def test_setlang_http_next(self):
"""
The set_language view only redirects to the 'next' argument if it is
"safe" and its scheme is https if the request was sent over https.
"""
lang_code = self._get_inactive_language_code()
non_https_next_url = 'http://testserver/redirection/'
post_data = {'language': lang_code, 'next': non_https_next_url}
# Insecure URL in POST data.
response = self.client.post('/i18n/setlang/',
data=post_data,
secure=True)
self.assertEqual(response.url, '/')
self.assertEqual(
self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
lang_code)
# Insecure URL in HTTP referer.
response = self.client.post('/i18n/setlang/',
secure=True,
HTTP_REFERER=non_https_next_url)
self.assertEqual(response.url, '/')
self.assertEqual(
self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
lang_code)
def test_explicit_default_app_config_without_apps(self):
"""
Load an app that specifies a default AppConfig class in __init__ and do
not have an apps module.
"""
msg = (
"'apps.explicit_default_config_without_apps' defines "
"default_app_config = 'apps.explicit_default_config_without_apps."
"ExplicitDefaultConfigWithoutApps'. However, Django's automatic "
"detection did not find this configuration. You should move the "
"default config class to the apps submodule of your application "
"and, if this module defines several config classes, mark the "
"default one with default = True.")
with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
with self.settings(INSTALLED_APPS=[
'apps.explicit_default_config_without_apps'
]):
pass
with ignore_warnings(category=RemovedInDjango41Warning):
with self.settings(INSTALLED_APPS=[
'apps.explicit_default_config_without_apps'
]):
self.assertIsInstance(
apps.get_app_config(
'explicit_default_config_without_apps'),
ExplicitDefaultConfigWithoutApps,
)
def test_locale_aware(self):
d = datetime(2007, 9, 17, 12, 51, 34, 482548)
# RemovedInDjango50Warning: When the deprecation ends, remove
# @ignore_warnings and USE_L10N=False. The assertion should remain
# because format-related settings will take precedence over
# locale-dictated formats.
with ignore_warnings(category=RemovedInDjango50Warning):
with self.settings(USE_L10N=False):
with self.settings(DATETIME_INPUT_FORMATS=[
'%Y-%m-%d %H:%M:%S',
'%Y-%m-%d %H:%M:%S.%f',
'%Y-%m-%d %H:%M',
]):
self.check_html(
self.widget,
'date',
d,
html=
'<input type="text" name="date" value="2007-09-17 12:51:34">',
)
with translation.override('es'):
self.check_html(
self.widget,
'date',
d,
html=
'<input type="text" name="date" value="17/09/2007 12:51:34">',
)
def test_explicit_default_app_config_mismatch(self):
"""
Load an app that specifies a default AppConfig class not matching the
autodetected one.
"""
msg = (
"'apps.explicit_default_config_mismatch_app' defines "
"default_app_config = 'apps.explicit_default_config_mismatch_app."
"not_apps.ExplicitDefaultConfigMismatch'. However, Django's "
"automatic detection picked another configuration, 'apps."
"explicit_default_config_mismatch_app.apps."
"ImplicitDefaultConfigMismatch'. You should move the default "
"config class to the apps submodule of your application and, if "
"this module defines several config classes, mark the default one "
"with default = True.")
