def test_sanity_csp(debug): # If DEBUG == True, the django-csp middleware is present, and Persona isn't # allowed by CSP, log a debug message warning about it. # Test if allowed properly. with patch_settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=['https://login.persona.org'], CSP_FRAME_SRC=['https://login.persona.org']): verify('post', assertion='asdf') debug.called = False debug.reset_mock() # Test fallback to default-src. with patch_settings(CSP_DEFAULT_SRC=['https://login.persona.org'], CSP_SCRIPT_SRC=[], CSP_FRAME_SRC=[]): verify('post', assertion='asdf') debug.called = False debug.reset_mock() # Test incorrect csp. with patch_settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=[], CSP_FRAME_SRC=[]): verify('post', assertion='asdf') debug.called = True debug.reset_mock() # Test partial incorrectness. with patch_settings(CSP_DEFAULT_SRC=[], CSP_SCRIPT_SRC=['https://login.persona.org'], CSP_FRAME_SRC=[]): verify('post', assertion='asdf') debug.called = True
def verify(request_type, success_url=None, failure_url=None, **kwargs): """ Call the verify view function. All kwargs not specified above will be passed as GET or POST arguments. """ if request_type == 'get': request = factory.get('/browserid/verify', kwargs) else: request = factory.post('/browserid/verify', kwargs) # Patch settings prior to importing verify patches = {'BROWSERID_CREATE_USER': True, 'SITE_URL': 'http://testserver'} if success_url is not None: patches['LOGIN_REDIRECT_URL'] = success_url if failure_url is not None: patches['LOGIN_REDIRECT_URL_FAILURE'] = failure_url # We need to reload verify for the setting changes to take effect. with patch_settings(**patches): reload(views) verify_view = views.Verify.as_view() with patch.object(auth, 'login'): response = verify_view(request) return response
def test_override_verify_class(self): # Reload so that the settings.BROWSERID_VERIFY_CLASS takes effect. path = 'django_browserid.tests.test_urls.MyVerifyClass' with patch_settings(BROWSERID_VERIFY_CLASS=path): reload(urls) view = resolve('/login/', urls).func self.assertEqual(view, MyVerifyClass.as_view()) # Reset urls back to normal. reload(urls)