diff options
| author | Baptiste Mispelon <bmispelon@gmail.com> | 2013-10-29 23:31:53 +0100 |
|---|---|---|
| committer | Baptiste Mispelon <bmispelon@gmail.com> | 2013-10-30 07:55:07 +0100 |
| commit | 5733764a2c2923ae9a1b7c91de5a8d15414c99ef (patch) | |
| tree | 33780f51d6f23327a665577a2decbc020c698f6d | |
| parent | 3c5cdaf47aae7e4f21398be1a5eaa07f7c5ce31c (diff) | |
Added some more tests for the debug page.
* Missing tests for ticket #12744
* Tests for the cleanse_setting feature (leaving out sensitive
settings from the debug page)
| -rw-r--r-- | tests/view_tests/tests/test_debug.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 5c011a91b0..b22c7aad43 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -596,6 +596,50 @@ class ExceptionReporterFilterTests(TestCase, ExceptionReportTestMixin): response = self.client.get('/views/raises500/') self.assertNotContains(response, "This should not be displayed", status_code=500) + def test_dict_setting_with_non_str_key(self): + """ + A dict setting containing a non-string key should not break the + debug page (#12744). + """ + with self.settings(DEBUG=True, FOOBAR={42: None}): + response = self.client.get('/views/raises500/') + self.assertContains(response, 'FOOBAR', status_code=500) + + def test_sensitive_settings(self): + """ + The debug page should not show some sensitive settings + (password, secret key, ...). + """ + sensitive_settings = [ + 'SECRET_KEY', + 'PASSWORD', + 'API_KEY', + 'AUTH_TOKEN', + ] + for setting in sensitive_settings: + with self.settings(DEBUG=True, **{setting: "should not be displayed"}): + response = self.client.get('/views/raises500/') + self.assertNotContains(response, 'should not be displayed', status_code=500) + + def test_settings_with_sensitive_keys(self): + """ + The debug page should filter out some sensitive information found in + dict settings. + """ + sensitive_settings = [ + 'SECRET_KEY', + 'PASSWORD', + 'API_KEY', + 'AUTH_TOKEN', + ] + for setting in sensitive_settings: + FOOBAR = { + setting: "should not be displayed", + 'recursive': {setting: "should not be displayed"}, + } + with self.settings(DEBUG=True, FOOBAR=FOOBAR): + response = self.client.get('/views/raises500/') + self.assertNotContains(response, 'should not be displayed', status_code=500) class AjaxResponseExceptionReporterFilter(TestCase, ExceptionReportTestMixin): """ |
