def test_ratelimit_ip(self):
class MockObject(object):
@ratelimit_ip(limit=3, ttl=1)
def foo(self):
return 1
o = MockObject()
o.request = Request()
o.request.set_header("X_FORWARDED_FOR", "100.1.1.1")
o.request.path = "/fooip"
o.foo()
o.foo()
o.foo()
with self.assertRaises(CallError) as cm:
o.foo()
self.assertEqual(429, cm.exception.code)
# make sure another request gets through just fine
orig_r = o.request
o.request = Request()
o.request.path = "/fooip"
o.request.set_header("X_FORWARDED_FOR", "100.1.1.2")
o.foo()
o.request = orig_r
time.sleep(1)
o.request.set_header("X_FORWARDED_FOR", "100.1.1.1")
r = o.foo()
self.assertEqual(1, r)
def test_body_kwargs(self):
#body = "foo=bar&che=baz&foo=che"
#body_kwargs = {'foo': ['bar', 'che'], 'che': 'baz'}
#body_json = '{"foo": ["bar", "che"], "che": "baz"}'
cts = {
"application/x-www-form-urlencoded": ("foo=bar&che=baz&foo=che", {
'foo': ['bar', 'che'],
'che': 'baz'
}),
# 'application/json': (
# '{"foo": ["bar", "che"], "che": "baz"}',
# {'foo': ['bar', 'che'], 'che': 'baz'}
# ),
}
for ct, bodies in cts.iteritems():
ct_body, ct_body_kwargs = bodies
r = Request()
r.body = ct_body
r.set_header('content-type', ct)
self.assertTrue(isinstance(r.body_kwargs, dict))
self.assertEqual(r.body_kwargs, ct_body_kwargs)
r = Request()
r.set_header('content-type', ct)
self.assertEqual(r.body_kwargs, {})
self.assertEqual(r.body, None)
r = Request()
r.set_header('content-type', ct)
r.body_kwargs = ct_body_kwargs
self.assertEqual(r._parse_query_str(r.body),
r._parse_query_str(ct_body))
def test_ratelimit_param(self):
class MockObject(object):
@ratelimit_param("bar", limit=2, ttl=1)
def foo(self, **kwargs):
return 1
o = MockObject()
o.request = Request()
self.set_bearer_auth_header(o.request, "footoken")
o.request.path = "/fooparam"
o.foo(bar="che")
o.foo(bar="che")
with self.assertRaises(CallError) as cm:
o.foo(bar="che")
self.assertEqual(429, cm.exception.code)
# make sure bar not existing is not a problem
for x in range(5):
self.assertEqual(1, o.foo())
# just make sure something else goes through just fine
orig_r = o.request
o.request = Request()
o.request.path = "/fooparam"
o.foo(bar="baz")
o.request = orig_r
time.sleep(1)
r = o.foo(bar="che")
self.assertEqual(1, r)
def test_properties(self):
path = '/foo/bar'
path_args = ['foo', 'bar']
r = Request()
r.path = path
self.assertEqual(r.path, path)
self.assertEqual(r.path_args, path_args)
r = Request()
r.path_args = path_args
self.assertEqual(r.path, path)
self.assertEqual(r.path_args, path_args)
query = "foo=bar&che=baz&foo=che"
query_kwargs = {'foo': ['bar', 'che'], 'che': 'baz'}
r = Request()
r.query = query
self.assertEqual(parse.parse_qs(r.query, True),
parse.parse_qs(query, True))
self.assertEqual(r.query_kwargs, query_kwargs)
r = Request()
r.query_kwargs = query_kwargs
self.assertEqual(parse.parse_qs(r.query, True),
parse.parse_qs(query, True))
self.assertEqual(r.query_kwargs, query_kwargs)
def test_ratelimit_access_token(self):
class MockObject(object):
@ratelimit_access_token(limit=2, ttl=1)
def foo(self):
return 1
o = MockObject()
o.request = Request()
self.set_bearer_auth_header(o.request, "footoken")
o.request.path = "/footoken"
o.request.set_header("X_FORWARDED_FOR", "1.1.1.1")
o.foo()
o.request.set_header("X_FORWARDED_FOR", "1.1.1.2")
