def setUp(self):
super(SecureTestCase, self).setUp()
self.url = '/hilbert/test/secure/'
self.client.handler.load_middleware()
self.middleware = SSLRedirectMiddleware()
self.client.handler._request_middleware.insert(0, self.middleware.process_request)
self.client.handler._view_middleware.insert(0, self.middleware.process_view)
def setUp(self):
super(SSLRedirectMiddlewareTestCase, self).setUp()
settings.SSL_PATTERNS = [r'pattern/$', ]
self.middleware = SSLRedirectMiddleware()
class SSLRedirectMiddlewareTestCase(MiddlewareTestCase):
def setUp(self):
super(SSLRedirectMiddlewareTestCase, self).setUp()
settings.SSL_PATTERNS = [r'pattern/$', ]
self.middleware = SSLRedirectMiddleware()
def test_ssl_kwarg(self):
"""
Make HTTP request to SSL view and check for redirect.
"""
request = self.get('http/')
self.assertFalse(request.is_secure())
response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
self.assertTrue(isinstance(response, HttpResponse))
self.assertEqual(response.status_code, 301)
def test_no_redirect(self):
"""
Make HTTPS request to SSL view.
There should be no redirect.
"""
request = self.get('https/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
self.assertTrue(response is None)
def test_post_redirect_warning(self):
"""
Make HTTP POST to SSL view with DEBUG on.
Raises RuntimeError to warn the user.
"""
settings.DEBUG = True
request = self.post('post/')
self.assertFalse(request.is_secure())
self.assertRaises(RuntimeError, self.middleware.process_view, request, simple_view, [], {'SSL': True})
settings.DEBUG = False
def test_http_no_kwarg(self):
"""
Make HTTP request to non-SSL view.
There should be no redirect.
"""
request = self.get('http/')
self.assertFalse(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
def test_https_no_kwarg_no_whitelist(self):
"""
Make HTTPS request to non-SSL view.
There should be no redirect if SSL_WHITELIST is FALSE.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = False
try:
request = self.get('https/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
finally:
settings.SSL_WHITELIST = whitelist
def test_https_no_kwarg_whitelist(self):
"""
Make HTTPS request to non-SSL view.
Check for redirect if SSL_WHITELIST is True.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = True
try:
request = self.get('http/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(isinstance(response, HttpResponse))
self.assertEqual(response.status_code, 301)
finally:
settings.SSL_WHITELIST = whitelist
def test_whitelist_keep_secure(self):
"""
Make HTTPS request to non-SSL view but request was marked as keep_secure.
There should be no redirect even if SSL_WHITELIST is True.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = True
try:
request = self.get('http/', ssl=True)
self.assertTrue(request.is_secure())
request.keep_secure = True
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
finally:
settings.SSL_WHITELIST = whitelist
def test_https_kwarg_whitelist(self):
"""
Make HTTPS request to SSL view and SSL_WHITELIST is True.
There should be no redirect.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = True
try:
request = self.get('https/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
self.assertTrue(response is None)
finally:
settings.SSL_WHITELIST = whitelist
def test_pattern_match(self):
"""
Make HTTP request to SSL pattern and check for redirect.
"""
request = self.get('pattern/')
self.assertFalse(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(isinstance(response, HttpResponse))
self.assertEqual(response.status_code, 301)
def test_no_pattern_match(self):
"""
Make HTTP request to non-SSL pattern.
There should be no redirect.
"""
request = self.get('simple/')
self.assertFalse(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
def test_no_pattern_match_https_no_whitelist(self):
"""
Make HTTPS request to non-SSL pattern.
There should be no redirect if SSL_WHITELIST is False.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = False
try:
request = self.get('simple/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
finally:
settings.SSL_WHITELIST = whitelist
def test_no_pattern_match_https_whitelist(self):
"""
Make HTTPS request to non-SSL pattern.
Check for redirect if SSL_WHITELIST is True.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = True
try:
request = self.get('simple/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(isinstance(response, HttpResponse))
self.assertEqual(response.status_code, 301)
finally:
settings.SSL_WHITELIST = whitelist
def test_pattern_match_https_whitelist(self):
"""
Make HTTPS request to SSL pattern with SSL_WHITELIST is True.
There should be no redirect.
"""
whitelist = getattr(settings, 'SSL_WHITELIST', False)
settings.SSL_WHITELIST = True
try:
request = self.get('pattern/', ssl=True)
self.assertTrue(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
finally:
settings.SSL_WHITELIST = whitelist
def test_not_enabled_kwarg(self):
"""
Make HTTP request to SSL view without SSL_ENABLED.
There should be no redirect.
"""
ssl = getattr(settings, 'SSL_ENABLED', False)
settings.SSL_ENABLED = False
try:
request = self.get('http/')
self.assertFalse(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {'SSL': True})
self.assertTrue(response is None)
finally:
settings.SSL_ENABLED = ssl
def test_not_enabled_pattern(self):
"""
Make HTTP request to SSL pattern without SSL_ENABLED.
There should be no redirect.
"""
ssl = getattr(settings, 'SSL_ENABLED', False)
settings.SSL_ENABLED = False
try:
request = self.get('pattern/')
self.assertFalse(request.is_secure())
response = self.middleware.process_request(request)
self.assertTrue(response is None)
response = self.middleware.process_view(request, simple_view, [], {})
self.assertTrue(response is None)
finally:
settings.SSL_ENABLED = ssl
