diff options
| author | django-bot <ops@djangoproject.com> | 2022-02-03 20:24:19 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-02-07 20:37:05 +0100 |
| commit | 9c19aff7c7561e3a82978a272ecdaad40dda5c00 (patch) | |
| tree | f0506b668a013d0063e5fba3dbf4863b466713ba /tests/middleware | |
| parent | f68fa8b45dfac545cfc4111d4e52804c86db68d3 (diff) | |
Refs #33476 -- Reformatted code with Black.
Diffstat (limited to 'tests/middleware')
| -rw-r--r-- | tests/middleware/cond_get_urls.py | 2 | ||||
| -rw-r--r-- | tests/middleware/extra_urls.py | 6 | ||||
| -rw-r--r-- | tests/middleware/test_security.py | 88 | ||||
| -rw-r--r-- | tests/middleware/tests.py | 535 | ||||
| -rw-r--r-- | tests/middleware/urls.py | 12 | ||||
| -rw-r--r-- | tests/middleware/views.py | 2 |
6 files changed, 361 insertions, 284 deletions
diff --git a/tests/middleware/cond_get_urls.py b/tests/middleware/cond_get_urls.py index 8de6bdce0a..884ef6ad38 100644 --- a/tests/middleware/cond_get_urls.py +++ b/tests/middleware/cond_get_urls.py @@ -2,5 +2,5 @@ from django.http import HttpResponse from django.urls import path urlpatterns = [ - path('', lambda request: HttpResponse('root is here')), + path("", lambda request: HttpResponse("root is here")), ] diff --git a/tests/middleware/extra_urls.py b/tests/middleware/extra_urls.py index 4a4289a95d..faa6ed9f4c 100644 --- a/tests/middleware/extra_urls.py +++ b/tests/middleware/extra_urls.py @@ -3,7 +3,7 @@ from django.urls import path from . import views urlpatterns = [ - path('customurlconf/noslash', views.empty_view), - path('customurlconf/slash/', views.empty_view), - path('customurlconf/needsquoting#/', views.empty_view), + path("customurlconf/noslash", views.empty_view), + path("customurlconf/slash/", views.empty_view), + path("customurlconf/needsquoting#/", views.empty_view), ] diff --git a/tests/middleware/test_security.py b/tests/middleware/test_security.py index 49432fbc8a..dd220b8f4c 100644 --- a/tests/middleware/test_security.py +++ b/tests/middleware/test_security.py @@ -6,6 +6,7 @@ from django.test.utils import override_settings class SecurityMiddlewareTest(SimpleTestCase): def middleware(self, *args, **kwargs): from django.middleware.security import SecurityMiddleware + return SecurityMiddleware(self.response(*args, **kwargs)) @property @@ -19,6 +20,7 @@ class SecurityMiddlewareTest(SimpleTestCase): for k, v in headers.items(): response.headers[k] = v return response + return get_response def process_response(self, *args, secure=False, request=None, **kwargs): @@ -47,8 +49,8 @@ class SecurityMiddlewareTest(SimpleTestCase): "Strict-Transport-Security: max-age=3600" to the response. """ self.assertEqual( - self.process_response(secure=True).headers['Strict-Transport-Security'], - 'max-age=3600', + self.process_response(secure=True).headers["Strict-Transport-Security"], + "max-age=3600", ) @override_settings(SECURE_HSTS_SECONDS=3600) @@ -58,8 +60,8 @@ class SecurityMiddlewareTest(SimpleTestCase): already present in the response. """ response = self.process_response( - secure=True, - headers={"Strict-Transport-Security": "max-age=7200"}) + secure=True, headers={"Strict-Transport-Security": "max-age=7200"} + ) self.assertEqual(response.headers["Strict-Transport-Security"], "max-age=7200") @override_settings(SECURE_HSTS_SECONDS=3600) @@ -69,7 +71,7 @@ class SecurityMiddlewareTest(SimpleTestCase): over an insecure connection. """ self.assertNotIn( - 'Strict-Transport-Security', + "Strict-Transport-Security", self.process_response(secure=False).headers, ) @@ -80,7 +82,7 @@ class SecurityMiddlewareTest(SimpleTestCase): "Strict-Transport-Security" header to the response. """ self.assertNotIn( - 'Strict-Transport-Security', + "Strict-Transport-Security", self.process_response(secure=True).headers, ) @@ -93,8 +95,8 @@ class SecurityMiddlewareTest(SimpleTestCase): """ response = self.process_response(secure=True) self.assertEqual( - response.headers['Strict-Transport-Security'], - 'max-age=600; includeSubDomains', + response.headers["Strict-Transport-Security"], + "max-age=600; includeSubDomains", ) @override_settings(SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=False) @@ -116,11 +118,15 @@ class SecurityMiddlewareTest(SimpleTestCase): """ response = self.process_response(secure=True) self.assertEqual( - response.headers['Strict-Transport-Security'], - 'max-age=10886400; preload', + response.headers["Strict-Transport-Security"], + "max-age=10886400; preload", ) - @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_INCLUDE_SUBDOMAINS=True, SECURE_HSTS_PRELOAD=True) + @override_settings( + SECURE_HSTS_SECONDS=10886400, + SECURE_HSTS_INCLUDE_SUBDOMAINS=True, + SECURE_HSTS_PRELOAD=True, + ) def test_sts_subdomains_and_preload(self): """ With SECURE_HSTS_SECONDS non-zero, SECURE_HSTS_INCLUDE_SUBDOMAINS and @@ -130,8 +136,8 @@ class SecurityMiddlewareTest(SimpleTestCase): """ response = self.process_response(secure=True) self.assertEqual( - response.headers['Strict-Transport-Security'], - 'max-age=10886400; includeSubDomains; preload', + response.headers["Strict-Transport-Security"], + "max-age=10886400; includeSubDomains; preload", ) @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=False) @@ -143,8 +149,8 @@ class SecurityMiddlewareTest(SimpleTestCase): """ response = self.process_response(secure=True) self.assertEqual( - response.headers['Strict-Transport-Security'], - 'max-age=10886400', + response.headers["Strict-Transport-Security"], + "max-age=10886400", ) @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) @@ -154,8 +160,8 @@ class SecurityMiddlewareTest(SimpleTestCase): "X-Content-Type-Options: nosniff" header to the response. """ self.assertEqual( - self.process_response().headers['X-Content-Type-Options'], - 'nosniff', + self.process_response().headers["X-Content-Type-Options"], + "nosniff", ) @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) @@ -164,7 +170,9 @@ class SecurityMiddlewareTest(SimpleTestCase): The middleware will not override an "X-Content-Type-Options" header already present in the response. """ - response = self.process_response(secure=True, headers={"X-Content-Type-Options": "foo"}) + response = self.process_response( + secure=True, headers={"X-Content-Type-Options": "foo"} + ) self.assertEqual(response.headers["X-Content-Type-Options"], "foo") @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=False) @@ -173,7 +181,7 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_CONTENT_TYPE_NOSNIFF False, the middleware does not add an "X-Content-Type-Options" header to the response. """ - self.assertNotIn('X-Content-Type-Options', self.process_response().headers) + self.assertNotIn("X-Content-Type-Options", self.process_response().headers) @override_settings(SECURE_SSL_REDIRECT=True) def test_ssl_redirect_on(self): @@ -225,7 +233,7 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_REFERRER_POLICY set to None, the middleware does