with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
with self.settings(INSTALLED_APPS=[
'apps.explicit_default_config_mismatch_app'
]):
pass
with ignore_warnings(category=RemovedInDjango41Warning):
with self.settings(INSTALLED_APPS=[
'apps.explicit_default_config_mismatch_app'
]):
self.assertIsInstance(
apps.get_app_config(
'explicit_default_config_mismatch_app'),
ExplicitDefaultConfigMismatch,
)
def test_include_error08(self):
template = self.engine.get_template('include-error08')
if self.engine.debug:
with self.assertRaises(TemplateSyntaxError):
template.render(Context())
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(Context()), '')
def test_include_error08(self):
template = self.engine.get_template('include-error08')
if self.engine.debug:
with self.assertRaises(TemplateSyntaxError):
template.render(Context())
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(Context()), '')
def test_include_error07(self):
template = self.engine.get_template("include-error07")
if self.engine.debug:
with self.assertRaises(RuntimeError):
template.render(Context())
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(Context()), "")
def test_include_error10(self):
context = Context({'failed_include': 'include-fail2'})
template = self.engine.get_template('include-error10')
if self.engine.debug:
with self.assertRaises(TemplateSyntaxError):
template.render(context)
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(context), '')
def test_include_error10(self):
context = Context({'failed_include': 'include-fail2'})
template = self.engine.get_template('include-error10')
if self.engine.debug:
with self.assertRaises(TemplateSyntaxError):
template.render(context)
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(context), '')
def test_include_error09(self):
context = Context({"failed_include": "include-fail1"})
template = self.engine.get_template("include-error09")
if self.engine.debug:
with self.assertRaises(RuntimeError):
template.render(context)
else:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(context), "")
def test_logs_exceptions_during_rendering_with_no_template_name(self):
template = self.engine.from_string('{% include "child" %}')
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(self.ctx), '')
self.assertEqual(
self.test_handler.log_record.getMessage(),
"Exception raised while rendering {% include %} for template "
"'unknown'. Empty string rendered instead.")
self.assertIsNotNone(self.test_handler.log_record.exc_info)
self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
def test_serialize_datetime(self):
self.assertSerializedEqual(datetime.datetime.now())
self.assertSerializedEqual(datetime.datetime.now)
self.assertSerializedEqual(datetime.datetime.today())
self.assertSerializedEqual(datetime.datetime.today)
self.assertSerializedEqual(datetime.date.today())
self.assertSerializedEqual(datetime.date.today)
self.assertSerializedEqual(datetime.datetime.now().time())
self.assertSerializedEqual(
datetime.datetime(2014, 1, 1, 1, 1, tzinfo=get_default_timezone()))
self.assertSerializedEqual(
datetime.datetime(2013,
12,
31,
22,
1,
tzinfo=get_fixed_timezone(180)))
self.assertSerializedResultEqual(
datetime.datetime(2014, 1, 1, 1, 1),
("datetime.datetime(2014, 1, 1, 1, 1)", {"import datetime"}),
)
with ignore_warnings(category=RemovedInDjango50Warning):
from django.utils.timezone import utc
for tzinfo in (utc, datetime.timezone.utc):
with self.subTest(tzinfo=tzinfo):
self.assertSerializedResultEqual(
datetime.datetime(2012, 1, 1, 1, 1, tzinfo=tzinfo),
(
"datetime.datetime"
"(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
{"import datetime"},
),
)
self.assertSerializedResultEqual(
datetime.datetime(2012,
1,
1,
2,
1,
tzinfo=zoneinfo.ZoneInfo("Europe/Paris")),
(
"datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
{"import datetime"},
),
)
if pytz:
self.assertSerializedResultEqual(
pytz.timezone("Europe/Paris").localize(
datetime.datetime(2012, 1, 1, 2, 1)),
(
"datetime.datetime(2012, 1, 1, 1, 1, tzinfo=datetime.timezone.utc)",
{"import datetime"},
),
)
def test_setlang_http_next(self):
"""
The set_language view only redirects to the 'next' argument if it is
"safe" and its scheme is https if the request was sent over https.