o.foo()
with self.assertRaises(CallError) as cm:
o.foo()
self.assertEqual(429, cm.exception.code)
# make sure another request gets through just fine
orig_r = o.request
o.request = Request()
o.request.path = "/footoken"
self.set_bearer_auth_header(o.request, "footoken2")
o.foo()
o.request = orig_r
time.sleep(1)
self.set_bearer_auth_header(o.request, "footoken")
o.request.set_header("X_FORWARDED_FOR", "1.1.1.3")
r = o.foo()
self.assertEqual(1, r)
def test_charset(self):
r = Request()
r.set_header("content-type", "application/json;charset=UTF-8")
charset = r.encoding
self.assertEqual("UTF-8", charset)
r = Request()
r.set_header("content-type", "application/json")
charset = r.encoding
self.assertEqual(None, charset)
def test_ip_bad(self):
r = Request()
r.set_header('REMOTE_ADDR', "10.0.2.2")
r.set_header("Via",
"1.1 ironport1.orlando.cit:80 (Cisco-WSA/9.0.1-162)")
self.assertEqual("", r.ip)
r = Request()
r.set_header('REMOTE_ADDR', "54.241.34.107")
r.set_header("Via",
"1.1 ironport1.orlando.cit:80 (Cisco-WSA/9.0.1-162)")
self.assertEqual("54.241.34.107", r.ip)
def test_body(self):
# simulate a problem I had with a request with curl
r = Request()
r.method = 'GET'
r.body = ""
r.set_headers({
'PATTERN': "/",
'x-forwarded-for': "127.0.0.1",
'URI': "/",
'accept': "*/*",
'user-agent':
"curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5",
'host': "localhost",
'VERSION': "HTTP/1.1",
'PATH': "/",
'METHOD': "GET",
'authorization': "Basic SOME_HASH_THAT_DOES_NOT_MATTER="
})
self.assertEqual("", r.body)
r = Request()
r.method = 'POST'
r.set_header('content-type', "application/x-www-form-urlencoded")
r.body = "foo=bar&che=baz&foo=che"
body_r = {'foo': ['bar', 'che'], 'che': 'baz'}
self.assertEqual(body_r, r.body_kwargs)
r.body = None
#del(r._body_kwargs)
body_r = {}
self.assertEqual(body_r, r.body_kwargs)
r.set_header('content-type', "application/json")
r.body = '{"person":{"name":"bob"}}'
#del(r._body_kwargs)
body_r = {'person': {"name": "bob"}}
self.assertEqual(body_r, r.body_kwargs)
r.body = ''
#del(r._body_kwargs)
body_r = ''
self.assertEqual(body_r, r.body)
r.headers = {}
body = '{"person":{"name":"bob"}}'
r.body = body
self.assertEqual(body, r.body)
r.method = 'GET'
r.set_header('content-type', "application/json")
r.body = None
self.assertEqual(None, r.body)
def test_cors(self):
class Cors(Controller):
def POST(self):
pass
res = Response()
req = Request()
c = Cors(req, res)
self.assertTrue(c.OPTIONS)
self.assertFalse('Access-Control-Allow-Origin' in c.response.headers)
req.set_header('Origin', 'http://example.com')
c = Cors(req, res)
self.assertEqual(req.get_header('Origin'),
c.response.get_header('Access-Control-Allow-Origin'))
req.set_header('Access-Control-Request-Method', 'POST')
req.set_header('Access-Control-Request-Headers', 'xone, xtwo')
c = Cors(req, res)
c.OPTIONS()
self.assertEqual(req.get_header('Origin'),
c.response.get_header('Access-Control-Allow-Origin'))
self.assertEqual(req.get_header('Access-Control-Request-Method'),
c.response.get_header('Access-Control-Allow-Methods'))
self.assertEqual(req.get_header('Access-Control-Request-Headers'),
c.response.get_header('Access-Control-Allow-Headers'))
c = Cors(req, res)
c.POST()
self.assertEqual(req.get_header('Origin'),
c.response.get_header('Access-Control-Allow-Origin'))