not add a "Referrer-Policy" header to the response. """ - self.assertNotIn('Referrer-Policy', self.process_response().headers) + self.assertNotIn("Referrer-Policy", self.process_response().headers) def test_referrer_policy_on(self): """ @@ -233,27 +241,29 @@ class SecurityMiddlewareTest(SimpleTestCase): "Referrer-Policy" header to the response. """ tests = ( - ('strict-origin', 'strict-origin'), - ('strict-origin,origin', 'strict-origin,origin'), - ('strict-origin, origin', 'strict-origin,origin'), - (['strict-origin', 'origin'], 'strict-origin,origin'), - (('strict-origin', 'origin'), 'strict-origin,origin'), + ("strict-origin", "strict-origin"), + ("strict-origin,origin", "strict-origin,origin"), + ("strict-origin, origin", "strict-origin,origin"), + (["strict-origin", "origin"], "strict-origin,origin"), + (("strict-origin", "origin"), "strict-origin,origin"), ) for value, expected in tests: - with self.subTest(value=value), override_settings(SECURE_REFERRER_POLICY=value): + with self.subTest(value=value), override_settings( + SECURE_REFERRER_POLICY=value + ): self.assertEqual( - self.process_response().headers['Referrer-Policy'], + self.process_response().headers["Referrer-Policy"], expected, ) - @override_settings(SECURE_REFERRER_POLICY='strict-origin') + @override_settings(SECURE_REFERRER_POLICY="strict-origin") def test_referrer_policy_already_present(self): """ The middleware will not override a "Referrer-Policy" header already present in the response. """ - response = self.process_response(headers={'Referrer-Policy': 'unsafe-url'}) - self.assertEqual(response.headers['Referrer-Policy'], 'unsafe-url') + response = self.process_response(headers={"Referrer-Policy": "unsafe-url"}) + self.assertEqual(response.headers["Referrer-Policy"], "unsafe-url") @override_settings(SECURE_CROSS_ORIGIN_OPENER_POLICY=None) def test_coop_off(self): @@ -261,13 +271,13 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_CROSS_ORIGIN_OPENER_POLICY set to None, the middleware does not add a "Cross-Origin-Opener-Policy" header to the response. """ - self.assertNotIn('Cross-Origin-Opener-Policy', self.process_response()) + self.assertNotIn("Cross-Origin-Opener-Policy", self.process_response()) def test_coop_default(self): """SECURE_CROSS_ORIGIN_OPENER_POLICY defaults to same-origin.""" self.assertEqual( - self.process_response().headers['Cross-Origin-Opener-Policy'], - 'same-origin', + self.process_response().headers["Cross-Origin-Opener-Policy"], + "same-origin", ) def test_coop_on(self): @@ -275,21 +285,23 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_CROSS_ORIGIN_OPENER_POLICY set to a valid value, the middleware adds a "Cross-Origin_Opener-Policy" header to the response. """ - tests = ['same-origin', 'same-origin-allow-popups', 'unsafe-none'] + tests = ["same-origin", "same-origin-allow-popups", "unsafe-none"] for value in tests: with self.subTest(value=value), override_settings( SECURE_CROSS_ORIGIN_OPENER_POLICY=value, ): self.assertEqual( - self.process_response().headers['Cross-Origin-Opener-Policy'], + self.process_response().headers["Cross-Origin-Opener-Policy"], value, ) - @override_settings(SECURE_CROSS_ORIGIN_OPENER_POLICY='unsafe-none') + @override_settings(SECURE_CROSS_ORIGIN_OPENER_POLICY="unsafe-none") def test_coop_already_present(self): """ The middleware doesn't override a "Cross-Origin-Opener-Policy" header already present in the response. """ - response = self.process_response(headers={'Cross-Origin-Opener-Policy': 'same-origin'}) - self.assertEqual(response.headers['Cross-Origin-Opener-Policy'], 'same-origin') + response = self.process_response( + headers={"Cross-Origin-Opener-Policy": "same-origin"} + ) + self.assertEqual(response.headers["Cross-Origin-Opener-Policy"], "same-origin") diff --git a/tests/middleware/tests.py b/tests/middleware/tests.py index 8842552f77..c3e93236a6 100644 --- a/tests/middleware/tests.py +++ b/tests/middleware/tests.py @@ -9,13 +9,16 @@ from django.conf import settings from django.core import mail from django.core.exceptions import PermissionDenied from django.http import ( - FileResponse, HttpRequest, HttpResponse, HttpResponseNotFound, - HttpResponsePermanentRedirect, HttpResponseRedirect, StreamingHttpResponse, + FileResponse, + HttpRequest, + HttpResponse, + HttpResponseNotFound, + HttpResponsePermanentRedirect, + HttpResponseRedirect, + StreamingHttpResponse, ) from django.middleware.clickjacking import XFrameOptionsMiddleware -from django.middleware.common import ( - BrokenLinkEmailsMiddleware, CommonMiddleware, -) +from django.middleware.common import BrokenLinkEmailsMiddleware, CommonMiddleware from django.middleware.gzip import GZipMiddleware from django.middleware.http import ConditionalGetMiddleware from django.test import RequestFactory, SimpleTestCase, override_settings @@ -31,7 +34,7 @@ def get_response_404(request): return HttpResponseNotFound() -@override_settings(ROOT_URLCONF='middleware.urls') +@override_settings(ROOT_URLCONF="middleware.urls") class CommonMiddlewareTest(SimpleTestCase): rf = RequestFactory() @@ -41,7 +44,7 @@ class CommonMiddlewareTest(SimpleTestCase): """ URLs with slashes should go unmolested. """ - request = self.rf.get('/slash/') + request = self.rf.get("/slash/") self.assertIsNone(CommonMiddleware(get_response_404).process_request(request)) self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @@ -50,10 +53,11 @@ class CommonMiddlewareTest(SimpleTestCase): """ Matches to explicit slashless URLs should go unmolested. """ + def get_response(req): return HttpResponse("Here's the text of the web page.") - request = self.rf.get('/noslash') + request = self.rf.get("/noslash") self.assertIsNone(CommonMiddleware(get_response).process_request(request)) self.assertEqual( CommonMiddleware(get_response)(request).content, @@ -65,7 +69,7 @@ class CommonMiddlewareTest(SimpleTestCase): """ APPEND_SLASH should not redirect to unknown resources. """ - request = self.rf.get('/unknown') + request = self.rf.get("/unknown") response = CommonMiddleware(get_response_404)(request) self.assertEqual(response.status_code, 404) @@ -74,7 +78,7 @@ class CommonMiddlewareTest(SimpleTestCase): """ APPEND_SLASH should redirect slashless URLs to a valid pattern. """ - request = self.rf.get('/slash') + request = self.rf.get("/slash") r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) @@ -83,9 +87,9 @@ class CommonMiddlewareTest(SimpleTestCase): """ APPEND_SLASH should preserve querystrings when redirecting. """ - request = self.rf.get('/slash?test=1') + request = self.rf.get("/slash?test=1") resp = CommonMiddleware(get_response_404)(request) - self.assertEqual(resp.url, '/slash/?test=1') + self.assertEqual(resp.url, "/slash/?test=1") @override_settings(APPEND_SLASH=True) def test_append_slash_redirect_querystring_have_slash(self): @@ -93,10 +97,10 @@ class CommonMiddlewareTest(SimpleTestCase): APPEND_SLASH should append slash to