"""
lang_code = self._get_inactive_language_code()
non_https_next_url = 'http://testserver/redirection/'
post_data = {'language': lang_code, 'next': non_https_next_url}
# Insecure URL in POST data.
response = self.client.post('/i18n/setlang/', data=post_data, secure=True)
self.assertEqual(response.url, '/')
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
# Insecure URL in HTTP referer.
response = self.client.post('/i18n/setlang/', secure=True, HTTP_REFERER=non_https_next_url)
self.assertEqual(response.url, '/')
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self):
"""
The set_language view returns 204 for AJAX calls by default.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code}
response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(response.status_code, 204)
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self):
"""
The set_language view redirects to the "next" parameter for AJAX calls.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code, 'next': '/'}
response = self.client.post('/i18n/setlang/', post_data, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertRedirects(response, '/')
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_logs_exceptions_during_rendering_with_no_template_name(self):
template = self.engine.from_string('{% include "child" %}')
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertEqual(template.render(self.ctx), '')
self.assertEqual(
self.test_handler.log_record.getMessage(),
"Exception raised while rendering {% include %} for template "
"'unknown'. Empty string rendered instead."
)
self.assertIsNotNone(self.test_handler.log_record.exc_info)
self.assertEqual(self.test_handler.log_record.levelno, logging.WARN)
def test_setlang_default_redirect(self):
"""
The set_language view redirects to '/' when there isn't a referer or
"next" parameter.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code}
response = self.client.post('/i18n/setlang/', post_data)
self.assertRedirects(response, '/')
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_redirect_to_referer(self):
"""
The set_language view redirects to the URL in the referer header when
there isn't a "next" parameter.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code}
response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i18n/')
self.assertRedirects(response, '/i18n/', fetch_redirect_response=False)
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_unsafe_next(self):
"""
The set_language view only redirects to the 'next' argument if it is
"safe".
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code, 'next': '//unsafe/redirection/'}
response = self.client.post('/i18n/setlang/', data=post_data)
self.assertEqual(response.url, '/')
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_doesnt_perform_a_redirect_to_referer_for_ajax(self):
"""
The set_language view doesn't redirect to the HTTP referer header for
AJAX calls.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code}
headers = {'HTTP_REFERER': '/', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'}
response = self.client.post('/i18n/setlang/', post_data, **headers)
self.assertEqual(response.status_code, 204)
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_setlang_decodes_http_referer_url(self):
"""
The set_language view decodes the HTTP_REFERER URL.
"""
# The URL & view must exist for this to work as a regression test.
self.assertEqual(reverse('with_parameter', kwargs={'parameter': 'x'}), '/test-setlang/x/')
lang_code = self._get_inactive_language_code()
encoded_url = '/test-setlang/%C3%A4/' # (%C3%A4 decodes to ä)
response = self.client.post('/i18n/setlang/', {'language': lang_code}, HTTP_REFERER=encoded_url)
self.assertRedirects(response, encoded_url, fetch_redirect_response=False)
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
def test_lang_from_translated_i18n_pattern(self):
response = self.client.post(
'/i18n/setlang/', data={'language': 'nl'},
follow=True, HTTP_REFERER='/en/translated/'
)
self.assertEqual(self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value, 'nl')
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], 'nl')
self.assertRedirects(response, '/nl/vertaald/')
# And reverse
response = self.client.post(
'/i18n/setlang/', data={'language': 'en'},
follow=True, HTTP_REFERER='/nl/vertaald/'
)
self.assertRedirects(response, '/en/translated/')
def test_setlang_doesnt_perform_a_default_redirect_for_ajax(self):
"""
The set_language view returns 204 by default for requests not accepting
HTML response content.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code}
response = self.client.post('/i18n/setlang/',
post_data,
HTTP_ACCEPT='application/json')
self.assertEqual(response.status_code, 204)
self.assertEqual(
self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
lang_code)
def test_setlang_performs_redirect_for_ajax_if_explicitly_requested(self):
"""
The set_language view redirects to the "next" parameter for requests
not accepting HTML response content.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code, 'next': '/'}
response = self.client.post('/i18n/setlang/',
post_data,
HTTP_ACCEPT='application/json')
self.assertRedirects(response, '/')
self.assertEqual(
self.client.cookies[settings.LANGUAGE_COOKIE_NAME].value,
lang_code)
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY],
lang_code)
def test_setlang(self):
"""
The set_language view can be used to change the session language.