def test_bad_content_type(self):
"""make sure a form upload content type with json body fails correctly"""
r = Request()
r.environ["REQUEST_METHOD"] = "POST"
b = b"plain text body"
r.headers.update({'content-length': String(len(b))})
r.headers.pop("content-type", None)
body = Body(io.BytesIO(b), r)
self.assertEqual(b, body.file.read())
b = b"foo=bar&che=baz&foo=che"
r.headers.update({
'content-type': 'application/json',
'content-length': String(len(b))
})
if is_py2:
with self.assertRaises(ValueError):
body = Body(io.BytesIO(b), r)
else:
with self.assertRaises(json.JSONDecodeError):
body = Body(io.BytesIO(b), r)
b = b'{"foo": ["bar", "che"], "che": "baz"}'
r.headers.update({
'content-type': "application/x-www-form-urlencoded",
'content-length': String(len(b))
})
with self.assertRaises(ValueError):
body = Body(io.BytesIO(b), r)
def test_get_header(self):
r = Request()
r.set_headers({
'foo': 'bar',
'Content-Type': 'application/json',
'Happy-days': 'are-here-again'
})
v = r.get_header('foo', 'che')
self.assertEqual('bar', v)
v = r.get_header('Foo', 'che')
self.assertEqual('bar', v)
v = r.get_header('FOO', 'che')
self.assertEqual('bar', v)
v = r.get_header('che', 'che')
self.assertEqual('che', v)
v = r.get_header('che')
self.assertEqual(None, v)
v = r.get_header('content-type')
self.assertEqual('application/json', v)
v = r.get_header('happy-days')
self.assertEqual('are-here-again', v)
def test_get_version_default(self):
"""turns out, calls were failing if there was no accept header even if there were defaults set"""
r = Request()
r.headers = {}
self.assertEqual("", r.version('application/json'))
r = Request()
r.set_header('accept', 'application/json;version=v1')
self.assertEqual('v1', r.version())
r = Request()
r.set_header('accept', '*/*')
self.assertEqual("", r.version('application/json'))
r = Request()
r.set_header('accept', '*/*;version=v8')
self.assertEqual('v8', r.version('application/json'))
def test_ip(self):
r = Request()
r.set_header('REMOTE_ADDR', '172.252.0.1')
self.assertEqual('172.252.0.1', r.ip)
r = Request()
r.set_header('REMOTE_ADDR', '1.241.34.107')
self.assertEqual('1.241.34.107', r.ip)
r = Request()
r.set_header('x-forwarded-for', '54.241.34.107')
self.assertEqual('54.241.34.107', r.ip)
r.set_header('x-forwarded-for', '127.0.0.1, 54.241.34.107')
self.assertEqual('54.241.34.107', r.ip)
r.set_header('x-forwarded-for', '127.0.0.1')
r.set_header('client-ip', '54.241.34.107')
self.assertEqual('54.241.34.107', r.ip)
def test_get_version(self):
r = Request()
r.set_header('accept', 'application/json;version=v1')
v = r.version()
self.assertEqual("v1", v)
v = r.version("application/json")
self.assertEqual("v1", v)
v = r.version("plain/text")
self.assertEqual("", v)
def test_body_kwargs_bad_content_type(self):
"""make sure a form upload content type with json body fails correctly"""
r = Request()
r.body = "foo=bar&che=baz&foo=che"
r.headers = {'content-type': 'application/json'}
with self.assertRaises(ValueError):
br = r.body_kwargs
r.body = '{"foo": ["bar", "che"], "che": "baz"}'
r.headers = {'content-type': "application/x-www-form-urlencoded"}
with self.assertRaises(ValueError):
br = r.body_kwargs
def test_get_auth_scheme(self):
r = Request()
r.set_headers({
"Authorization": "Basic FOOBAR",
})
