def test_missing_db_settings(settings):
settings_module = import_module(settings)
settings_module.DATABASE_SETTINGS = None
with pytest.raises(ImproperlyConfigured):
turbulette_starlette(settings)
reload(settings_module)
settings_module.DATABASE_SETTINGS = {"useless_key": "useless"}
with pytest.raises(ImproperlyConfigured):
turbulette_starlette(settings)
reload(settings_module)
settings_module.DB_DSN = {}
with pytest.raises(ImproperlyConfigured):
turbulette_starlette(settings)
reload(settings_module)
from os import environ from turbulette import turbulette_starlette from turbulette.conf.constants import PROJECT_SETTINGS_MODULE environ.setdefault(PROJECT_SETTINGS_MODULE, "tests.settings") app = turbulette_starlette()
def test_starlette_setup(settings):
app = turbulette_starlette(settings)
assert isinstance(app, Starlette)
def test_settings_by_env():
environ[PROJECT_SETTINGS_MODULE] = "tests.settings_no_apps"
assert turbulette_starlette()
assert turbulette_setup()
environ.pop(PROJECT_SETTINGS_MODULE)
async def test_csrf(blank_conf):
app = turbulette_starlette("tests.settings_csrf")
from turbulette.conf import settings
from turbulette.conf.utils import settings_stub
from turbulette.cache import cache
async with TestClient(app) as client:
resp = await client.get("/csrf")
assert resp.status_code == 200
assert "csrftoken" in resp.json()
csrf_token = resp.json()["csrftoken"]
# Safe method
resp = await client.get("/welcome")
assert resp.status_code == 200
# No cookie, no header
resp = await client.post("/welcome")
assert resp.status_code == 403
# No cookie
resp = await client.post(
"/welcome", headers={settings.CSRF_HEADER_NAME: csrf_token}
)
assert resp.status_code == 403
# No header
resp = await client.post(
"/welcome", cookies={settings.CSRF_HEADER_NAME: csrf_token}
)
assert resp.status_code == 403
# Cookie + header : everything is good
resp = await client.post(
"/welcome",
cookies={settings.CSRF_COOKIE_NAME: csrf_token},
headers={settings.CSRF_HEADER_NAME: csrf_token},
)
assert resp.status_code == 200
with settings_stub(CSRF_FORM_PARAM=True, CSRF_HEADER_PARAM=False):
# Cookie + form : everything is good
resp = await client.post(
"/welcome",
cookies={settings.CSRF_COOKIE_NAME: csrf_token},
form={settings.CSRF_COOKIE_NAME: csrf_token},
)
assert resp.status_code == 200
# No form
resp = await client.post(
"/welcome", form={settings.CSRF_COOKIE_NAME: csrf_token}
)
assert resp.status_code == 403
# No referrer
resp = await client.post(
"/welcome",
cookies={settings.CSRF_COOKIE_NAME: csrf_token},
headers={settings.CSRF_HEADER_NAME: csrf_token},
scheme="https",
)
assert resp.status_code == 403
with settings_stub(ALLOWED_HOSTS=["api.io"]):
# Valid referer
resp = await client.post(
"/welcome",
cookies={settings.CSRF_COOKIE_NAME: csrf_token},
headers={
settings.CSRF_HEADER_NAME: csrf_token,
"referer": "https://api.io",
},
scheme="https",
)
assert resp.status_code == 200
with settings_stub(CSRF_FORM_PARAM=False, CSRF_HEADER_PARAM=False):
with pytest.raises(ImproperlyConfigured):
# No submit method set
resp = await client.post(
"/welcome",
cookies={settings.CSRF_COOKIE_NAME: csrf_token},
headers={
settings.CSRF_HEADER_NAME: csrf_token,
},
scheme="http",
)
assert resp.status_code == 403
# Reconnect to cache to not perturb other tests
await cache.connect()