The user is redirected to the 'next' argument if provided.
"""
lang_code = self._get_inactive_language_code()
post_data = {'language': lang_code, 'next': '/'}
response = self.client.post('/i18n/setlang/', post_data, HTTP_REFERER='/i_should_not_be_used/')
self.assertRedirects(response, '/')
with ignore_warnings(category=RemovedInDjango40Warning):
self.assertEqual(self.client.session[LANGUAGE_SESSION_KEY], lang_code)
# The language is set in a cookie.
language_cookie = self.client.cookies[settings.LANGUAGE_COOKIE_NAME]
self.assertEqual(language_cookie.value, lang_code)
self.assertEqual(language_cookie['domain'], '')
self.assertEqual(language_cookie['path'], '/')
self.assertEqual(language_cookie['max-age'], '')
def test_bad_urls(self):
bad_urls = (
'http://example.com',
'http:///example.com',
'https://example.com',
'ftp://example.com',
r'\\example.com',
r'\\\example.com',
r'/\\/example.com',
r'\\\example.com',
r'\\example.com',
r'\\//example.com',
r'/\/example.com',
r'\/example.com',
r'/\example.com',
'http:///example.com',
r'http:/\//example.com',
r'http:\/example.com',
r'http:/\example.com',
'javascript:alert("XSS")',
'\njavascript:alert(x)',
'\x08//example.com',
r'http://otherserver\@example.com',
r'http:\\testserver\@example.com',
r'http://testserver\me:[email protected]',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\[email protected]',
'http:999999999',
'ftp:9999999999',
'\n',
'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
'http://2001:cdba:0000:0000:0000:0000:3257:9652]/',
)
for bad_url in bad_urls:
with self.subTest(url=bad_url):
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertIs(http.is_safe_url(bad_url, host='testserver'),
False)
self.assertIs(
is_safe_url(bad_url,
allowed_hosts={'testserver', 'testserver2'}),
False)
def test_explicit_default_app_config_warning(self):
"""
Load an app that specifies a default AppConfig class matching the
autodetected one.
"""
msg = (
"'apps.explicit_default_config_app' defines default_app_config = "
"'apps.explicit_default_config_app.apps.ExplicitDefaultConfig'. "
"Django now detects this configuration automatically. You can "
"remove default_app_config."
)
with self.assertRaisesMessage(RemovedInDjango41Warning, msg):
with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']):
pass
with ignore_warnings(category=RemovedInDjango41Warning):
with self.settings(INSTALLED_APPS=['apps.explicit_default_config_app']):
self.assertIsInstance(
apps.get_app_config('explicit_default_config_app'),
ExplicitDefaultConfig,
)
def test_good_urls(self):
good_urls = (
'/view/?param=http://example.com',
'/view/?param=https://example.com',
'/view?param=ftp://example.com',
'view/?param=//example.com',
'https://testserver/',
'HTTPS://testserver/',
'//testserver/',
'http://testserver/[email protected]',
'/url%20with%20spaces/',
'path/http:2222222222',
)
for good_url in good_urls:
with self.subTest(url=good_url):
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertIs(
http.is_safe_url(good_url, host='testserver'), True)
self.assertIs(
is_safe_url(good_url,
allowed_hosts={'otherserver', 'testserver'}),
True)
from __future__ import unicode_literals
from django.conf.urls.i18n import i18n_patterns
from django.http import HttpResponse, StreamingHttpResponse
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.translation import ugettext_lazy as _
# test deprecated version of i18n_patterns() function (with prefix). Remove it
# and convert to list of urls() in Django 2.0
i18n_patterns = ignore_warnings(
category=RemovedInDjango20Warning)(i18n_patterns)
urlpatterns = i18n_patterns(
'',
(r'^simple/$', lambda r: HttpResponse()),
(r'^streaming/$',
lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])),
)
def test_is_safe_url(self):
bad_urls = (
'http://example.com',
'http:///example.com',
'https://example.com',
'ftp://example.com',
r'\\example.com',
r'\\\example.com',
r'/\\/example.com',
r'\\\example.com',
r'\\example.com',
