class HttpTestCase(TestCase): def setUp(self): self.client = Client() self.sites = SitesCollection() # For each test case, test site must exist, so it can be set # by SetSiteMiddleware self.site = self.sites.create_item(SINGLE_SITE_ID) self.site.aliases.create_item(TEST_SITE) def post(self, url, args): return self.client.post(url, json.dumps(args), 'application/json; charset=UTF-8', HTTP_SITE_URL=TEST_SITE) """ To be used for views that are not contacted via Ajax. """ def post_form(self, url, args): return self.client.post(url, args) def get(self, url, **extra_headers): return self.client.get(url, HTTP_SITE_URL=TEST_SITE, **extra_headers) def put(self, url, args=None): if args is None: return self.client.put(url, HTTP_SITE_URL=TEST_SITE) return self.client.put(url, data=json.dumps(args), content_type='application/json; charset=UTF-8', HTTP_SITE_URL=TEST_SITE) def delete(self, url): return self.client.delete(url, HTTP_SITE_URL=TEST_SITE)
def setUp(self): self.middleware = SiteUrlMiddleware() self.factory = RequestFactory() sites_collection = SitesCollection() self.site_url = 'https://foo.example.com' self.site = sites_collection.create_item(SINGLE_SITE_ID) self.site.aliases.create_item(self.site_url)
class HttpTestCase(TestCase): def setUp(self): self.client = Client() self.sites = SitesCollection() # For each test case, test site must exist, so it can be set # by SetSiteMiddleware self.site = self.sites.create_item(SINGLE_SITE_ID) self.site.aliases.create_item(TEST_SITE) def post(self, url, args): return self.client.post( url, json.dumps(args), 'application/json; charset=UTF-8', HTTP_SITE_URL=TEST_SITE) """ To be used for views that are not contacted via Ajax. """ def post_form(self, url, args): return self.client.post(url, args) def get(self, url, **extra_headers): return self.client.get(url, HTTP_SITE_URL=TEST_SITE, **extra_headers) def put(self, url, args=None): if args is None: return self.client.put(url, HTTP_SITE_URL=TEST_SITE) return self.client.put( url, data=json.dumps(args), content_type='application/json; charset=UTF-8', HTTP_SITE_URL=TEST_SITE) def delete(self, url): return self.client.delete(url, HTTP_SITE_URL=TEST_SITE)
class VerifiedEmailBackendTest(TestCase): def setUp(self): self.sites = SitesCollection() self.site = self.sites.create_item(TEST_SITE_URL) self.backend = VerifiedEmailBackend() def user_token(self): return generate_login_token(self.site, TEST_SITE_URL, TEST_USER_EMAIL) def test_token_valid(self): user = self.site.users.create_item(TEST_USER_EMAIL) auth_user = self.backend.authenticate( self.site, TEST_SITE_URL, self.user_token()) self.assertEqual(user, auth_user) def test_token_invalid(self): user = self.site.users.create_item(TEST_USER_EMAIL) self.assertRaisesRegexp(AuthenticationError, 'Token invalid or expired', self.backend.authenticate, self.site, TEST_SITE_URL, self.user_token() + 'x') def test_token_for_different_site(self): user = self.site.users.create_item(TEST_USER_EMAIL) token = generate_login_token( self.site, 'http://example.com', TEST_USER_EMAIL) self.assertRaisesRegexp(AuthenticationError, 'Token invalid or expired', self.backend.authenticate, self.site, TEST_SITE_URL, token) def test_no_such_user(self): auth_user = self.backend.authenticate( self.site, TEST_SITE_URL, self.user_token()) self.assertIsNone(auth_user) def test_site_with_open_location_user_created(self): location = self.site.locations.create_item('/foo/') location.grant_open_access(require_login=True) auth_user = self.backend.authenticate( self.site, TEST_SITE_URL, self.user_token()) self.assertIsNotNone(auth_user) self.assertEqual(TEST_USER_EMAIL, auth_user.email) def test_site_with_open_location_user_limit_exceeded(self): self.site.users_limit = 0 location = self.site.locations.create_item('/foo/') location.grant_open_access(require_login=True) self.assertRaisesRegexp(AuthenticationError, 'Users limit exceeded', self.backend.authenticate, self.site, TEST_SITE_URL, self.user_token())
class VerifiedEmailBackendTest(TestCase): def setUp(self): self.sites = SitesCollection() self.site = self.sites.create_item(TEST_SITE_URL) self.backend = VerifiedEmailBackend() def user_token(self): return generate_login_token(self.site, TEST_SITE_URL, TEST_USER_EMAIL) def test_token_valid(self): user = self.site.users.create_item(TEST_USER_EMAIL) auth_user = self.backend.authenticate(self.site, TEST_SITE_URL, self.user_token()) self.assertEqual(user, auth_user) def test_token_invalid(self): user = self.site.users.create_item(TEST_USER_EMAIL) self.assertRaisesRegexp( AuthenticationError, "Token invalid or expired", self.backend.authenticate, self.site, TEST_SITE_URL, self.user_token() + "x", ) def test_token_for_different_site(self): user = self.site.users.create_item(TEST_USER_EMAIL) token = generate_login_token(self.site, "http://example.com", TEST_USER_EMAIL) self.assertRaisesRegexp( AuthenticationError, "Token invalid or expired", self.backend.authenticate, self.site, TEST_SITE_URL, token ) def test_no_such_user(self): auth_user = self.backend.authenticate(self.site, TEST_SITE_URL, self.user_token()) self.assertIsNone(auth_user) def test_site_with_open_location_user_created(self): location = self.site.locations.create_item("/foo/") location.grant_open_access(require_login=True) auth_user = self.backend.authenticate(self.site, TEST_SITE_URL, self.user_token()) self.assertIsNotNone(auth_user) self.assertEqual(TEST_USER_EMAIL, auth_user.email) def test_site_with_open_location_user_limit_exceeded(self): self.site.users_limit = 0 location = self.site.locations.create_item("/foo/") location.grant_open_access(require_login=True) self.assertRaisesRegexp( AuthenticationError, "Users limit exceeded", self.backend.authenticate, self.site, TEST_SITE_URL, self.user_token(), )
