
'title': 'title',
'content': 'content'
},
content_type='application/json')
article = response.json()
# test comment
response = client.post(f'/api/article/{article["id"]}/comment/',
{'content': 'content'},
content_type='application/json')
comment = response.json()
# retrieve comments
response = client.get(f'/api/comment/{comment["id"]}/')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), comment)
def send_options(self, user_string="user_1", do_auth=True, enforce_csrf_checks=False, *args, **kwargs):
"""
Send an OPTIONS request to the configured URL endpoint on behalf of the given user.
:param user_string: The user to send the request as.
:param do_auth: Whether or not to log the user in if the view requires authentication.
:param enforce_csrf_checks: Whether or not to enforce CSRF checks in the HTTP client.
:param args: Positional arguments for client.options.
:param kwargs: Keyword arguments for client.options.
:return: The HTTP response.
"""
client = Client(enforce_csrf_checks=enforce_csrf_checks)
if self.requires_auth and do_auth:
user = SaFaker.get_user(user_string)
client.force_login(user)
return client.options(
self.get_url_path(user=user_string),
*args,
**kwargs
)
class ZipContentTestCase(TestCase):
"""
Testcase for zipcontent endpoint
"""
index_name = "index.html"
index_str = "<html></html>"
other_name = "other.html"
other_str = "<html><head></head></html>"
script_name = "script.html"
script_str = "<html><head><script>test</script></head></html>"
async_script_name = "async_script.html"
async_script_str = (
'<html><head><script async src="url/url.js"></script></head></html>')
empty_html_name = "empty.html"
empty_html_str = ""
test_name_1 = "testfile1.txt"
test_str_1 = "This is a test!"
test_name_2 = "testfile2.txt"
test_str_2 = "And another test..."
test_name_3 = "testfile3.json"
test_str_3 = "A test of image placeholder replacement ${placeholder}".format(
placeholder=exercises.IMG_PLACEHOLDER)
def setUp(self):
self.client = Client()
provision_device()
self.hash = hashlib.md5("DUMMYDATA".encode()).hexdigest()
self.extension = "zip"
self.filename = "{}.{}".format(self.hash, self.extension)
self.zip_path = get_content_storage_file_path(self.filename)
zip_path_dir = os.path.dirname(self.zip_path)
if not os.path.exists(zip_path_dir):
os.makedirs(zip_path_dir)
with zipfile.ZipFile(self.zip_path, "w") as zf:
zf.writestr(self.index_name, self.index_str)
zf.writestr(self.other_name, self.other_str)
zf.writestr(self.script_name, self.script_str)
zf.writestr(self.async_script_name, self.async_script_str)
zf.writestr(self.empty_html_name, self.empty_html_str)
zf.writestr(self.test_name_1, self.test_str_1)
zf.writestr(self.test_name_2, self.test_str_2)
zf.writestr(self.test_name_3, self.test_str_3)
self.zip_file_obj = LocalFile(id=self.hash,
extension=self.extension,
available=True)
self.zip_file_base_url = self.zip_file_obj.get_storage_url()
def test_zip_file_url_reversal(self, filename_patch):
file = LocalFile(id=self.hash,
extension=self.extension,
available=True)
self.assertEqual(file.get_storage_url(),
"/zipcontent/{}/".format(self.filename))
def test_non_zip_file_url_reversal(self, filename_patch):
file = LocalFile(id=self.hash,
extension="otherextension",
available=True)
filename = file.get_filename()
self.assertEqual(
file.get_storage_url(),
"/content/storage/{}/{}/{}".format(filename[0], filename[1],
filename),
)
def test_zip_file_internal_file_access(self, filename_patch):
# test reading the data from file #1 inside the zip
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(
next(response.streaming_content).decode(), self.test_str_1)
# test reading the data from file #2 inside the zip
response = self.client.get(self.zip_file_base_url + self.test_name_2)
self.assertEqual(
next(response.streaming_content).decode(), self.test_str_2)
def test_nonexistent_zip_file_access(self, filename_patch):
bad_base_url = self.zip_file_base_url.replace(
self.zip_file_base_url[20:25], "aaaaa")
response = self.client.get(bad_base_url + self.test_name_1)
self.assertEqual(response.status_code, 404)
def test_zip_file_nonexistent_internal_file_access(self, filename_patch):
response = self.client.get(self.zip_file_base_url + "qqq" +
self.test_name_1)
self.assertEqual(response.status_code, 404)
def test_non_allowed_file_internal_file_access(self, filename_patch):