path when redirecting a request with a querystring ending with slash. """ - request = self.rf.get('/slash?test=slash/') + request = self.rf.get("/slash?test=slash/") resp = CommonMiddleware(get_response_404)(request) self.assertIsInstance(resp, HttpResponsePermanentRedirect) - self.assertEqual(resp.url, '/slash/?test=slash/') + self.assertEqual(resp.url, "/slash/?test=slash/") @override_settings(APPEND_SLASH=True, DEBUG=True) def test_append_slash_no_redirect_on_POST_in_DEBUG(self): @@ -106,16 +110,16 @@ class CommonMiddlewareTest(SimpleTestCase): would normally be redirected to a slashed version. """ msg = "maintaining %s data. Change your form to point to testserver/slash/" - request = self.rf.get('/slash') - request.method = 'POST' + request = self.rf.get("/slash") + request.method = "POST" with self.assertRaisesMessage(RuntimeError, msg % request.method): CommonMiddleware(get_response_404)(request) - request = self.rf.get('/slash') - request.method = 'PUT' + request = self.rf.get("/slash") + request.method = "PUT" with self.assertRaisesMessage(RuntimeError, msg % request.method): CommonMiddleware(get_response_404)(request) - request = self.rf.get('/slash') - request.method = 'PATCH' + request = self.rf.get("/slash") + request.method = "PATCH" with self.assertRaisesMessage(RuntimeError, msg % request.method): CommonMiddleware(get_response_404)(request) @@ -124,7 +128,7 @@ class CommonMiddlewareTest(SimpleTestCase): """ Disabling append slash functionality should leave slashless URLs alone. """ - request = self.rf.get('/slash') + request = self.rf.get("/slash") self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @override_settings(APPEND_SLASH=True) @@ -132,10 +136,10 @@ class CommonMiddlewareTest(SimpleTestCase): """ Views marked with @no_append_slash should be left alone. """ - request = self.rf.get('/sensitive_fbv') + request = self.rf.get("/sensitive_fbv") self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) - request = self.rf.get('/sensitive_cbv') + request = self.rf.get("/sensitive_cbv") self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @override_settings(APPEND_SLASH=True) @@ -143,10 +147,10 @@ class CommonMiddlewareTest(SimpleTestCase): """ URLs which require quoting should be redirected to their slash version. """ - request = self.rf.get(quote('/needsquoting#')) + request = self.rf.get(quote("/needsquoting#")) r = CommonMiddleware(get_response_404)(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/needsquoting%23/') + self.assertEqual(r.url, "/needsquoting%23/") @override_settings(APPEND_SLASH=True) def test_append_slash_leading_slashes(self): @@ -158,34 +162,34 @@ class CommonMiddlewareTest(SimpleTestCase): to evil.com/. """ # Use 4 slashes because of RequestFactory behavior. - request = self.rf.get('////evil.com/security') + request = self.rf.get("////evil.com/security") r = CommonMiddleware(get_response_404).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/%2Fevil.com/security/') + self.assertEqual(r.url, "/%2Fevil.com/security/") r = CommonMiddleware(get_response_404)(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/%2Fevil.com/security/') + self.assertEqual(r.url, "/%2Fevil.com/security/") @override_settings(APPEND_SLASH=False, PREPEND_WWW=True) def test_prepend_www(self): - request = self.rf.get('/path/') + request = self.rf.get("/path/") r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/path/') + self.assertEqual(r.url, "http://www.testserver/path/") @override_settings(APPEND_SLASH=True, PREPEND_WWW=True) def test_prepend_www_append_slash_have_slash(self): - request = self.rf.get('/slash/') + request = self.rf.get("/slash/") r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/slash/') + self.assertEqual(r.url, "http://www.testserver/slash/") @override_settings(APPEND_SLASH=True, PREPEND_WWW=True) def test_prepend_www_append_slash_slashless(self): - request = self.rf.get('/slash') + request = self.rf.get("/slash") r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/slash/') + self.assertEqual(r.url, "http://www.testserver/slash/") # The following tests examine expected behavior given a custom URLconf that # overrides the default one through the request object. @@ -195,8 +199,8 @@ class CommonMiddlewareTest(SimpleTestCase): """ URLs with slashes should go unmolested. """ - request = self.rf.get('/customurlconf/slash/') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/slash/") + request.urlconf = "middleware.extra_urls" self.assertIsNone(CommonMiddleware(get_response_404).process_request(request)) self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @@ -205,21 +209,24 @@ class CommonMiddlewareTest(SimpleTestCase): """ Matches to explicit slashless URLs should go unmolested. """ + def get_response(req): return HttpResponse("web content") - request = self.rf.get('/customurlconf/noslash') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/noslash") + request.urlconf = "middleware.extra_urls" self.assertIsNone(CommonMiddleware(get_response).process_request(request)) - self.assertEqual(CommonMiddleware(get_response)(request).content, b'web content') + self.assertEqual( + CommonMiddleware(get_response)(request).content, b"web content" + ) @override_settings(APPEND_SLASH=True) def test_append_slash_slashless_unknown_custom_urlconf(self): """ APPEND_SLASH should not redirect to unknown resources. """ - request = self.rf.get('/customurlconf/unknown') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/unknown") + request.urlconf = "middleware.extra_urls" self.assertIsNone(CommonMiddleware(get_response_404).process_request(request)) self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @@ -228,12 +235,15 @@ class CommonMiddlewareTest(SimpleTestCase): """ APPEND_SLASH should redirect slashless URLs to a valid pattern. """ - request = self.rf.get('/customurlconf/slash') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/slash") + request.urlconf = "middleware.extra_urls" r = CommonMiddleware(get_response_404)(request) - self.assertIsNotNone(r, "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf") + self.assertIsNotNone( + r, + "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf", + ) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/customurlconf/slash/') + self.assertEqual(r.url, "/customurlconf/slash/") @override_settings(APPEND_SLASH=True, DEBUG=True) def test_append_slash_no_redirect_on_POST_in_DEBUG_custom_urlconf(self): @@ -242,10 +252,10 @@ class CommonMiddlewareTest(SimpleTestCase): when a failed attempt is made to POST to an URL which would normally be redirected to a slashed version. """ - request = self.rf.get('/customurlconf/slash') - request.urlconf = 'middleware.extra_urls' - request.method = 'POST' - with self.assertRaisesMessage(RuntimeError, 'end in a slash'): + request = self.rf.get("/customurlconf/slash") + request.urlconf = "middleware.extra_urls" + request.method = "POST" + with