def create_app():
app = Moxie(__name__)
configurator = Configurator(app)
cfg_path = path.join(app.root_path, 'default_settings.yaml')
configurator.from_yaml(cfg_path)
configurator.from_envvar('MOXIE_SETTINGS', silent=True)
# logging configuration for Raven/Sentry
if raven_available and 'SENTRY_DSN' in app.config:
sentry = Sentry(dsn=app.config['SENTRY_DSN'])
# capture uncaught exceptions within Flask
sentry.init_app(app)
handler = SentryHandler(app.config['SENTRY_DSN'],
level=logging.getLevelName(
app.config.get('SENTRY_LEVEL', 'WARNING')))
setup_logging(handler)
statsd.init_app(app)
cache.init_app(app)
db.init_app(app)
# Static URL Route for API Health checks
app.add_url_rule('/_health', view_func=check_services)
app.add_url_rule('/', view_func=RootView.as_view('root'))
return app
class CORSViewsTestCase(unittest.TestCase):
def setUp(self):
self.app = Moxie(__name__)
self.app.config['DEFAULT_ALLOW_ORIGINS'] = ['foo.domain']
self.app.add_url_rule('/creds', view_func=TestCORSWithCredentials.as_view('creds'))
self.app.add_url_rule('/nocreds', view_func=TestCORSWithoutCredentials.as_view('nocreds'))
def test_credential_true(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.headers['Access-Control-Allow-Credentials'], 'true')
def test_credential_allow_methods(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(set([m.strip() for m in rv.headers['Access-Control-Allow-Methods'].split(',')]), set(['PUT', 'GET', 'OPTIONS', 'HEAD']))
def test_credential_allow_headers(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.headers['Access-Control-Allow-Headers'], "X-DAVE")
def test_credential_max_age(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.headers['Access-Control-Max-Age'], "20")
def test_credential_echo_origin(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'foo.domain')
def test_credential_bad_origin(self):
with self.app.test_client() as c:
rv = c.open('/creds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foobar.domain')])
self.assertEqual(rv.status_code, 400)
def test_without_creds_wildcard(self):
with self.app.test_client() as c:
rv = c.get('/nocreds', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], '*')
def test_preflight_content(self):
with self.app.test_client() as c:
rv = c.open('/nocreds', method='OPTIONS', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
self.assertEqual(rv.data, '')
def test_actual_content(self):
with self.app.test_client() as c:
rv = c.get('/nocreds', headers=[('Accept', 'application/json'), ('Origin', 'foo.domain')])
data = json.loads(rv.data)
self.assertEqual(data['name'], 'Dave')