response = self.client.get(
self.zip_file_base_url.replace("zip", "png") + self.test_name_1)
self.assertEqual(response.status_code, 404)
def test_not_modified_response_when_if_modified_since_header_set(
self, filename_patch):
caching_client = Client(
HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT")
response = caching_client.get(self.zip_file_base_url +
self.test_name_1)
self.assertEqual(response.status_code, 304)
def test_content_security_policy_header(self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(
response.get("Content-Security-Policy"),
"default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://testserver",
)
def test_content_security_policy_header_http_referer(self, filename_patch):
response = self.client.get(
self.zip_file_base_url + self.test_name_1,
HTTP_REFERER=
"http://testserver:1234/iam/a/real/path/#thatsomeonemightuse",
)
self.assertEqual(
response.get("Content-Security-Policy"),
"default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://testserver:1234",
)
def test_access_control_allow_origin_header(self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("Access-Control-Allow-Origin"), "*")
response = self.client.options(self.zip_file_base_url +
self.test_name_1)
self.assertEqual(response.get("Access-Control-Allow-Origin"), "*")
def test_x_frame_options_header(self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("X-Frame-Options", ""), "")
def test_access_control_allow_headers(self, filename_patch):
headerval = "X-Penguin-Dance-Party"
response = self.client.options(
self.zip_file_base_url + self.test_name_1,
HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval,
)
self.assertEqual(response.get("Access-Control-Allow-Headers", ""),
headerval)
response = self.client.get(
self.zip_file_base_url + self.test_name_1,
HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval,
)
self.assertEqual(response.get("Access-Control-Allow-Headers", ""),
headerval)
def test_json_image_replacement_http_referer_header(self, filename_patch):
server_name = "http://testserver"
response = self.client.get(self.zip_file_base_url + self.test_name_3,
HTTP_REFERER=server_name)
self.assertEqual(
response.content.decode("utf-8"),
self.test_str_3.replace(
"$" + exercises.IMG_PLACEHOLDER,
(server_name.replace("http:", "") + self.zip_file_base_url),
).strip("/"),
)
def test_json_image_replacement_no_http_referer_header(
self, filename_patch):
server_name = "http://testserver"
response = self.client.get(self.zip_file_base_url + self.test_name_3)
self.assertEqual(
response.content.decode("utf-8"),
self.test_str_3.replace(
"$" + exercises.IMG_PLACEHOLDER,
(server_name.replace("http:", "") + self.zip_file_base_url),
).strip("/"),
)
def test_request_for_html_no_head_return_hashi_modified_html(
self, filename_patch):
response = self.client.get(self.zip_file_base_url)
content = '<html><head></head><body><script src="/static/content/hashi123.js"></script></body></html>'
self.assertEqual(response.content.decode("utf-8"), content)
def test_request_for_html_body_no_script_return_hashi_modified_html(
self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.other_name)
self.assertEqual(response.content.decode("utf-8"), empty_content)
def test_request_for_html_body_script_return_hashi_modified_html(
self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.script_name)
content = (
'<html><head><template hashi-script="true"><script>test</script></template></head>'
+
'<body><script src="/static/content/hashi123.js"></script></body></html>'
)
self.assertEqual(response.content.decode("utf-8"), content)
def test_request_for_html_body_script_return_correct_length_header(
self, filename_patch):
response = self.client.get(self.zip_file_base_url + self.script_name)
file_size = len(
'<html><head><template hashi-script="true"><script>test</script></template></head>'
+
'<body><script src="/static/content/hashi123.js"></script></body></html>'
)
self.assertEqual(int(response["Content-Length"]), file_size)
def test_request_for_html_body_async_script_return_hashi_modified_html(
self, filename_patch):
response = self.client.get(self.zip_file_base_url +
self.async_script_name)
soup = BeautifulSoup(response.content, "html.parser")
template = soup.find("template")
self.assertEqual(template.attrs["async"], "true")
def test_request_for_html_empty_html_no_modification(self, filename_patch):