self.assertRaisesMessage(RuntimeError, "end in a slash"): CommonMiddleware(get_response_404)(request) @override_settings(APPEND_SLASH=False) @@ -253,8 +263,8 @@ class CommonMiddlewareTest(SimpleTestCase): """ Disabling append slash functionality should leave slashless URLs alone. """ - request = self.rf.get('/customurlconf/slash') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/slash") + request.urlconf = "middleware.extra_urls" self.assertIsNone(CommonMiddleware(get_response_404).process_request(request)) self.assertEqual(CommonMiddleware(get_response_404)(request).status_code, 404) @@ -263,147 +273,156 @@ class CommonMiddlewareTest(SimpleTestCase): """ URLs which require quoting should be redirected to their slash version. """ - request = self.rf.get(quote('/customurlconf/needsquoting#')) - request.urlconf = 'middleware.extra_urls' + request = self.rf.get(quote("/customurlconf/needsquoting#")) + request.urlconf = "middleware.extra_urls" r = CommonMiddleware(get_response_404)(request) - self.assertIsNotNone(r, "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf") + self.assertIsNotNone( + r, + "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf", + ) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/customurlconf/needsquoting%23/') + self.assertEqual(r.url, "/customurlconf/needsquoting%23/") @override_settings(APPEND_SLASH=False, PREPEND_WWW=True) def test_prepend_www_custom_urlconf(self): - request = self.rf.get('/customurlconf/path/') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/path/") + request.urlconf = "middleware.extra_urls" r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/customurlconf/path/') + self.assertEqual(r.url, "http://www.testserver/customurlconf/path/") @override_settings(APPEND_SLASH=True, PREPEND_WWW=True) def test_prepend_www_append_slash_have_slash_custom_urlconf(self): - request = self.rf.get('/customurlconf/slash/') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/slash/") + request.urlconf = "middleware.extra_urls" r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/customurlconf/slash/') + self.assertEqual(r.url, "http://www.testserver/customurlconf/slash/") @override_settings(APPEND_SLASH=True, PREPEND_WWW=True) def test_prepend_www_append_slash_slashless_custom_urlconf(self): - request = self.rf.get('/customurlconf/slash') - request.urlconf = 'middleware.extra_urls' + request = self.rf.get("/customurlconf/slash") + request.urlconf = "middleware.extra_urls" r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, 'http://www.testserver/customurlconf/slash/') + self.assertEqual(r.url, "http://www.testserver/customurlconf/slash/") # Tests for the Content-Length header def test_content_length_header_added(self): def get_response(req): - response = HttpResponse('content') - self.assertNotIn('Content-Length', response) + response = HttpResponse("content") + self.assertNotIn("Content-Length", response) return response - response = CommonMiddleware(get_response)(self.rf.get('/')) - self.assertEqual(int(response.headers['Content-Length']), len(response.content)) + response = CommonMiddleware(get_response)(self.rf.get("/")) + self.assertEqual(int(response.headers["Content-Length"]), len(response.content)) def test_content_length_header_not_added_for_streaming_response(self): def get_response(req): - response = StreamingHttpResponse('content') - self.assertNotIn('Content-Length', response) + response = StreamingHttpResponse("content") + self.assertNotIn("Content-Length", response) return response - response = CommonMiddleware(get_response)(self.rf.get('/')) - self.assertNotIn('Content-Length', response) + response = CommonMiddleware(get_response)(self.rf.get("/")) + self.assertNotIn("Content-Length", response) def test_content_length_header_not_changed(self): bad_content_length = 500 def get_response(req): response = HttpResponse() - response.headers['Content-Length'] = bad_content_length + response.headers["Content-Length"] = bad_content_length return response - response = CommonMiddleware(get_response)(self.rf.get('/')) - self.assertEqual(int(response.headers['Content-Length']), bad_content_length) + response = CommonMiddleware(get_response)(self.rf.get("/")) + self.assertEqual(int(response.headers["Content-Length"]), bad_content_length) # Other tests - @override_settings(DISALLOWED_USER_AGENTS=[re.compile(r'foo')]) + @override_settings(DISALLOWED_USER_AGENTS=[re.compile(r"foo")]) def test_disallowed_user_agents(self): - request = self.rf.get('/slash') - request.META['HTTP_USER_AGENT'] = 'foo' - with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'): + request = self.rf.get("/slash") + request.META["HTTP_USER_AGENT"] = "foo" + with self.assertRaisesMessage(PermissionDenied, "Forbidden user agent"): CommonMiddleware(get_response_empty).process_request(request) def test_non_ascii_query_string_does_not_crash(self): """Regression test for #15152""" - request = self.rf.get('/slash') - request.META['QUERY_STRING'] = 'drink=café' + request = self.rf.get("/slash") + request.META["QUERY_STRING"] = "drink=café" r = CommonMiddleware(get_response_empty).process_request(request) self.assertEqual(r.status_code, 301) def test_response_redirect_class(self): - request = self.rf.get('/slash') + request = self.rf.get("/slash") r = CommonMiddleware(get_response_404)(request) self.assertEqual(r.status_code, 301) - self.assertEqual(r.url, '/slash/') + self.assertEqual(r.url, "/slash/") self.assertIsInstance(r, HttpResponsePermanentRedirect) def test_response_redirect_class_subclass(self): class MyCommonMiddleware(CommonMiddleware): response_redirect_class = HttpResponseRedirect - request = self.rf.get('/slash') + request = self.rf.get("/slash") r = MyCommonMiddleware(get_response_404)(request) self.assertEqual(r.status_code, 302) - self.assertEqual(r.url, '/slash/') + self.assertEqual(r.url, "/slash/") self.assertIsInstance(r, HttpResponseRedirect) @override_settings( - IGNORABLE_404_URLS=[re.compile(r'foo')], - MANAGERS=[('PHD', 'PHB@dilbert.com')], + IGNORABLE_404_URLS=[re.compile(r"foo")], + MANAGERS=[("PHD", "PHB@dilbert.com")], ) class BrokenLinkEmailsMiddlewareTest(SimpleTestCase): rf = RequestFactory() def setUp(self): - self.req = self.rf.get('/regular_url/that/does/not/exist') + self.req = self.rf.get("/regular_url/that/does/not/exist") def get_response(self, req): return self.client.get(req.path) def test_404_error_reporting(self): - self.req.META['HTTP_REFERER'] = '/another/url/' + self.req.META["HTTP_REFERER"] = "/another/url/" BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 1) - self.assertIn('Broken', mail.outbox[0].subject) + self.assertIn("Broken", mail.outbox[0].subject) def test_404_error_reporting_no_referer(self): BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) def test_404_error_reporting_ignored_url(self): - self.req.path = self.req.path_info = 'foo_url/that/does/not/exist' + self.req.path = self.req.path_info = "foo_url/that/does/not/exist" BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) def test_custom_request_checker(self): class SubclassedMiddleware(BrokenLinkEmailsMiddleware): - ignored_user_agent_patterns = (re.compile(r'Spider.