def test_OAuth_signed_requests(self): # Requests that are OAuth signed are allowed. request = LaunchpadTestRequest(method='POST', environ=dict(PATH_INFO='/')) directlyProvides(request, IOAuthSignedRequest) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_nonbrowser_requests(self): # Requests that are from non-browsers are allowed. class FakeNonBrowserRequest: method = 'SOMETHING' # this call shouldn't raise an exception maybe_block_offsite_form_post(FakeNonBrowserRequest)
def test_OAuth_signed_requests(self): # Requests that are OAuth signed are allowed. request = LaunchpadTestRequest( method='POST', environ=dict(PATH_INFO='/')) directlyProvides(request, IOAuthSignedRequest) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_localhost_is_ok(self): # we accept "localhost" and "localhost:9000" as valid referrers. See # comments in the code as to why and for a related bug report. request = LaunchpadTestRequest( method='POST', environ=dict(PATH_INFO='/', REFERER='localhost')) # this doesn't raise an exception maybe_block_offsite_form_post(request)
def test_openid_callback_with_query_string(self): # An OpenId provider (OP) may post to the +openid-callback URL with a # query string and without a referer. These posts need to be allowed. path_info = u'/+openid-callback?starting_url=...' request = LaunchpadTestRequest(method='POST', environ=dict(PATH_INFO=path_info)) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_openid_callback_with_query_string(self): # An OpenId provider (OP) may post to the +openid-callback URL with a # query string and without a referer. These posts need to be allowed. path_info = u'/+openid-callback?starting_url=...' request = LaunchpadTestRequest( method='POST', environ=dict(PATH_INFO=path_info)) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_whitelisted_paths(self): # There are a few whitelisted POST targets that don't require the # referrer be LP. See comments in the code as to why and for related # bug reports. for path in OFFSITE_POST_WHITELIST: request = LaunchpadTestRequest(method='POST', environ=dict(PATH_INFO=path)) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_onsite_posts(self): # Other than the explicit exceptions, all POSTs have to come from a # known LP virtual host. for hostname in allvhosts.hostnames: referer = 'http://' + hostname + '/foo' request = LaunchpadTestRequest( method='POST', environ=dict(PATH_INFO='/', REFERER=referer)) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_whitelisted_paths(self): # There are a few whitelisted POST targets that don't require the # referrer be LP. See comments in the code as to why and for related # bug reports. for path in OFFSITE_POST_WHITELIST: request = LaunchpadTestRequest( method='POST', environ=dict(PATH_INFO=path)) # this call shouldn't raise an exception maybe_block_offsite_form_post(request)
def test_nonPOST_requests(self): # If the request isn't a POST it is always allowed. request = LaunchpadTestRequest(method='SOMETHING') maybe_block_offsite_form_post(request)