response = self.client.get(self.zip_file_base_url +
self.empty_html_name)
self.assertEqual(response.content.decode("utf-8"), empty_content)
def test_not_modified_response_when_if_modified_since_header_set_index_file(
self, filename_patch):
caching_client = Client(
HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT")
response = caching_client.get(self.zip_file_base_url)
self.assertEqual(response.status_code, 304)
def test_not_modified_response_when_if_modified_since_header_set_other_html_file(
self, filename_patch):
caching_client = Client(
HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT")
response = caching_client.get(self.zip_file_base_url + self.other_name)
self.assertEqual(response.status_code, 304)
def test_cors(self):
c = Client()
resp = c.options('/api/v1/events/')
self.assertTrue(resp.has_header('access-control-allow-headers'))
self.assertTrue(resp.get('access-control-allow-origin', '*'))
class RegisterTestCase(TestCase):
def setUp(self):
self.client = Client()
def test_success_register(self):
response = self.client.post(
r'/account/register', {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': '1234',
'first_name': 'john',
'last_name': 'doe',
})
self.assertEquals(response.status_code, status.HTTP_200_OK)
def test_user_already_exists(self):
self.client.post(
r'/account/register', {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': '1234',
'first_name': 'john',
'last_name': 'doe',
})
response = self.client.post(
r'/account/register', {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': '1234',
'first_name': 'john',
'last_name': 'doe',
})
self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertJSONEqual(str(response.content, encoding='utf-8'),
{'username': ['User john_doe1 already exists']})
def test_invalid_email(self):
response = self.client.post(
r'/account/register', {
'username': '******',
'email': 'not_valid_email',
'password': '******',
'password2': '1234',
'first_name': 'john',
'last_name': 'doe',
})
self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertJSONEqual(str(response.content, encoding='utf-8'),
{'email': ['Enter a valid email address.']})
def test_different_passwords(self):
response = self.client.post(
r'/account/register', {
'username': '******',
'email': 'not_valid_email',
'password': '******',
'password2': '12345',
'first_name': 'john',
'last_name': 'doe',
})
self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertJSONEqual(str(response.content, encoding='utf-8'),
{'email': ['Enter a valid email address.']})
def test_empty_fields(self):
response = self.client.post(r'/account/register')
self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertJSONEqual(
str(response.content, encoding='utf-8'), {
'email': ['This field is required.'],
'first_name': ['This field is required.'],
'last_name': ['This field is required.'],
'password': ['This field is required.'],
'password2': ['This field is required.'],
'username': ['This field is required.'],
})
def test_only_post_allowed(self):
response = self.client.get('/account/register')
self.assertEquals(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
response = self.client.delete('/account/register')
self.assertEquals(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
response = self.client.put('/account/register')
self.assertEquals(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
response = self.client.head('/account/register')
self.assertEquals(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
response = self.client.options('/account/register')
self.assertEquals(response.status_code, status.HTTP_401_UNAUTHORIZED)
response = self.client.trace('/account/register')
self.assertEquals(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
class TwilioViewTestCase(TestCase):
fixtures = ['django_twilio.json']
urls = 'django_twilio.tests.urls'
def setUp(self):
self.client = Client(enforce_csrf_checks=True)
self.factory = RequestFactory(enforce_csrf_checks=True)
# Test URIs.
self.uri = 'http://testserver/tests/decorators'
self.str_uri = '/tests/decorators/str_view/'
self.verb_uri = '/tests/decorators/verb_view/'
self.response_uri = '/tests/decorators/response_view/'
# Guarantee a value for the required configuration settings after each
# test case.
django_twilio_settings.TWILIO_ACCOUNT_SID = 'xxx'
django_twilio_settings.TWILIO_AUTH_TOKEN = 'xxx'