*'), re.compile(r'Robot.*')) + ignored_user_agent_patterns = ( + re.compile(r"Spider.*"), + re.compile(r"Robot.*"), + ) def is_ignorable_request(self, request, uri, domain, referer): - '''Check user-agent in addition to normal checks.''' + """Check user-agent in addition to normal checks.""" if super().is_ignorable_request(request, uri, domain, referer): return True - user_agent = request.META['HTTP_USER_AGENT'] - return any(pattern.search(user_agent) for pattern in self.ignored_user_agent_patterns) + user_agent = request.META["HTTP_USER_AGENT"] + return any( + pattern.search(user_agent) + for pattern in self.ignored_user_agent_patterns + ) - self.req.META['HTTP_REFERER'] = '/another/url/' - self.req.META['HTTP_USER_AGENT'] = 'Spider machine 3.4' + self.req.META["HTTP_REFERER"] = "/another/url/" + self.req.META["HTTP_USER_AGENT"] = "Spider machine 3.4" SubclassedMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) - self.req.META['HTTP_USER_AGENT'] = 'My user agent' + self.req.META["HTTP_USER_AGENT"] = "My user agent" SubclassedMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 1) @@ -412,49 +431,53 @@ class BrokenLinkEmailsMiddlewareTest(SimpleTestCase): Some bots set the referer to the current URL to avoid being blocked by an referer check (#25302). """ - self.req.META['HTTP_REFERER'] = self.req.path + self.req.META["HTTP_REFERER"] = self.req.path BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) # URL with scheme and domain should also be ignored - self.req.META['HTTP_REFERER'] = 'http://testserver%s' % self.req.path + self.req.META["HTTP_REFERER"] = "http://testserver%s" % self.req.path BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) # URL with a different scheme should be ignored as well because bots # tend to use http:// in referers even when browsing HTTPS websites. - self.req.META['HTTP_X_PROTO'] = 'https' - self.req.META['SERVER_PORT'] = 443 - with self.settings(SECURE_PROXY_SSL_HEADER=('HTTP_X_PROTO', 'https')): + self.req.META["HTTP_X_PROTO"] = "https" + self.req.META["SERVER_PORT"] = 443 + with self.settings(SECURE_PROXY_SSL_HEADER=("HTTP_X_PROTO", "https")): BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) def test_referer_equal_to_requested_url_on_another_domain(self): - self.req.META['HTTP_REFERER'] = 'http://anotherserver%s' % self.req.path + self.req.META["HTTP_REFERER"] = "http://anotherserver%s" % self.req.path BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 1) @override_settings(APPEND_SLASH=True) - def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_set(self): - self.req.path = self.req.path_info = '/regular_url/that/does/not/exist/' - self.req.META['HTTP_REFERER'] = self.req.path_info[:-1] + def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_set( + self, + ): + self.req.path = self.req.path_info = "/regular_url/that/does/not/exist/" + self.req.META["HTTP_REFERER"] = self.req.path_info[:-1] BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 0) @override_settings(APPEND_SLASH=False) - def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_unset(self): - self.req.path = self.req.path_info = '/regular_url/that/does/not/exist/' - self.req.META['HTTP_REFERER'] = self.req.path_info[:-1] + def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_unset( + self, + ): + self.req.path = self.req.path_info = "/regular_url/that/does/not/exist/" + self.req.META["HTTP_REFERER"] = self.req.path_info[:-1] BrokenLinkEmailsMiddleware(self.get_response)(self.req) self.assertEqual(len(mail.outbox), 1) -@override_settings(ROOT_URLCONF='middleware.cond_get_urls') +@override_settings(ROOT_URLCONF="middleware.cond_get_urls") class ConditionalGetMiddlewareTest(SimpleTestCase): request_factory = RequestFactory() def setUp(self): - self.req = self.request_factory.get('/') + self.req = self.request_factory.get("/") self.resp_headers = {} def get_response(self, req): @@ -468,129 +491,137 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): def test_middleware_calculates_etag(self): resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) - self.assertNotEqual('', resp['ETag']) + self.assertNotEqual("", resp["ETag"]) def test_middleware_wont_overwrite_etag(self): - self.resp_headers['ETag'] = 'eggs' + self.resp_headers["ETag"] = "eggs" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) - self.assertEqual('eggs', resp['ETag']) + self.assertEqual("eggs", resp["ETag"]) def test_no_etag_streaming_response(self): def get_response(req): - return StreamingHttpResponse(['content']) + return StreamingHttpResponse(["content"]) - self.assertFalse(ConditionalGetMiddleware(get_response)(self.req).has_header('ETag')) + self.assertFalse( + ConditionalGetMiddleware(get_response)(self.req).has_header("ETag") + ) def test_no_etag_response_empty_content(self): def get_response(req): return HttpResponse() - self.assertFalse(ConditionalGetMiddleware(get_response)(self.req).has_header('ETag')) + self.assertFalse( + ConditionalGetMiddleware(get_response)(self.req).has_header("ETag") + ) def test_no_etag_no_store_cache(self): - self.resp_headers['Cache-Control'] = 'No-Cache, No-Store, Max-age=0' - self.assertFalse(ConditionalGetMiddleware(self.get_response)(self.req).has_header('ETag')) + self.resp_headers["Cache-Control"] = "No-Cache, No-Store, Max-age=0" + self.assertFalse( + ConditionalGetMiddleware(self.get_response)(self.req).has_header("ETag") + ) def test_etag_extended_cache_control(self): - self.resp_headers['Cache-Control'] = 'my-directive="my-no-store"' - self.assertTrue(ConditionalGetMiddleware(self.get_response)(self.req).has_header('ETag')) + self.resp_headers["Cache-Control"] = 'my-directive="my-no-store"' + self.assertTrue( + ConditionalGetMiddleware(self.get_response)(self.req).has_header("ETag") + ) def test_if_none_match_and_no_etag(self): - self.req.META['HTTP_IF_NONE_MATCH'] = 'spam' + self.req.META["HTTP_IF_NONE_MATCH"] = "spam" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) def test_no_if_none_match_and_etag(self): - self.resp_headers['ETag'] = 'eggs' + self.resp_headers["ETag"] = "eggs" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) def test_if_none_match_and_same_etag(self): - self.req.META['HTTP_IF_NONE_MATCH'] = '"spam"' - self.resp_headers['ETag'] = '"spam"' + self.req.META["HTTP_IF_NONE_MATCH"] = '"spam"' + self.resp_headers["ETag"] = '"spam"' resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 304) def test_if_none_match_and_different_etag(self): - self.req.META['HTTP_IF_NONE_MATCH'] = 'spam' - self.resp_headers['ETag'] = 'eggs' + self.req.META["HTTP_IF_NONE_MATCH"] = "spam" + self.resp_headers["ETag"] = "eggs" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) def test_if_none_match_and_redirect(self): def