def test_custom_form(self): _old_form = settings.FORM settings.FORM = 'lockdown.tests.forms.CustomLockdownForm' middleware._default_form = middleware.get_lockdown_form(settings.FORM) try: response = self.client.post(self.locked_url, {'answer': '42'}, follow=True) self.assertContains(response, self.locked_contents) finally: settings.FORM = _old_form middleware._default_form = middleware.get_lockdown_form( settings.FORM)
def test_custom_form(self): """Test if access using a custom lockdown form works.""" _old_form = settings.FORM settings.FORM = 'lockdown.tests.forms.CustomLockdownForm' middleware._default_form = middleware.get_lockdown_form(settings.FORM) try: response = self.client.post(self.locked_url, {'answer': '42'}, follow=True) self.assertEqual(response.content, self.locked_contents) finally: settings.FORM = _old_form middleware._default_form = middleware.get_lockdown_form( settings.FORM)
def setUp(self): """Basic setup for all tests.""" self._old_pw = settings.PASSWORDS settings.PASSWORDS = ('letmein',) self._old_form = settings.FORM settings.FORM = 'lockdown.forms.LockdownForm' middleware._default_form = middleware.get_lockdown_form(settings.FORM)
def setUp(self): self._old_middleware_classes = django_settings.MIDDLEWARE_CLASSES self._old_template_dirs = django_settings.TEMPLATE_DIRS django_settings.TEMPLATE_DIRS = [os.path.join( os.path.dirname(os.path.realpath(__file__)), 'templates')] self._old_pw = settings.PASSWORDS settings.PASSWORDS = ('letmein',) self._old_form = settings.FORM settings.FORM = 'lockdown.forms.LockdownForm' middleware._default_form = middleware.get_lockdown_form(settings.FORM)
def tearDown(self): django_settings.MIDDLEWARE_CLASSES = self._old_middleware_classes django_settings.TEMPLATE_DIRS = self._old_template_dirs settings.PASSWORDS = self._old_pw settings.FORM = self._old_form middleware._default_form = middleware.get_lockdown_form(settings.FORM)
def tearDown(self): """Tearing down all settings made for the tests after running them.""" settings.PASSWORDS = self._old_pw settings.FORM = self._old_form middleware._default_form = middleware.get_lockdown_form(settings.FORM)
def process_request(self, request): if 'HTTP_X_LOCKDOWN' not in request.META: return None try: session = request.session except AttributeError: raise ImproperlyConfigured('django-lockdown requires the Django ' 'sessions framework') # Don't lock down if the URL matches an exception pattern. if self.url_exceptions: url_exceptions = compile_url_exceptions(self.url_exceptions) else: url_exceptions = compile_url_exceptions( lockdown_settings.URL_EXCEPTIONS) for pattern in url_exceptions: if pattern.search(request.path): return None # Don't lock down if outside of the lockdown dates. if self.until_date is None: until_date = lockdown_settings.UNTIL_DATE else: until_date = self.until_date if self.after_date is None: after_date = lockdown_settings.AFTER_DATE else: after_date = self.after_date if until_date or after_date: locked_date = False if until_date and datetime.datetime.now() < until_date: locked_date = True if after_date and datetime.datetime.now() > after_date: locked_date = True if not locked_date: return None passwords = (request.META['HTTP_X_LOCKDOWN'], ) form_data = request.method == 'POST' and request.POST or None if self.form: form_class = self.form else: form_class = get_lockdown_form(lockdown_settings.FORM) form = form_class(passwords=passwords, data=form_data, **self.form_kwargs) authorized = False token = session.get(self.session_key) if hasattr(form, 'authenticate'): if form.authenticate(token): authorized = True elif token is True: authorized = True if authorized and self.logout_key and self.logout_key in request.GET: if self.session_key in session: del session[self.session_key] url = request.path querystring = request.GET.copy() del querystring[self.logout_key] if querystring: url = '%s?%s' % (url, querystring.urlencode()) return self.redirect(request) # Don't lock down if the user is already authorized for previewing. if authorized: return None if form.is_valid(): if hasattr(form, 'generate_token'): token = form.generate_token() else: token = True session[self.session_key] = token return self.redirect(request) page_data = {'until_date': until_date, 'after_date': after_date} if not hasattr(form, 'show_form') or form.show_form(): page_data['form'] = form response = render_to_response('lockdown/form.html', page_data) response.status_code = 401 return response