# Pre-calculate Twilio signatures for our test views.
self.response_signature = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/response_view/' % self.uri, sha1).digest()).strip()
self.str_signature = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/' % self.uri, sha1).digest()).strip()
self.sig_with_from_field_normal_caller = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/From+12222222222' % self.uri,
sha1).digest()).strip()
self.sig_with_from_field_blacklisted_caller = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/From+13333333333' % self.uri,
sha1).digest()).strip()
self.verb_signature = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/verb_view/' % self.uri, sha1).digest()).strip()
def test_requires_post(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.get(self.str_uri).status_code, 405)
self.assertEquals(self.client.head(self.str_uri).status_code, 405)
self.assertEquals(self.client.options(self.str_uri).status_code, 405)
self.assertEquals(self.client.put(self.str_uri).status_code, 405)
self.assertEquals(self.client.delete(self.str_uri).status_code, 405)
settings.DEBUG = True
self.assertEquals(self.client.get(self.str_uri).status_code, 200)
self.assertEquals(self.client.head(self.str_uri).status_code, 200)
self.assertEquals(self.client.options(self.str_uri).status_code, 200)
self.assertEquals(self.client.put(self.str_uri).status_code, 200)
self.assertEquals(self.client.delete(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_allows_post(self):
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertEquals(str_view(request).status_code, 200)
def test_decorator_preserves_metadata(self):
self.assertEqual(str_view.__name__, 'str_view')
def test_missing_settings_return_forbidden(self):
del django_twilio_settings.TWILIO_ACCOUNT_SID
del django_twilio_settings.TWILIO_AUTH_TOKEN
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.post(self.str_uri).status_code, 403)
settings.DEBUG = True
self.assertEquals(self.client.post(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_missing_signature_returns_forbidden(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.post(self.str_uri).status_code, 403)
settings.DEBUG = True
self.assertEquals(self.client.post(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_incorrect_signature_returns_forbidden(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE='fakesignature')
self.assertEquals(str_view(request).status_code, 403)
settings.DEBUG = True
self.assertEquals(str_view(request).status_code, 200)
settings.DEBUG = debug_orig
def test_no_from_field(self):
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertEquals(str_view(request).status_code, 200)
def test_from_field_no_caller(self):
request = self.factory.post(
self.str_uri, {'From': '+12222222222'},
HTTP_X_TWILIO_SIGNATURE=self.sig_with_from_field_normal_caller)
self.assertEquals(str_view(request).status_code, 200)
def test_blacklist_works(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
request = self.factory.post(self.str_uri, {'From': '+13333333333'},
HTTP_X_TWILIO_SIGNATURE=self.
sig_with_from_field_blacklisted_caller)
response = str_view(request)
r = Response()
r.reject()
self.assertEquals(response.content, str(r))
settings.DEBUG = True
request = self.factory.post(self.str_uri, {'From': '+13333333333'},
HTTP_X_TWILIO_SIGNATURE=self.
sig_with_from_field_blacklisted_caller)
response = str_view(request)
r = Response()
r.reject()
self.assertEquals(response.content, str(r))
settings.DEBUG = debug_orig
def test_decorator_modifies_str(self):
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertTrue(isinstance(str_view(request), HttpResponse))
def test_decorator_modifies_verb(self):
request = self.factory.post(
self.verb_uri, HTTP_X_TWILIO_SIGNATURE=self.verb_signature)
self.assertTrue(isinstance(verb_view(request), HttpResponse))
def test_decorator_preserves_httpresponse(self):
request = self.factory.post(
self.response_uri, HTTP_X_TWILIO_SIGNATURE=self.response_signature)
self.assertTrue(isinstance(response_view(request), HttpResponse))
def test_override_forgery_protection_off_debug_off(self):
with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=False,
DEBUG=False):
request = self.factory.post(self.str_uri)
self.assertEquals(str_view(request).status_code, 200)
def test_override_forgery_protection_off_debug_on(self):
with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=False,
DEBUG=True):
request = self.factory.post(self.str_uri)
self.assertEquals(str_view(request).status_code, 200)
def test_override_forgery_protection_on_debug_off(self):
with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=True,
DEBUG=False):
request = self.factory.post(self.str_uri)
self.assertEquals(str_view(request).status_code, 403)
def test_override_forgery_protection_on_debug_on(self):
with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=True,
DEBUG=True):
request = self.factory.post(self.str_uri)
self.assertEquals(str_view(request).status_code, 403)
def setUp(self):
client = Client()
self.response = client.options('/', {}, **{'HTTP_ORIGIN': 'https://www.example.com/'})
class ChallengeTest(TestCase):
def setUp(self):
self.client = Client()
self.user = User.objects.create_user(username="******",
email="*****@*****.**",
challenge="randomstring",
encrypted_challenge="encryptedrandomstring")
def test_get_challenge_invalid_parameters(self):
response = self.client.get("/challenge/")
self.assertEqual(response.status_code, 400)
def test_get_challenge_invalid_username(self):
response = self.client.get("/challenge/", {"username":"******"})
self.assertEqual(response.status_code, 404)
def test_get_challenge_valid_username(self):
response = self.client.get("/challenge/", {"username":"******"})
self.assertEqual(response.status_code, 200)
def test_get_challenge_valid_json(self):
response = self.client.get("/challenge/", {"username":"******", 'format':'json'})
try:
json.loads(response.content)
