def setUp(self):
self.mw = SSLRedirect()
self.rf = RequestFactory()
class SSLRedirectTestCase(TestCase):
override_settings = {"USE_SSL": True}
def setUp(self):
self.mw = SSLRedirect()
self.rf = RequestFactory()
def test_is_secure_false(self):
request = self.rf.get("/")
self.assertFalse(self.mw._is_secure(request))
@skipIf(DJANGO_VERSION[:2] < (1, 7), "only works on Django 1.7+")
def test_is_secure_true(self):
request = self.rf.get("/", secure=True)
self.assertTrue(request.is_secure(), "This test is wrong")
self.assertTrue(self.mw._is_secure(request))
def test_is_secure_headers(self):
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
self.assertTrue(self.mw._is_secure(request))
def test_redirect_https(self):
request = self.rf.get("/")
result = self.mw._redirect(request, True)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_http(self):
request = self.rf.get("/")
result = self.mw._redirect(request, False)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("http://"))
def test_login_redirect(self):
# Requests to the login page must be redirected to HTTPS
request = self.rf.get("/")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {"SSL": True})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_login_already_https(self):
# Requests to the login page must not be redirected if they already are
# in HTTPS
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {"SSL": True})
self.assertIsNone(result)
def test_noredirect(self):
# Requests to normal pages must not be redirected
request = self.rf.get("/")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_noredirect_back(self):
# Requests in HTTPS to normal pages must not be redirected back to HTTP
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_redirect_authenticated_http(self):
# Requests in HTTP with authenticated users must be redirected to HTTPS
request = self.rf.get("/")
request.user = User.objects.create_user(
'testuser', '*****@*****.**', 'testPass')
result = self.mw.process_view(request, None, [], {})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_authenticated_https(self):
# Requests in HTTPS with authenticated users must stay in HTTPS
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = User.objects.create_user(
'testuser', '*****@*****.**', 'testPass')
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
class SSLRedirectTestCase(TestCase):
override_settings = {"USE_SSL": True}
def setUp(self):
self.mw = SSLRedirect()
self.rf = RequestFactory()
def test_is_secure_false(self):
request = self.rf.get("/")
self.assertFalse(self.mw._is_secure(request))
@skipIf(DJANGO_VERSION[:2] < (1, 7), "only works on Django 1.7+")
def test_is_secure_true(self):
request = self.rf.get("/", secure=True)
self.assertTrue(request.is_secure(), "This test is wrong")
self.assertTrue(self.mw._is_secure(request))
def test_is_secure_headers(self):
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
self.assertTrue(self.mw._is_secure(request))
def test_redirect_https(self):
request = self.rf.get("/")
result = self.mw._redirect(request, True)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_http(self):
request = self.rf.get("/")
result = self.mw._redirect(request, False)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("http://"))
def test_login_redirect(self):
# Requests to the login page must be redirected to HTTPS
request = self.rf.get("/")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {"SSL": True})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_login_already_https(self):
# Requests to the login page must not be redirected if they already are
# in HTTPS
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {"SSL": True})
self.assertIsNone(result)
def test_noredirect(self):
# Requests to normal pages must not be redirected
request = self.rf.get("/")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_noredirect_back(self):
# Requests in HTTPS to normal pages must not be redirected back to HTTP
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_redirect_authenticated_http(self):
# Requests in HTTP with authenticated users must be redirected to HTTPS
request = self.rf.get("/")
request.user = User.objects.create_user("testuser", "*****@*****.**", "testPass")
result = self.mw.process_view(request, None, [], {})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_authenticated_https(self):
# Requests in HTTPS with authenticated users must stay in HTTPS
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = User.objects.create_user("testuser", "*****@*****.**", "testPass")
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def setUp(self):
self.mw = SSLRedirect()
self.rf = RequestFactory()
class SSLRedirectTestCase(TestCase):
override_settings = {"USE_SSL": True}
def setUp(self):
self.mw = SSLRedirect()
self.rf = RequestFactory()
def test_is_secure_false(self):
request = self.rf.get("/")
self.assertFalse(self.mw._is_secure(request))
def test_is_secure_true(self):
request = self.rf.get("/", secure=True)
self.assertTrue(request.is_secure(), "This test is wrong")
self.assertTrue(self.mw._is_secure(request))
def test_is_secure_headers(self):
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
self.assertTrue(self.mw._is_secure(request))
def test_redirect_https(self):
request = self.rf.get("/")
result = self.mw._redirect(request, True)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_http(self):
request = self.rf.get("/")
result = self.mw._redirect(request, False)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("http://"))
def test_login_redirect(self):
# Requests to the login page must be redirected to HTTPS
request = self.rf.get("/accounts/login/")
request.user = AnonymousUser()
result = self.mw.process_view(request, login_view, [], {})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_login_already_https(self):
# Requests to the login page must not be redirected if they already are
# in HTTPS
request = self.rf.get("/accounts/login", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, login_view, [], {})
self.assertIsNone(result)
def test_noredirect(self):
# Requests to normal pages must not be redirected
request = self.rf.get("/")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_noredirect_back(self):
# Requests in HTTPS to normal pages must not be redirected back to HTTP
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = AnonymousUser()
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_redirect_authenticated_http(self):
# Requests in HTTP with authenticated users must be redirected to HTTPS
request = self.rf.get("/")
request.user = User.objects.create_user(
'testuser', '*****@*****.**', 'testPass')
result = self.mw.process_view(request, None, [], {})
self.assertIsNotNone(result)
self.assertEqual(result.status_code, 301)
self.assertTrue(result.url.startswith("https://"))
def test_redirect_authenticated_https(self):
# Requests in HTTPS with authenticated users must stay in HTTPS
request = self.rf.get("/", HTTP_X_FORWARDED_SSL="on")
request.user = User.objects.create_user(
'testuser', '*****@*****.**', 'testPass')
result = self.mw.process_view(request, None, [], {})
self.assertIsNone(result)
def test_populate_view_function(self):
def fake_view():
pass
class URLConf:
SSL_URLS = [
fake_view,
]
self.mw._protected_urls = []
self.mw._walk_module(URLConf)
self.assertEqual(self.mw._protected_urls, [fake_view])
def test_populate_view_function_name(self):
class URLConf:
SSL_URLS = [
"hyperkitty.views.accounts.login_view",
]
self.mw._protected_urls = []
self.mw._walk_module(URLConf)
self.assertEqual(self.mw._protected_urls, [login_view])
def test_populate_urlconf_with_ssl_urls(self):
class URLConf:
SSL_URLS = [
"hyperkitty.urls",
]
self.mw._protected_urls = []
self.mw._walk_module(URLConf)
self.assertIn(login_view, self.mw._protected_urls)
def test_populate_urlconf_no_ssl_urls(self):
class URLConf:
urlpatterns = []
sub_urlconf = URLConf()
sub_urlconf.urlpatterns = [
RegexURLPattern('', user_profile),
]
root_urlconf = URLConf()
root_urlconf.urlpatterns = [
RegexURLPattern('', login_view),
RegexURLResolver('', sub_urlconf),
]
self.mw._protected_urls = []
self.mw._walk_module(root_urlconf)
self.assertIn(login_view, self.mw._protected_urls)
self.assertIn(user_profile, self.mw._protected_urls)