mirror/peeringdb-peeringdb
1
0
Fork 0
mirror of https://github.com/peeringdb/peeringdb.git synced 2024-05-11 05:55:09 +00:00
Code Releases Activity
Files
cf56acbfc4427f58fdc1edfeb72a6779a28e5ca3
peeringdb-peeringdb/tests/test_cors.py
Matt Griswold cf56acbfc4 black formatted
2019-12-05 16:57:52 +00:00

68 lines
2.6 KiB
Python
Raw Blame History

from django.test import TestCase, Client
from peeringdb_server.models import Organization, User
from util import ClientCase
from corsheaders.middleware import (
ACCESS_CONTROL_ALLOW_CREDENTIALS,
ACCESS_CONTROL_ALLOW_HEADERS,
ACCESS_CONTROL_ALLOW_METHODS,
ACCESS_CONTROL_ALLOW_ORIGIN,
ACCESS_CONTROL_EXPOSE_HEADERS,
ACCESS_CONTROL_MAX_AGE,
)
class CorsTest(ClientCase):
test_origin = "http://example.com"
@classmethod
def setUpTestData(cls):
ClientCase.setUpTestData()
cls.org = Organization.objects.create(name="Test", status="ok")
def assert_cors_allowed(self, url, method):
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
self.assertIn(resp.status_code, [200, 301])
self.assertIn(ACCESS_CONTROL_ALLOW_METHODS, resp)
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, resp)
self.assertIn(method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", "))
self.assertIn("origin", resp[ACCESS_CONTROL_ALLOW_HEADERS].split(", "))
self.assertEqual(resp[ACCESS_CONTROL_ALLOW_ORIGIN], self.test_origin)
def assert_cors_denied(self, url, method):
resp = Client().options(url, HTTP_ORIGIN=self.test_origin)
self.assertIn(resp.status_code, [200, 301])
if ACCESS_CONTROL_ALLOW_METHODS in resp:
self.assertNotIn(
method.upper(), resp[ACCESS_CONTROL_ALLOW_METHODS].split(", ")
)
def test_cors_GET(self):
self.assert_cors_allowed("/api", method="get")
self.assert_cors_allowed("/api/", method="get")
self.assert_cors_allowed("/api/org/1", method="get")
self.assert_cors_denied("/org/1", method="get")
self.assert_cors_denied("/", method="get")
def test_cors_POST(self):
self.assert_cors_denied("/api", method="post")
self.assert_cors_denied("/api/", method="post")
self.assert_cors_denied("/api/org/1", method="post")
self.assert_cors_denied("/org/1", method="post")
self.assert_cors_denied("/", method="post")
def test_cors_PUT(self):
self.assert_cors_denied("/api", method="put")
self.assert_cors_denied("/api/", method="put")
self.assert_cors_denied("/api/org/1", method="put")
self.assert_cors_denied("/org/1", method="put")
self.assert_cors_denied("/", method="put")
def test_cors_DELETE(self):
self.assert_cors_denied("/api", method="delete")
self.assert_cors_denied("/api/", method="delete")
self.assert_cors_denied("/api/org/1", method="delete")
self.assert_cors_denied("/org/1", method="delete")
self.assert_cors_denied("/", method="delete")
View Git Blame Copy Permalink