get_response(req): resp = self.client.get(req.path_info) - resp['ETag'] = 'spam' - resp['Location'] = '/' + resp["ETag"] = "spam" + resp["Location"] = "/" resp.status_code = 301 return resp - self.req.META['HTTP_IF_NONE_MATCH'] = 'spam' + self.req.META["HTTP_IF_NONE_MATCH"] = "spam" resp = ConditionalGetMiddleware(get_response)(self.req) self.assertEqual(resp.status_code, 301) def test_if_none_match_and_client_error(self): def get_response(req): resp = self.client.get(req.path_info) - resp['ETag'] = 'spam' + resp["ETag"] = "spam" resp.status_code = 400 return resp - self.req.META['HTTP_IF_NONE_MATCH'] = 'spam' + self.req.META["HTTP_IF_NONE_MATCH"] = "spam" resp = ConditionalGetMiddleware(get_response)(self.req) self.assertEqual(resp.status_code, 400) # Tests for the Last-Modified header def test_if_modified_since_and_no_last_modified(self): - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) def test_no_if_modified_since_and_last_modified(self): - self.resp_headers['Last-Modified'] = 'Sat, 12 Feb 2011 17:38:44 GMT' + self.resp_headers["Last-Modified"] = "Sat, 12 Feb 2011 17:38:44 GMT" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 200) def test_if_modified_since_and_same_last_modified(self): - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' - self.resp_headers['Last-Modified'] = 'Sat, 12 Feb 2011 17:38:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" + self.resp_headers["Last-Modified"] = "Sat, 12 Feb 2011 17:38:44 GMT" self.resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(self.resp.status_code, 304) def test_if_modified_since_and_last_modified_in_the_past(self): - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' - self.resp_headers['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" + self.resp_headers["Last-Modified"] = "Sat, 12 Feb 2011 17:35:44 GMT" resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(resp.status_code, 304) def test_if_modified_since_and_last_modified_in_the_future(self): - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' - self.resp_headers['Last-Modified'] = 'Sat, 12 Feb 2011 17:41:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" + self.resp_headers["Last-Modified"] = "Sat, 12 Feb 2011 17:41:44 GMT" self.resp = ConditionalGetMiddleware(self.get_response)(self.req) self.assertEqual(self.resp.status_code, 200) def test_if_modified_since_and_redirect(self): def get_response(req): resp = self.client.get(req.path_info) - resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT' - resp['Location'] = '/' + resp["Last-Modified"] = "Sat, 12 Feb 2011 17:35:44 GMT" + resp["Location"] = "/" resp.status_code = 301 return resp - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" resp = ConditionalGetMiddleware(get_response)(self.req) self.assertEqual(resp.status_code, 301) def test_if_modified_since_and_client_error(self): def get_response(req): resp = self.client.get(req.path_info) - resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT' + resp["Last-Modified"] = "Sat, 12 Feb 2011 17:35:44 GMT" resp.status_code = 400 return resp - self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT' + self.req.META["HTTP_IF_MODIFIED_SINCE"] = "Sat, 12 Feb 2011 17:38:44 GMT" resp = ConditionalGetMiddleware(get_response)(self.req) self.assertEqual(resp.status_code, 400) @@ -599,28 +630,39 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): The 304 Not Modified response should include only the headers required by section 4.1 of RFC 7232, Last-Modified, and the cookies. """ + def get_response(req): resp = self.client.get(req.path_info) - resp['Date'] = 'Sat, 12 Feb 2011 17:35:44 GMT' - resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT' - resp['Expires'] = 'Sun, 13 Feb 2011 17:35:44 GMT' - resp['Vary'] = 'Cookie' - resp['Cache-Control'] = 'public' - resp['Content-Location'] = '/alt' - resp['Content-Language'] = 'en' # shouldn't be preserved - resp['ETag'] = '"spam"' - resp.set_cookie('key', 'value') + resp["Date"] = "Sat, 12 Feb 2011 17:35:44 GMT" + resp["Last-Modified"] = "Sat, 12 Feb 2011 17:35:44 GMT" + resp["Expires"] = "Sun, 13 Feb 2011 17:35:44 GMT" + resp["Vary"] = "Cookie" + resp["Cache-Control"] = "public" + resp["Content-Location"] = "/alt" + resp["Content-Language"] = "en" # shouldn't be preserved + resp["ETag"] = '"spam"' + resp.set_cookie("key", "value") return resp - self.req.META['HTTP_IF_NONE_MATCH'] = '"spam"' + self.req.META["HTTP_IF_NONE_MATCH"] = '"spam"' new_response = ConditionalGetMiddleware(get_response)(self.req) self.assertEqual(new_response.status_code, 304) base_response = get_response(self.req) - for header in ('Cache-Control', 'Content-Location', 'Date', 'ETag', 'Expires', 'Last-Modified', 'Vary'): - self.assertEqual(new_response.headers[header], base_response.headers[header]) + for header in ( + "Cache-Control", + "Content-Location", + "Date", + "ETag", + "Expires", + "Last-Modified", + "Vary", + ): + self.assertEqual( + new_response.headers[header], base_response.headers[header] + ) self.assertEqual(new_response.cookies, base_response.cookies) - self.assertNotIn('Content-Language', new_response) + self.assertNotIn("Content-Language", new_response) def test_no_unsafe(self): """ @@ -629,14 +671,19 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): ConditionalGetMiddleware is called, so it's too late to return a 412 Precondition Failed. """ + def get_200_response(req): return HttpResponse(status=200) response = ConditionalGetMiddleware(self.get_response)(self.req) - etag = response.headers['ETag'] - put_request = self.request_factory.put('/', HTTP_IF_MATCH=etag) - conditional_get_response = ConditionalGetMiddleware(get_200_response)(put_request) - self.assertEqual(conditional_get_response.status_code, 200) # should never be a 412 + etag = response.headers["ETag"] + put_request = self.request_factory.put("/", HTTP_IF_MATCH=etag) + conditional_get_response = ConditionalGetMiddleware(get_200_response)( + put_request + ) + self.assertEqual( + conditional_get_response.status_code, 200 + ) # should never be a 412 def test_no_head(self): """ @@ -644,12 +691,13 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): HEAD request since it can't do so accurately without access to the response body of the corresponding GET. """ + def get_200_response(req): return HttpResponse(status=200) - request = self.request_factory.head('/') + request = self.request_factory.head("/") conditional_get_response = ConditionalGetMiddleware(get_200_response)(request) - self.assertNotIn('ETag', conditional_get_response) + self.assertNotIn("ETag", conditional_get_response) class XFrameOptionsMiddlewareTest(SimpleTestCase): @@ -662,26 +710,26 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): The X_FRAME_OPTIONS setting can be set to SAMEORIGIN to have the middleware use that value for the HTTP header. """ - with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): + with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") - with