mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
299016282e
* remove log file writing from migration * run tests on mysql * fix tests (pt.1) * fix tests (pt.2) * fix all user_id errors in tests * Fix geocode typo * More test changes for mysql id issues * Add coverage config that defines coverage db should go inside test folder * update docs * fix mysql user * fix tests cli * add mysql collate settings * docs * fix sync * fix sync * docs * remove debug output * remove XXX * interim commit to move to dev box * mv db local, rm after run * updates for 724 * note layer error message and work around * fix travis * chown tests * more travis fixes * travis: touch Ctl/dev/.env * write coverage report to ./coverage * clean up docs * formatting Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
68 lines
2.7 KiB
Python
68 lines
2.7 KiB
Python
from django.test import TestCase, Client
|
|
from peeringdb_server.models import Organization, User
|
|
from .util import ClientCase
|
|
from corsheaders.middleware import (
|
|
ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
|
ACCESS_CONTROL_ALLOW_HEADERS,
|
|
ACCESS_CONTROL_ALLOW_METHODS,
|
|
ACCESS_CONTROL_ALLOW_ORIGIN,
|
|
ACCESS_CONTROL_EXPOSE_HEADERS,
|
|
ACCESS_CONTROL_MAX_AGE,
|
|
)
|
|
|
|
|
|
class CorsTest(ClientCase):
|
|
|
|
test_origin = "http://example.com"
|
|
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
ClientCase.setUpTestData()
|
|
cls.org = Organization.objects.create(name="Test", status="ok")
|
|
|
|
def assert_cors_allowed(self, url, method):
|
|
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
|
|
self.assertIn(resp.status_code, [200, 301])
|
|
self.assertIn(ACCESS_CONTROL_ALLOW_METHODS, resp)
|
|
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, resp)
|
|
self.assertIn(method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", "))
|
|
self.assertIn("origin", resp[ACCESS_CONTROL_ALLOW_HEADERS].split(", "))
|
|
self.assertEqual(resp[ACCESS_CONTROL_ALLOW_ORIGIN], self.test_origin)
|
|
|
|
def assert_cors_denied(self, url, method):
|
|
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
|
|
self.assertIn(resp.status_code, [200, 301])
|
|
|
|
if ACCESS_CONTROL_ALLOW_METHODS in resp:
|
|
self.assertNotIn(
|
|
method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", ")
|
|
)
|
|
|
|
def test_cors_GET(self):
|
|
self.assert_cors_allowed("/api", method="get")
|
|
self.assert_cors_allowed("/api/", method="get")
|
|
self.assert_cors_allowed(f"/api/org/{self.org.id}", method="get")
|
|
self.assert_cors_denied(f"/org/{self.org.id}", method="get")
|
|
self.assert_cors_denied("/", method="get")
|
|
|
|
def test_cors_POST(self):
|
|
self.assert_cors_denied("/api", method="post")
|
|
self.assert_cors_denied("/api/", method="post")
|
|
self.assert_cors_denied(f"/api/org/{self.org.id}", method="post")
|
|
self.assert_cors_denied(f"/org/{self.org.id}", method="post")
|
|
self.assert_cors_denied("/", method="post")
|
|
|
|
def test_cors_PUT(self):
|
|
self.assert_cors_denied("/api", method="put")
|
|
self.assert_cors_denied("/api/", method="put")
|
|
self.assert_cors_denied(f"/api/org/{self.org.id}", method="put")
|
|
self.assert_cors_denied(f"/org/{self.org.id}", method="put")
|
|
self.assert_cors_denied("/", method="put")
|
|
|
|
def test_cors_DELETE(self):
|
|
self.assert_cors_denied("/api", method="delete")
|
|
self.assert_cors_denied("/api/", method="delete")
|
|
self.assert_cors_denied(f"/api/org/{self.org.id}", method="delete")
|
|
self.assert_cors_denied(f"/org/{self.org.id}", method="delete")
|
|
self.assert_cors_denied("/", method="delete")
|