mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
ba6f9b6432
* use new peeringdb client (1.0.0) for pdb_load_data sync (#599) * drop django-mobi for lack of py3/dj2 support (#492) remove django-forms-bootstrap for lack of py3/dj2 support (#492) * black formatted * django2.2 and py3 upgrade (#492) * drop ixlans (#21) ui and api changes * drop local_asn (#168) * org search (#193) * phone number validation (#50) * implement help text tooltips (#228) * Mark own ASN as transit-free (#394) * py3 fix for `pdb_migrate_ixlans` command when writing migration report * pdb_migrate_ixlans: properly handle py3 Runtime error if ixlan dict changes during iteration * set rest DEFAULT_SCHEMA_CLASS to coreapi to fix swagger apidocs fix migration 0027 missing from facsimile manifest * fix swagger doc strings * fix tests that were broken from api doc fixes * fix UniqueFieldValidator for netixlan ipaddress validation that broke during django/drf upgrade * fix org merge tool layout issues * travis config * update pipfile and lock * black formatting * update travis dist * beta mode banner (#411) * add beta banner template (#411) * automatically scheduled sync may not always be on, add a flag that lets us reflect that state in the beta banner message clean up beta banner implementation (#411) * add tests for beta banner (#411)
68 lines
2.6 KiB
Python
68 lines
2.6 KiB
Python
from django.test import TestCase, Client
|
|
from peeringdb_server.models import Organization, User
|
|
from .util import ClientCase
|
|
from corsheaders.middleware import (
|
|
ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
|
ACCESS_CONTROL_ALLOW_HEADERS,
|
|
ACCESS_CONTROL_ALLOW_METHODS,
|
|
ACCESS_CONTROL_ALLOW_ORIGIN,
|
|
ACCESS_CONTROL_EXPOSE_HEADERS,
|
|
ACCESS_CONTROL_MAX_AGE,
|
|
)
|
|
|
|
|
|
class CorsTest(ClientCase):
|
|
|
|
test_origin = "http://example.com"
|
|
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
ClientCase.setUpTestData()
|
|
cls.org = Organization.objects.create(name="Test", status="ok")
|
|
|
|
def assert_cors_allowed(self, url, method):
|
|
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
|
|
self.assertIn(resp.status_code, [200, 301])
|
|
self.assertIn(ACCESS_CONTROL_ALLOW_METHODS, resp)
|
|
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, resp)
|
|
self.assertIn(method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", "))
|
|
self.assertIn("origin", resp[ACCESS_CONTROL_ALLOW_HEADERS].split(", "))
|
|
self.assertEqual(resp[ACCESS_CONTROL_ALLOW_ORIGIN], self.test_origin)
|
|
|
|
def assert_cors_denied(self, url, method):
|
|
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
|
|
self.assertIn(resp.status_code, [200, 301])
|
|
|
|
if ACCESS_CONTROL_ALLOW_METHODS in resp:
|
|
self.assertNotIn(
|
|
method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", ")
|
|
)
|
|
|
|
def test_cors_GET(self):
|
|
self.assert_cors_allowed("/api", method="get")
|
|
self.assert_cors_allowed("/api/", method="get")
|
|
self.assert_cors_allowed("/api/org/1", method="get")
|
|
self.assert_cors_denied("/org/1", method="get")
|
|
self.assert_cors_denied("/", method="get")
|
|
|
|
def test_cors_POST(self):
|
|
self.assert_cors_denied("/api", method="post")
|
|
self.assert_cors_denied("/api/", method="post")
|
|
self.assert_cors_denied("/api/org/1", method="post")
|
|
self.assert_cors_denied("/org/1", method="post")
|
|
self.assert_cors_denied("/", method="post")
|
|
|
|
def test_cors_PUT(self):
|
|
self.assert_cors_denied("/api", method="put")
|
|
self.assert_cors_denied("/api/", method="put")
|
|
self.assert_cors_denied("/api/org/1", method="put")
|
|
self.assert_cors_denied("/org/1", method="put")
|
|
self.assert_cors_denied("/", method="put")
|
|
|
|
def test_cors_DELETE(self):
|
|
self.assert_cors_denied("/api", method="delete")
|
|
self.assert_cors_denied("/api/", method="delete")
|
|
self.assert_cors_denied("/api/org/1", method="delete")
|
|
self.assert_cors_denied("/org/1", method="delete")
|
|
self.assert_cors_denied("/", method="delete")
|