override_settings(X_FRAME_OPTIONS='sameorigin'): + with override_settings(X_FRAME_OPTIONS="sameorigin"): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") def test_deny(self): """ The X_FRAME_OPTIONS setting can be set to DENY to have the middleware use that value for the HTTP header. """ - with override_settings(X_FRAME_OPTIONS='DENY'): + with override_settings(X_FRAME_OPTIONS="DENY"): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers["X-Frame-Options"], "DENY") - with override_settings(X_FRAME_OPTIONS='deny'): + with override_settings(X_FRAME_OPTIONS="deny"): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers["X-Frame-Options"], "DENY") def test_defaults_sameorigin(self): """ @@ -689,38 +737,40 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): DENY. """ with override_settings(X_FRAME_OPTIONS=None): - del settings.X_FRAME_OPTIONS # restored by override_settings + del settings.X_FRAME_OPTIONS # restored by override_settings r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers["X-Frame-Options"], "DENY") def test_dont_set_if_set(self): """ If the X-Frame-Options header is already set then the middleware does not attempt to override it. """ + def same_origin_response(request): response = HttpResponse() - response.headers['X-Frame-Options'] = 'SAMEORIGIN' + response.headers["X-Frame-Options"] = "SAMEORIGIN" return response def deny_response(request): response = HttpResponse() - response.headers['X-Frame-Options'] = 'DENY' + response.headers["X-Frame-Options"] = "DENY" return response - with override_settings(X_FRAME_OPTIONS='DENY'): + with override_settings(X_FRAME_OPTIONS="DENY"): r = XFrameOptionsMiddleware(same_origin_response)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") - with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): + with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): r = XFrameOptionsMiddleware(deny_response)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers["X-Frame-Options"], "DENY") def test_response_exempt(self): """ If the response has an xframe_options_exempt attribute set to False then it still sets the header, but if it's set to True then it doesn't. """ + def xframe_exempt_response(request): response = HttpResponse() response.xframe_options_exempt = True @@ -731,12 +781,12 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): response.xframe_options_exempt = False return response - with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): + with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): r = XFrameOptionsMiddleware(xframe_not_exempt_response)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") r = XFrameOptionsMiddleware(xframe_exempt_response)(HttpRequest()) - self.assertIsNone(r.headers.get('X-Frame-Options')) + self.assertIsNone(r.headers.get("X-Frame-Options")) def test_is_extendable(self): """ @@ -744,65 +794,71 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): header value can be overridden based on something in the request or response. """ + class OtherXFrameOptionsMiddleware(XFrameOptionsMiddleware): # This is just an example for testing purposes... def get_xframe_options_value(self, request, response): - if getattr(request, 'sameorigin', False): - return 'SAMEORIGIN' - if getattr(response, 'sameorigin', False): - return 'SAMEORIGIN' - return 'DENY' + if getattr(request, "sameorigin", False): + return "SAMEORIGIN" + if getattr(response, "sameorigin", False): + return "SAMEORIGIN" + return "DENY" def same_origin_response(request): response = HttpResponse() response.sameorigin = True return response - with override_settings(X_FRAME_OPTIONS='DENY'): + with override_settings(X_FRAME_OPTIONS="DENY"): r = OtherXFrameOptionsMiddleware(same_origin_response)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") request = HttpRequest() request.sameorigin = True r = OtherXFrameOptionsMiddleware(get_response_empty)(request) - self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") - with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): + with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): r = OtherXFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r.headers['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers["X-Frame-Options"], "DENY") class GZipMiddlewareTest(SimpleTestCase): """ Tests the GZipMiddleware. """ + short_string = b"This string is too short to be worth compressing." - compressible_string = b'a' * 500 - incompressible_string = b''.join(int2byte(random.randint(0, 255)) for _ in range(500)) - sequence = [b'a' * 500, b'b' * 200, b'a' * 300] - sequence_unicode = ['a' * 500, 'é' * 200, 'a' * 300] + compressible_string = b"a" * 500 + incompressible_string = b"".join( + int2byte(random.randint(0, 255)) for _ in range(500) + ) + sequence = [b"a" * 500, b"b" * 200, b"a" * 300] + sequence_unicode = ["a" * 500, "é" * 200, "a" * 300] request_factory = RequestFactory() def setUp(self): - self.req = self.request_factory.get('/') - self.req.META['HTTP_ACCEPT_ENCODING'] = 'gzip, deflate' - self.req.META['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1' + self.req = self.request_factory.get("/") + self.req.META["HTTP_ACCEPT_ENCODING"] = "gzip, deflate" + self.req.META[ + "HTTP_USER_AGENT" + ] = "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" self.resp = HttpResponse() self.resp.status_code = 200 self.resp.content = self.compressible_string - self.resp['Content-Type'] = 'text/html; charset=UTF-8' + self.resp["Content-Type"] = "text/html; charset=UTF-8" def get_response(self, request): return self.resp @staticmethod def decompress(gzipped_string): - with gzip.GzipFile(mode='rb', fileobj=BytesIO(gzipped_string)) as f: + with gzip.GzipFile(mode="rb", fileobj=BytesIO(gzipped_string)) as f: return f.read() @staticmethod def get_mtime(gzipped_string): - with gzip.GzipFile(mode='rb', fileobj=BytesIO(gzipped_string)) as f: + with gzip.GzipFile(mode="rb", fileobj=BytesIO(gzipped_string)) as f: f.read() # must read the data before accessing the header return f.mtime @@ -812,54 +868,57 @@ class GZipMiddlewareTest(SimpleTestCase): """ r = GZipMiddleware(self.get_response)(self.req) self.assertEqual(self.decompress(r.content), self.compressible_string) - self.assertEqual(r.get('Content-Encoding'), 'gzip') - self.assertEqual(r.get('Content-Length'), str(len(r.content))) + self.assertEqual(r.get("Content-Encoding"), "gzip") + self.assertEqual(r.get("Content-Length"), str(len(r.content))) def test_compress_streaming_response(self): """ Compression is performed on responses with streaming content. """ + def get_stream_response(request): resp = StreamingHttpResponse(self.sequence) - resp['Content-Type'] = 'text/html; charset=UTF-8' + resp["Content-Type"] = "text/html; charset=UTF-8" return resp r = GZipMiddleware(get_stream_response)(self.req) - self.assertEqual(self.decompress(b''.join(r)), b''.join(self.sequence)) - self.assertEqual(r.get('Content-Encoding'), 