except ValueError:
self.fail("Bad JSON format")
def test_get_challenge_invalid_format(self):
response = self.client.get("/challenge/", {"username":"******", 'format':'invalidformat'})
self.assertEqual(response.status_code, 400)
def test_get_challenge_valid_encrypted_challenge(self):
response = self.client.get("/challenge/", {"username":"******", 'format':'json'})
try:
challenge_json = json.loads(response.content)
self.assertEqual("encrypted_challenge" in challenge_json, True)
self.assertEqual(challenge_json["encrypted_challenge"], "encryptedrandomstring")
except ValueError:
self.fail("Bad JSON format")
def test_post_challenge_invalid_parameters(self):
response = self.client.post("/challenge/")
self.assertEqual(response.status_code, 400)
response = self.client.post("/challenge/", {"username":"******"})
self.assertEqual(response.status_code, 400)
response = self.client.post("/challenge/", {"challenge":"randomstring"})
self.assertEqual(response.status_code, 400)
def test_post_challenge_valid_parameters(self):
response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring"})
self.assertEqual(response.status_code, 200)
def test_get_challenge_valid_json(self):
response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring", 'format':'json'})
try:
rsa_json = json.loads(response.content)
self.assertEqual("rsa_public" in rsa_json, True)
except ValueError:
self.fail("Bad JSON format")
def test_post_challenge_invalid_format(self):
response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring", "format":"invalidformat"})
self.assertEqual(response.status_code, 400)
def test_post_challenge_invalid_credentials(self):
response = self.client.post("/challenge/", {"username":"******", "challenge":"invalidchallenge"})
self.assertEqual(response.status_code, 403)
def test_challenge_invalid_methods(self):
response = self.client.head("/challenge/")
self.assertEqual(response.status_code, 405)
response = self.client.options("/challenge/", {})
self.assertEqual(response.status_code, 405)
response = self.client.put("/challenge/", {})
self.assertEqual(response.status_code, 405)
response = self.client.delete("/challenge/", {})
self.assertEqual(response.status_code, 405)
class ZipContentTestCase(TestCase):
"""
Testcase for zipcontent endpoint
"""
test_name_1 = "testfile1.txt"
test_str_1 = "This is a test!"
test_name_2 = "testfile2.txt"
test_str_2 = "And another test..."
def setUp(self):
self.client = Client()
provision_device()
self.hash = hashlib.md5("DUMMYDATA".encode()).hexdigest()
self.extension = "zip"
self.filename = "{}.{}".format(self.hash, self.extension)
self.zip_path = get_content_storage_file_path(self.filename)
zip_path_dir = os.path.dirname(self.zip_path)
if not os.path.exists(zip_path_dir):
os.makedirs(zip_path_dir)
with zipfile.ZipFile(self.zip_path, "w") as zf:
zf.writestr(self.test_name_1, self.test_str_1)
zf.writestr(self.test_name_2, self.test_str_2)
self.zip_file_obj = LocalFile(id=self.hash, extension=self.extension, available=True)
self.zip_file_base_url = self.zip_file_obj.get_storage_url()
def test_zip_file_url_reversal(self):
file = LocalFile(id=self.hash, extension=self.extension, available=True)
self.assertEqual(file.get_storage_url(), "/zipcontent/{}/".format(self.filename))
def test_non_zip_file_url_reversal(self):
file = LocalFile(id=self.hash, extension="otherextension", available=True)
filename = file.get_filename()
self.assertEqual(file.get_storage_url(), "/content/storage/{}/{}/{}".format(filename[0], filename[1], filename))
def test_zip_file_internal_file_access(self):
# test reading the data from file #1 inside the zip
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(next(response.streaming_content).decode(), self.test_str_1)
# test reading the data from file #2 inside the zip
response = self.client.get(self.zip_file_base_url + self.test_name_2)
self.assertEqual(next(response.streaming_content).decode(), self.test_str_2)
def test_nonexistent_zip_file_access(self):
bad_base_url = self.zip_file_base_url.replace(self.zip_file_base_url[20:25], "aaaaa")
response = self.client.get(bad_base_url + self.test_name_1)
self.assertEqual(response.status_code, 404)
def test_zip_file_nonexistent_internal_file_access(self):
response = self.client.get(self.zip_file_base_url + "qqq" + self.test_name_1)
self.assertEqual(response.status_code, 404)
def test_not_modified_response_when_if_modified_since_header_set(self):
caching_client = Client(HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT")
response = caching_client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.status_code, 304)
def test_content_security_policy_header(self):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("Content-Security-Policy"), "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://testserver")
def test_access_control_allow_origin_header(self):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("Access-Control-Allow-Origin"), "*")
response = self.client.options(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("Access-Control-Allow-Origin"), "*")
def test_x_frame_options_header(self):
response = self.client.get(self.zip_file_base_url + self.test_name_1)
self.assertEqual(response.get("X-Frame-Options", ""), "")
def test_access_control_allow_headers(self):
headerval = "X-Penguin-Dance-Party"
response = self.client.options(self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval)
self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval)
response = self.client.get(self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval)
self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval)
def setUp(self):
client = Client()
self.response = client.options(
'/', {}, **{'HTTP_ORIGIN': 'https://www.example.com/'})
class TwilioViewTestCase(TestCase):
fixtures = ['django_twilio.json']
urls = 'django_twilio.tests.urls'
def setUp(self):
self.client = Client(enforce_csrf_checks=True)
self.factory = RequestFactory(enforce_csrf_checks=True)