self.assertEqual("Basic", r.get_auth_scheme())
self.assertTrue(r.is_auth("basic"))
self.assertTrue(r.is_auth("Basic"))
self.assertFalse(r.is_auth("bearer"))
r.headers["Authorization"] = "BLAH_TOKEN"
self.assertEqual("", r.get_auth_scheme())
self.assertFalse(r.is_auth("basic"))
def test_copy(self):
r = Request()
r.set_headers({
"Host": "localhost",
})
r.query = "foo=bar"
r.path = "/baz/che"
r.environ['wsgi.url_scheme'] = "http"
r.environ['SERVER_PORT'] = "80"
r.foo = 1
r2 = r.copy()
self.assertEqual(r.foo, r2.foo)
self.assertEqual(r.environ["SERVER_PORT"], r2.environ["SERVER_PORT"])
def test_throttle(self):
class TARA(object):
@ratelimit_ip(limit=3, ttl=1)
def foo(self):
return 1
@ratelimit_ip(limit=10, ttl=1)
def bar(self):
return 2
r_foo = endpoints.Request()
r_foo.set_header("X_FORWARDED_FOR", "276.0.0.1")
r_foo.path = "/foo"
c = TARA()
c.request = r_foo
for x in range(3):
r = c.foo()
self.assertEqual(1, r)
for x in range(2):
with self.assertRaises(CallError):
c.foo()
# make sure another path isn't messed with by foo
r_bar = Request()
r_bar.set_header("X_FORWARDED_FOR", "276.0.0.1")
r_bar.path = "/bar"
c.request = r_bar
for x in range(10):
r = c.bar()
self.assertEqual(2, r)
time.sleep(0.1)
with self.assertRaises(CallError):
c.bar()
c.request = r_foo
for x in range(3):
r = c.foo()
self.assertEqual(1, r)
for x in range(2):
with self.assertRaises(CallError):
c.foo()
class MockObject(object):
request = Request()
@ratelimit_ip()
def rl_ip(self):
return 2
@ratelimit_param_ip("bar")
def rl_param_ip(self, **kwargs):
return 3
@ratelimit_param("bar")
def rl_param(self, **kwargs):
return 4
@ratelimit_access_token()
def rl_access_token(self):
return 5
def test_is_oauth(self):
username = "******"
password = "******"
r = Request()
r.set_headers({"Authorization": _basic_auth_str(username, password)})
self.assertTrue(r.is_oauth("basic"))
self.assertTrue(r.is_oauth("client"))
self.assertFalse(r.is_oauth("token"))
self.assertFalse(r.is_oauth("access"))
r.headers["Authorization"] = "Bearer FOOBAR"
self.assertFalse(r.is_oauth("basic"))
self.assertFalse(r.is_oauth("client"))
self.assertTrue(r.is_oauth("token"))
self.assertTrue(r.is_oauth("access"))
r.headers.pop("Authorization")
self.assertFalse(r.is_oauth("basic"))
self.assertFalse(r.is_oauth("client"))
self.assertFalse(r.is_oauth("token"))
self.assertFalse(r.is_oauth("access"))
def test_url(self):
"""make sure the .url attribute is correctly populated"""
# this is wsgi configuration
r = Request()
r.set_headers({
"Host": "localhost",
})
r.query = "foo=bar"
r.path = "/baz/che"
r.environ['wsgi.url_scheme'] = "http"
r.environ['SERVER_PORT'] = "80"
u = r.url
self.assertEqual("http://localhost/baz/che?foo=bar", r.url)
r.port = 555
u = r.url
self.assertEqual("http://localhost:555/baz/che?foo=bar", r.url)
# handle proxied connections
r.host = "localhost:10000"
r.port = "9000"
u = r.url
self.assertTrue(":10000" in u)
def create_request(ip):
r = Request()
r.path = "/fooparam"
r.set_header("X_FORWARDED_FOR", ip)
self.set_bearer_auth_header(r, "footoken")
return r
class MockMetavar(object):
request = Request()
@param(0, metavar="bar")
def foo(self, bar, **kwargs):
return 1
def get_http_instances(self, path="", method="GET"):
req = Request()
req.method = method
req.path = path
res = Response()
return req, res