r'\\//example.com',
r'/\/example.com',
r'\/example.com',
r'/\example.com',
'http:///example.com',
r'http:/\//example.com',
r'http:\/example.com',
r'http:/\example.com',
'javascript:alert("XSS")',
'\njavascript:alert(x)',
'\x08//example.com',
r'http://otherserver\@example.com',
r'http:\\testserver\@example.com',
r'http://testserver\me:[email protected]',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\[email protected]',
'http:999999999',
'ftp:9999999999',
'\n',
)
for bad_url in bad_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertFalse(http.is_safe_url(bad_url, host='testserver'),
"%s should be blocked" % bad_url)
self.assertFalse(
http.is_safe_url(bad_url,
allowed_hosts={'testserver', 'testserver2'}),
"%s should be blocked" % bad_url,
)
good_urls = (
'/view/?param=http://example.com',
'/view/?param=https://example.com',
'/view?param=ftp://example.com',
'view/?param=//example.com',
'https://testserver/',
'HTTPS://testserver/',
'//testserver/',
'http://testserver/[email protected]',
'/url%20with%20spaces/',
'path/http:2222222222',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host='testserver'),
"%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url,
allowed_hosts={'otherserver', 'testserver'}),
"%s should be allowed" % good_url,
)
if six.PY2:
# Check binary URLs, regression tests for #26308
self.assertTrue(
http.is_safe_url(b'https://testserver/',
allowed_hosts={'testserver'}),
"binary URLs should be allowed on Python 2")
self.assertFalse(
http.is_safe_url(b'\x08//example.com',
allowed_hosts={'testserver'}))
self.assertTrue(
http.is_safe_url('àview/'.encode('utf-8'),
allowed_hosts={'testserver'}))
self.assertFalse(
http.is_safe_url('àview'.encode('latin-1'),
allowed_hosts={'testserver'}))
# Valid basic auth credentials are allowed.
self.assertTrue(
http.is_safe_url(r'http://*****:*****@testserver/',
allowed_hosts={'user:pass@testserver'}))
# A path without host is allowed.
self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
# Basic auth without host is not allowed.
self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
from django.contrib.gis.db import models
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango50Warning
from ..admin import admin
class City(models.Model):
name = models.CharField(max_length=30)
point = models.PointField()
class Meta:
app_label = "geoadmini_deprecated"
def __str__(self):
return self.name
site = admin.AdminSite(name="admin_gis")
with ignore_warnings(category=RemovedInDjango50Warning):
site.register(City, admin.OSMGeoAdmin)
from __future__ import unicode_literals
from django.conf.urls.i18n import i18n_patterns
from django.http import HttpResponse, StreamingHttpResponse
from django.test import ignore_warnings
from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.translation import ugettext_lazy as _
# test deprecated version of i18n_patterns() function (with prefix). Remove it
# and convert to list of urls() in Django 2.0
i18n_patterns = ignore_warnings(category=RemovedInDjango20Warning)(i18n_patterns)
urlpatterns = i18n_patterns('',
(r'^simple/$', lambda r: HttpResponse()),
(r'^streaming/$', lambda r: StreamingHttpResponse([_("Yes"), "/", _("No")])),
)
def test_eq(self):
constraint_1 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
(F("datespan"), RangeOperators.OVERLAPS),
(F("room"), RangeOperators.EQUAL),
],
condition=Q(cancelled=False),
)
constraint_2 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
)
constraint_3 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[("datespan", RangeOperators.OVERLAPS)],
condition=Q(cancelled=False),
)
constraint_4 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
deferrable=Deferrable.DEFERRED,
)
constraint_5 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
deferrable=Deferrable.IMMEDIATE,
)
constraint_6 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
deferrable=Deferrable.IMMEDIATE,
include=["cancelled"],
)