'gzip') - self.assertFalse(r.has_header('Content-Length')) + self.assertEqual(self.decompress(b"".join(r)), b"".join(self.sequence)) + self.assertEqual(r.get("Content-Encoding"), "gzip") + self.assertFalse(r.has_header("Content-Length")) def test_compress_streaming_response_unicode(self): """ Compression is performed on responses with streaming Unicode content. """ + def get_stream_response_unicode(request): resp = StreamingHttpResponse(self.sequence_unicode) - resp['Content-Type'] = 'text/html; charset=UTF-8' + resp["Content-Type"] = "text/html; charset=UTF-8" return resp r = GZipMiddleware(get_stream_response_unicode)(self.req) self.assertEqual( - self.decompress(b''.join(r)), - b''.join(x.encode() for x in self.sequence_unicode) + self.decompress(b"".join(r)), + b"".join(x.encode() for x in self.sequence_unicode), ) - self.assertEqual(r.get('Content-Encoding'), 'gzip') - self.assertFalse(r.has_header('Content-Length')) + self.assertEqual(r.get("Content-Encoding"), "gzip") + self.assertFalse(r.has_header("Content-Length")) def test_compress_file_response(self): """ Compression is performed on FileResponse. """ - with open(__file__, 'rb') as file1: + with open(__file__, "rb") as file1: + def get_response(req): file_resp = FileResponse(file1) - file_resp['Content-Type'] = 'text/html; charset=UTF-8' + file_resp["Content-Type"] = "text/html; charset=UTF-8" return file_resp r = GZipMiddleware(get_response)(self.req) - with open(__file__, 'rb') as file2: - self.assertEqual(self.decompress(b''.join(r)), file2.read()) - self.assertEqual(r.get('Content-Encoding'), 'gzip') + with open(__file__, "rb") as file2: + self.assertEqual(self.decompress(b"".join(r)), file2.read()) + self.assertEqual(r.get("Content-Encoding"), "gzip") self.assertIsNot(r.file_to_stream, file1) def test_compress_non_200_response(self): @@ -870,7 +929,7 @@ class GZipMiddlewareTest(SimpleTestCase): self.resp.status_code = 404 r = GZipMiddleware(self.get_response)(self.req) self.assertEqual(self.decompress(r.content), self.compressible_string) - self.assertEqual(r.get('Content-Encoding'), 'gzip') + self.assertEqual(r.get("Content-Encoding"), "gzip") def test_no_compress_short_response(self): """ @@ -879,16 +938,16 @@ class GZipMiddlewareTest(SimpleTestCase): self.resp.content = self.short_string r = GZipMiddleware(self.get_response)(self.req) self.assertEqual(r.content, self.short_string) - self.assertIsNone(r.get('Content-Encoding')) + self.assertIsNone(r.get("Content-Encoding")) def test_no_compress_compressed_response(self): """ Compression isn't performed on responses that are already compressed. """ - self.resp['Content-Encoding'] = 'deflate' + self.resp["Content-Encoding"] = "deflate" r = GZipMiddleware(self.get_response)(self.req) self.assertEqual(r.content, self.compressible_string) - self.assertEqual(r.get('Content-Encoding'), 'deflate') + self.assertEqual(r.get("Content-Encoding"), "deflate") def test_no_compress_incompressible_response(self): """ @@ -897,7 +956,7 @@ class GZipMiddlewareTest(SimpleTestCase): self.resp.content = self.incompressible_string r = GZipMiddleware(self.get_response)(self.req) self.assertEqual(r.content, self.incompressible_string) - self.assertIsNone(r.get('Content-Encoding')) + self.assertIsNone(r.get("Content-Encoding")) def test_compress_deterministic(self): """ @@ -918,39 +977,43 @@ class ETagGZipMiddlewareTest(SimpleTestCase): """ ETags are handled properly by GZipMiddleware. """ + rf = RequestFactory() - compressible_string = b'a' * 500 + compressible_string = b"a" * 500 def test_strong_etag_modified(self): """ GZipMiddleware makes a strong ETag weak. """ + def get_response(req): response = HttpResponse(self.compressible_string) - response.headers['ETag'] = '"eggs"' + response.headers["ETag"] = '"eggs"' return response - request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') + request = self.rf.get("/", HTTP_ACCEPT_ENCODING="gzip, deflate") gzip_response = GZipMiddleware(get_response)(request) - self.assertEqual(gzip_response.headers['ETag'], 'W/"eggs"') + self.assertEqual(gzip_response.headers["ETag"], 'W/"eggs"') def test_weak_etag_not_modified(self): """ GZipMiddleware doesn't modify a weak ETag. """ + def get_response(req): response = HttpResponse(self.compressible_string) - response.headers['ETag'] = 'W/"eggs"' + response.headers["ETag"] = 'W/"eggs"' return response - request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') + request = self.rf.get("/", HTTP_ACCEPT_ENCODING="gzip, deflate") gzip_response = GZipMiddleware(get_response)(request) - self.assertEqual(gzip_response.headers['ETag'], 'W/"eggs"') + self.assertEqual(gzip_response.headers["ETag"], 'W/"eggs"') def test_etag_match(self): """ GZipMiddleware allows 304 Not Modified responses. """ + def get_response(req): response = HttpResponse(self.compressible_string) return response @@ -958,9 +1021,11 @@ class ETagGZipMiddlewareTest(SimpleTestCase): def get_cond_response(req): return ConditionalGetMiddleware(get_response)(req) - request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') + request = self.rf.get("/", HTTP_ACCEPT_ENCODING="gzip, deflate") response = GZipMiddleware(get_cond_response)(request) - gzip_etag = response.headers['ETag'] - next_request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate', HTTP_IF_NONE_MATCH=gzip_etag) + gzip_etag = response.headers["ETag"] + next_request = self.rf.get( + "/", HTTP_ACCEPT_ENCODING="gzip, deflate", HTTP_IF_NONE_MATCH=gzip_etag + ) next_response = ConditionalGetMiddleware(get_response)(next_request) self.assertEqual(next_response.status_code, 304) diff --git a/tests/middleware/urls.py b/tests/middleware/urls.py index e76f4ac771..294b80b192 100644 --- a/tests/middleware/urls.py +++ b/tests/middleware/urls.py @@ -3,12 +3,12 @@ from django.urls import path, re_path from . import views urlpatterns = [ - path('noslash', views.empty_view), - path('slash/', views.empty_view), - path('needsquoting#/', views.empty_view), + path("noslash", views.empty_view), + path("slash/", views.empty_view), + path("needsquoting#/", views.empty_view), # Accepts paths with two leading slashes. - re_path(r'^(.+)/security/$', views.empty_view), + re_path(r"^(.+)/security/$", views.empty_view), # Should not append slash. - path('sensitive_fbv/', views.sensitive_fbv), - path('sensitive_cbv/', views.SensitiveCBV.as_view()), + path("sensitive_fbv/", views.sensitive_fbv), + path("sensitive_cbv/", views.SensitiveCBV.as_view()), ] diff --git a/tests/middleware/views.py b/tests/middleware/views.py index ee36f418f2..1de2edfd1b 100644 --- a/tests/middleware/views.py +++ b/tests/middleware/views.py @@ -13,7 +13,7 @@ def sensitive_fbv(request, *args, **kwargs): return HttpResponse() -@method_decorator(no_append_slash, name='dispatch') +@method_decorator(no_append_slash, name="dispatch") class SensitiveCBV(View): def get(self, *args, **kwargs): return HttpResponse() |