# Test URIs.
self.uri = 'http://testserver/tests/decorators'
self.str_uri = '/tests/decorators/str_view/'
self.verb_uri = '/tests/decorators/verb_view/'
self.response_uri = '/tests/decorators/response_view/'
# Guarantee a value for the required configuration settings after each
# test case.
django_twilio_settings.TWILIO_ACCOUNT_SID = 'xxx'
django_twilio_settings.TWILIO_AUTH_TOKEN = 'xxx'
# Pre-calculate Twilio signatures for our test views.
self.response_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/response_view/' % self.uri, sha1).digest()).strip()
self.str_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/' % self.uri, sha1).digest()).strip()
self.str_signature_with_from_field_normal_caller = encodestring(new(
django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/From+12222222222' % self.uri,
sha1).digest()).strip()
self.str_signature_with_from_field_blacklisted_caller = encodestring(
new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/str_view/From+13333333333' % self.uri,
sha1).digest()).strip()
self.verb_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN,
'%s/verb_view/' % self.uri, sha1).digest()).strip()
def test_is_csrf_exempt(self):
self.assertTrue(self.client.post(self.str_uri).csrf_exempt)
def test_requires_post(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.get(self.str_uri).status_code, 405)
self.assertEquals(self.client.head(self.str_uri).status_code, 405)
self.assertEquals(self.client.options(self.str_uri).status_code, 405)
self.assertEquals(self.client.put(self.str_uri).status_code, 405)
self.assertEquals(self.client.delete(self.str_uri).status_code, 405)
settings.DEBUG = True
self.assertEquals(self.client.get(self.str_uri).status_code, 200)
self.assertEquals(self.client.head(self.str_uri).status_code, 200)
self.assertEquals(self.client.options(self.str_uri).status_code, 200)
self.assertEquals(self.client.put(self.str_uri).status_code, 200)
self.assertEquals(self.client.delete(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_allows_post(self):
request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertEquals(str_view(request).status_code, 200)
def test_decorator_preserves_metadata(self):
self.assertEqual(str_view.__name__, 'str_view')
def test_missing_settings_return_forbidden(self):
del django_twilio_settings.TWILIO_ACCOUNT_SID
del django_twilio_settings.TWILIO_AUTH_TOKEN
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.post(self.str_uri).status_code, 403)
settings.DEBUG = True
self.assertEquals(self.client.post(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_missing_signature_returns_forbidden(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
self.assertEquals(self.client.post(self.str_uri).status_code, 403)
settings.DEBUG = True
self.assertEquals(self.client.post(self.str_uri).status_code, 200)
settings.DEBUG = debug_orig
def test_incorrect_signature_returns_forbidden(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE='fakesignature')
self.assertEquals(str_view(request).status_code, 403)
settings.DEBUG = True
self.assertEquals(str_view(request).status_code, 200)
settings.DEBUG = debug_orig
def test_no_from_field(self):
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertEquals(str_view(request).status_code, 200)
def test_from_field_no_caller(self):
request = self.factory.post(self.str_uri, {'From': '+12222222222'},
HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_normal_caller)
self.assertEquals(str_view(request).status_code, 200)
def test_blacklist_works(self):
debug_orig = settings.DEBUG
settings.DEBUG = False
request = self.factory.post(self.str_uri, {'From': '+13333333333'},
HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller)
response = str_view(request)
r = Response()
r.reject()
self.assertEquals(response.content, str(r))
settings.DEBUG = True
request = self.factory.post(self.str_uri, {'From': '+13333333333'},
HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller)
response = str_view(request)
r = Response()
r.reject()
self.assertEquals(response.content, str(r))
settings.DEBUG = debug_orig
def test_decorator_modifies_str(self):
request = self.factory.post(self.str_uri,
HTTP_X_TWILIO_SIGNATURE=self.str_signature)
self.assertTrue(isinstance(str_view(request), HttpResponse))
def test_decorator_modifies_verb(self):
request = self.factory.post(self.verb_uri, HTTP_X_TWILIO_SIGNATURE=self.verb_signature)
self.assertTrue(isinstance(verb_view(request), HttpResponse))
def test_decorator_preserves_httpresponse(self):
request = self.factory.post(self.response_uri, HTTP_X_TWILIO_SIGNATURE=self.response_signature)
self.assertTrue(isinstance(response_view(request), HttpResponse))
class ChallengeTest(TestCase):
def setUp(self):
self.client = Client()
self.user = User.objects.create_user(
username="******",
email="*****@*****.**",
challenge="randomstring",
encrypted_challenge="encryptedrandomstring")
def test_get_challenge_invalid_parameters(self):
response = self.client.get("/challenge/")
self.assertEqual(response.status_code, 400)
def test_get_challenge_invalid_username(self):
response = self.client.get("/challenge/",
{"username": "******"})
self.assertEqual(response.status_code, 404)
def test_get_challenge_valid_username(self):
response = self.client.get("/challenge/", {"username": "******"})
self.assertEqual(response.status_code, 200)
def test_get_challenge_valid_json(self):
response = self.client.get("/challenge/", {
"username": "******",
'format': 'json'
})
try:
json.loads(response.content)
except ValueError:
self.fail("Bad JSON format")
def test_get_challenge_invalid_format(self):
response = self.client.get("/challenge/", {
"username": "******",
'format': 'invalidformat'
})
self.assertEqual(response.status_code, 400)
def test_get_challenge_valid_encrypted_challenge(self):
response = self.client.get("/challenge/", {
"username": "******",
'format': 'json'
})
try:
challenge_json = json.loads(response.content)
self.assertEqual("encrypted_challenge" in challenge_json, True)
self.assertEqual(challenge_json["encrypted_challenge"],
"encryptedrandomstring")
except ValueError:
self.fail("Bad JSON format")
def test_post_challenge_invalid_parameters(self):
response = self.client.post("/challenge/")
self.assertEqual(response.status_code, 400)
response = self.client.post("/challenge/", {"username": "******"})
self.assertEqual(response.status_code, 400)
response = self.client.post("/challenge/",
{"challenge": "randomstring"})
self.assertEqual(response.status_code, 400)
def test_post_challenge_valid_parameters(self):
response = self.client.post("/challenge/", {
"username": "******",
"challenge": "randomstring"
})
self.assertEqual(response.status_code, 200)
def test_get_challenge_valid_json(self):
response = self.client.post("/challenge/", {
"username": "******",
"challenge": "randomstring",
'format': 'json'
})
try:
rsa_json = json.loads(response.content)
self.assertEqual("rsa_public" in rsa_json, True)
except ValueError:
self.fail("Bad JSON format")
def test_post_challenge_invalid_format(self):
response = self.client.post(
"/challenge/", {
"username": "******",
"challenge": "randomstring",
"format": "invalidformat"
})
self.assertEqual(response.status_code, 400)
def test_post_challenge_invalid_credentials(self):
response = self.client.post("/challenge/", {
"username": "******",
"challenge": "invalidchallenge"
})
self.assertEqual(response.status_code, 403)
def test_challenge_invalid_methods(self):
response = self.client.head("/challenge/")
self.assertEqual(response.status_code, 405)
response = self.client.options("/challenge/", {})
self.assertEqual(response.status_code, 405)
response = self.client.put("/challenge/", {})
self.assertEqual(response.status_code, 405)
response = self.client.delete("/challenge/", {})
self.assertEqual(response.status_code, 405)