constraint_7 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
include=["cancelled"],
)
with ignore_warnings(category=RemovedInDjango50Warning):
constraint_8 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
include=["cancelled"],
opclasses=["range_ops", "range_ops"],
)
constraint_9 = ExclusionConstraint(
name="exclude_overlapping",
expressions=[
("datespan", RangeOperators.OVERLAPS),
("room", RangeOperators.EQUAL),
],
opclasses=["range_ops", "range_ops"],
)
self.assertNotEqual(constraint_2, constraint_9)
self.assertNotEqual(constraint_7, constraint_8)
self.assertEqual(constraint_1, constraint_1)
self.assertEqual(constraint_1, mock.ANY)
self.assertNotEqual(constraint_1, constraint_2)
self.assertNotEqual(constraint_1, constraint_3)
self.assertNotEqual(constraint_1, constraint_4)
self.assertNotEqual(constraint_2, constraint_3)
self.assertNotEqual(constraint_2, constraint_4)
self.assertNotEqual(constraint_2, constraint_7)
self.assertNotEqual(constraint_4, constraint_5)
self.assertNotEqual(constraint_5, constraint_6)
self.assertNotEqual(constraint_1, object())
def test_is_safe_url(self):
bad_urls = (
"http://example.com",
"http:///example.com",
"https://example.com",
"ftp://example.com",
r"\\example.com",
r"\\\example.com",
r"/\\/example.com",
r"\\\example.com",
r"\\example.com",
r"\\//example.com",
r"/\/example.com",
r"\/example.com",
r"/\example.com",
"http:///example.com",
r"http:/\//example.com",
r"http:\/example.com",
r"http:/\example.com",
'javascript:alert("XSS")',
"\njavascript:alert(x)",
"\x08//example.com",
r"http://otherserver\@example.com",
r"http:\\testserver\@example.com",
r"http://testserver\me:[email protected]",
r"http://testserver\@example.com",
r"http:\\testserver\confirm\[email protected]",
"\n",
)
for bad_url in bad_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertFalse(http.is_safe_url(bad_url, host="testserver"), "%s should be blocked" % bad_url)
self.assertFalse(
http.is_safe_url(bad_url, allowed_hosts={"testserver", "testserver2"}), "%s should be blocked" % bad_url
)
good_urls = (
"/view/?param=http://example.com",
"/view/?param=https://example.com",
"/view?param=ftp://example.com",
"view/?param=//example.com",
"https://testserver/",
"HTTPS://testserver/",
"//testserver/",
"http://testserver/[email protected]",
"/url%20with%20spaces/",
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host="testserver"), "%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url, allowed_hosts={"otherserver", "testserver"}),
"%s should be allowed" % good_url,
)
# Valid basic auth credentials are allowed.
self.assertTrue(http.is_safe_url(r"http://*****:*****@testserver/", allowed_hosts={"user:pass@testserver"}))
# A path without host is allowed.
self.assertTrue(http.is_safe_url("/confirm/[email protected]"))
# Basic auth without host is not allowed.
self.assertFalse(http.is_safe_url(r"http://testserver\@example.com"))
def test_is_safe_url(self):
bad_urls = (
'http://example.com',
'http:///example.com',
'https://example.com',
'ftp://example.com',
r'\\example.com',
r'\\\example.com',
r'/\\/example.com',
r'\\\example.com',
r'\\example.com',
r'\\//example.com',
r'/\/example.com',
r'\/example.com',
r'/\example.com',
'http:///example.com',
r'http:/\//example.com',
r'http:\/example.com',
r'http:/\example.com',
'javascript:alert("XSS")',
'\njavascript:alert(x)',
'\x08//example.com',
r'http://otherserver\@example.com',
r'http:\\testserver\@example.com',
r'http://testserver\me:[email protected]',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\[email protected]',
'http:999999999',
'ftp:9999999999',
'\n',
'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
'http://*****:*****@example.com',
'/url%20with%20spaces/',
'path/http:2222222222',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host='testserver'),
"%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url,
allowed_hosts={'otherserver', 'testserver'}),
"%s should be allowed" % good_url,
)