class ModelTestCase(TestCase): def setUp(self): self.sites = SitesCollection() self.site = self.sites.create_item(TEST_SITE) self.site2 = self.sites.create_item(TEST_SITE2) self.aliases = self.site.aliases self.locations = self.site.locations self.users = self.site.users @contextmanager def assert_site_modified(self, site): mod_id = site.mod_id yield self.assertNotEqual(mod_id, site.mod_id) self.assertEqual(site.mod_id, site.get_mod_id_ts()) @contextmanager def assert_site_not_modified(self, site): mod_id = site.mod_id yield self.assertEqual(mod_id, site.mod_id)
class LoginToken(TestCase): def setUp(self): self.sites = SitesCollection() # For each test case, test site must exist, so it can be set # by SetSiteMiddleware self.site = self.sites.create_item(SINGLE_SITE_ID) self.site.aliases.create_item(TEST_SITE) def test_load_valid_token(self): token = generate_login_token(self.site, TEST_SITE, '*****@*****.**') email = load_login_token(self.site, TEST_SITE, token) self.assertEqual('*****@*****.**', email) def test_load_invalid_token(self): token = generate_login_token(self.site, TEST_SITE, '*****@*****.**') self.assertIsNone(load_login_token(self.site, TEST_SITE, token + 'x')) def test_load_valid_token_for_different_site(self): token = generate_login_token(self.site, TEST_SITE, '*****@*****.**') self.assertIsNone(load_login_token(self.site, 'https://foo.org', token))
class SiteUrlMiddlewareTest(TestCase): def setUp(self): self.middleware = SiteUrlMiddleware() self.request = HttpRequest() self.sites = SitesCollection() self.request.site = self.sites.create_item(SINGLE_SITE_ID) self.site_url = 'https://foo.example.com' self.request.site.aliases.create_item(self.site_url) def test_allowed_site_url_https(self): self.request.META['HTTP_SITE_URL'] = self.site_url self.assertIsNone(self.middleware.process_request(self.request)) self.assertEqual(self.site_url, self.request.site_url) self.assertEqual('foo.example.com', self.request.get_host()) self.assertTrue(self.request.https) self.assertTrue(self.request.is_secure()) def test_allowed_site_url_http(self): url = 'http://bar.example.com' self.request.site.aliases.create_item(url) self.request.META['HTTP_SITE_URL'] = url self.assertIsNone(self.middleware.process_request(self.request)) self.assertEqual(url, self.request.site_url) self.assertEqual('bar.example.com', self.request.get_host()) self.assertFalse(self.request.https) self.assertFalse(self.request.is_secure()) def test_allowed_site_url_with_port(self): url = 'http://bar.example.com:123' self.request.site.aliases.create_item(url) self.request.META['HTTP_SITE_URL'] = url self.assertIsNone(self.middleware.process_request(self.request)) self.assertEqual(url, self.request.site_url) self.assertEqual('bar.example.com:123', self.request.get_host()) self.assertFalse(self.request.https) self.assertFalse(self.request.is_secure()) def test_not_allowed_site_url(self): self.request.META['HTTP_SITE_URL'] = 'https://bar.example.com' response = self.middleware.process_request(self.request) self.assertIsNotNone(response) self.assertEqual(400, response.status_code) self.assertRegexpMatches(response.content, 'Invalid request URL') def test_not_allowed_site_url2(self): self.request.META['HTTP_SITE_URL'] = 'https://foo.example.com:80' response = self.middleware.process_request(self.request) self.assertIsNotNone(response) self.assertEqual(400, response.status_code) self.assertRegexpMatches(response.content, 'Invalid request URL') def test_missing_site_url(self): response = self.middleware.process_request(self.request) self.assertEqual(400, response.status_code) self.assertRegexpMatches(response.content, 'Missing Site-Url header') def test_invalid_site_url(self): self.request.META['HTTP_SITE_URL'] = 'foo.example.org' response = self.middleware.process_request(self.request) self.assertEqual(400, response.status_code) self.assertRegexpMatches(response.content, 'Site-Url has incorrect format') def test_allowed_site_with_explicit_port(self): # Request with correct explicit port should be accepted, port # should be removed. self.request.META['HTTP_SITE_URL'] = self.site_url + ':443' self.assertIsNone(self.middleware.process_request(self.request)) self.assertEqual(self.site_url, self.request.site_url) self.assertEqual('foo.example.com', self.request.get_host()) self.assertTrue(self.request.https) self.assertTrue(self.request.is_secure()) def test_not_allowed_http_site_redirects_to_https_if_exists(self): self.request.META['HTTP_SITE_URL'] = 'http://foo.example.com' self.request.path = '/bar?baz=true' response = self.middleware.process_request(self.request) self.assertIsNotNone(response) self.assertEqual(302, response.status_code) self.assertEqual('https://foo.example.com/bar?baz=true', response['Location']) def test_https_redirects_for_auth_request(self): self.request.META['HTTP_SITE_URL'] = 'http://foo.example.com' self.request.path = '/auth/api/is-authorized/?path=/foo/bar/baz' response = self.middleware.process_request(self.request) self.assertIsNotNone(response) self.assertEqual(302, response.status_code) self.assertEqual('https://foo.example.com/foo/bar/baz', response['Location'])