# Valid basic auth credentials are allowed.
self.assertTrue(
http.is_safe_url(r'http://*****:*****@testserver/',
allowed_hosts={'user:pass@testserver'}))
# A path without host is allowed.
self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
# Basic auth without host is not allowed.
self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
def test_is_safe_url(self):
bad_urls = (
'http://example.com',
'http:///example.com',
'https://example.com',
'ftp://example.com',
r'\\example.com',
r'\\\example.com',
r'/\\/example.com',
r'\\\example.com',
r'\\example.com',
r'\\//example.com',
r'/\/example.com',
r'\/example.com',
r'/\example.com',
'http:///example.com',
r'http:/\//example.com',
r'http:\/example.com',
r'http:/\example.com',
'javascript:alert("XSS")',
'\njavascript:alert(x)',
'\x08//example.com',
r'http://otherserver\@example.com',
r'http:\\testserver\@example.com',
r'http://testserver\me:[email protected]',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\[email protected]',
'\n',
)
for bad_url in bad_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertFalse(http.is_safe_url(bad_url, host='testserver'), "%s should be blocked" % bad_url)
self.assertFalse(
http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}),
"%s should be blocked" % bad_url,
)
good_urls = (
'/view/?param=http://example.com',
'/view/?param=https://example.com',
'/view?param=ftp://example.com',
'view/?param=//example.com',
'https://testserver/',
'HTTPS://testserver/',
'//testserver/',
'http://testserver/[email protected]',
'/url%20with%20spaces/',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}),
"%s should be allowed" % good_url,
)
if six.PY2:
# Check binary URLs, regression tests for #26308
self.assertTrue(
http.is_safe_url(b'https://testserver/', allowed_hosts={'testserver'}),
"binary URLs should be allowed on Python 2"
)
self.assertFalse(http.is_safe_url(b'\x08//example.com', allowed_hosts={'testserver'}))
self.assertTrue(http.is_safe_url('àview/'.encode('utf-8'), allowed_hosts={'testserver'}))
self.assertFalse(http.is_safe_url('àview'.encode('latin-1'), allowed_hosts={'testserver'}))
# Valid basic auth credentials are allowed.
self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'}))
# A path without host is allowed.
self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
# Basic auth without host is not allowed.
self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
def test_is_safe_url(self):
bad_urls = (
'http://example.com',
'http:///example.com',
'https://example.com',
'ftp://example.com',
r'\\example.com',
r'\\\example.com',
r'/\\/example.com',
r'\\\example.com',
r'\\example.com',
r'\\//example.com',
r'/\/example.com',
r'\/example.com',
r'/\example.com',
'http:///example.com',
r'http:/\//example.com',
r'http:\/example.com',
r'http:/\example.com',
'javascript:alert("XSS")',
'\njavascript:alert(x)',
'\x08//example.com',
r'http://otherserver\@example.com',
r'http:\\testserver\@example.com',
r'http://testserver\me:[email protected]',
r'http://testserver\@example.com',
r'http:\\testserver\confirm\[email protected]',
'http:999999999',
'ftp:9999999999',
'\n',
'http://[2001:cdba:0000:0000:0000:0000:3257:9652/',
'http://*****:*****@example.com',
'/url%20with%20spaces/',
'path/http:2222222222',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}),
"%s should be allowed" % good_url,
)
# Valid basic auth credentials are allowed.
self.assertTrue(http.is_safe_url(r'http://*****:*****@testserver/', allowed_hosts={'user:pass@testserver'}))
# A path without host is allowed.
self.assertTrue(http.is_safe_url('/confirm/[email protected]'))
# Basic auth without host is not allowed.
self.assertFalse(http.is_safe_url(r'http://testserver\@example.com'))
