Modernized middleware tests.

class CommonMiddlewareTest(TestCase):

    def setUp(self):

        self.append_slash = settings.APPEND_SLASH

        self.prepend_www = settings.PREPEND_WWW

        self.ignorable_404_urls = settings.IGNORABLE_404_URLS

        self.send_broken_email_links = settings.SEND_BROKEN_LINK_EMAILS

    def tearDown(self):

        settings.APPEND_SLASH = self.append_slash

        settings.PREPEND_WWW = self.prepend_www

        settings.IGNORABLE_404_URLS = self.ignorable_404_urls

        settings.SEND_BROKEN_LINK_EMAILS = self.send_broken_email_links

    def _get_request(self, path):

        request = HttpRequest()

        request.path = request.path_info = "/middleware/%s" % path

        return request

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_have_slash(self):

        """

        Tests that URLs with slashes go unmolested.

        """

        settings.APPEND_SLASH = True

        request = self._get_request('slash/')

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_slashless_resource(self):

        """

        Tests that matches to explicit slashless URLs go unmolested.

        """

        settings.APPEND_SLASH = True

        request = self._get_request('noslash')

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_slashless_unknown(self):

        """

        Tests that APPEND_SLASH doesn't redirect to unknown resources.

        """

        settings.APPEND_SLASH = True

        request = self._get_request('unknown')

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_redirect(self):

        """

        Tests that APPEND_SLASH redirects slashless URLs to a valid pattern.

        """

        settings.APPEND_SLASH = True

        request = self._get_request('slash')

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

        self.assertEqual(r['Location'], 'http://testserver/middleware/slash/')

    @override_settings(APPEND_SLASH=True, DEBUG=True)

    def test_append_slash_no_redirect_on_POST_in_DEBUG(self):

        """

        Tests that while in debug mode, an exception is raised with a warning

        when a failed attempt is made to POST to an URL which would normally be

        redirected to a slashed version.

        """

        settings.APPEND_SLASH = True

        settings.DEBUG = True

        request = self._get_request('slash')

        request.method = 'POST'

        self.assertRaises(

            RuntimeError,

            CommonMiddleware().process_request,

            request)

        try:

        with six.assertRaisesRegex(self, RuntimeError, 'end in a slash'):

            CommonMiddleware().process_request(request)

        except RuntimeError as e:

            self.assertTrue('end in a slash' in str(e))

        settings.DEBUG = False

    @override_settings(APPEND_SLASH=False)

    def test_append_slash_disabled(self):

        """

        Tests disabling append slash functionality.

        """

        settings.APPEND_SLASH = False

        request = self._get_request('slash')

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_quoted(self):

        """

        Tests that URLs which require quoting are redirected to their slash

        version ok.

        """

        settings.APPEND_SLASH = True

        request = self._get_request('needsquoting#')

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

            r['Location'],

            'http://testserver/middleware/needsquoting%23/')

    @override_settings(APPEND_SLASH=False, PREPEND_WWW=True)

    def test_prepend_www(self):

        settings.PREPEND_WWW = True

        settings.APPEND_SLASH = False

        request = self._get_request('path/')

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

            r['Location'],

            'http://www.testserver/middleware/path/')

    @override_settings(APPEND_SLASH=True, PREPEND_WWW=True)

    def test_prepend_www_append_slash_have_slash(self):

        settings.PREPEND_WWW = True

        settings.APPEND_SLASH = True

        request = self._get_request('slash/')

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

        self.assertEqual(r['Location'],

                          'http://www.testserver/middleware/slash/')

    @override_settings(APPEND_SLASH=True, PREPEND_WWW=True)

    def test_prepend_www_append_slash_slashless(self):

        settings.PREPEND_WWW = True

        settings.APPEND_SLASH = True

        request = self._get_request('slash')

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

    # The following tests examine expected behavior given a custom urlconf that

    # overrides the default one through the request object.

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_have_slash_custom_urlconf(self):

        """

        Tests that URLs with slashes go unmolested.

        """

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/slash/')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_slashless_resource_custom_urlconf(self):

        """

        Tests that matches to explicit slashless URLs go unmolested.

        """

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/noslash')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_slashless_unknown_custom_urlconf(self):

        """

        Tests that APPEND_SLASH doesn't redirect to unknown resources.

        """

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/unknown')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_redirect_custom_urlconf(self):

        """

        Tests that APPEND_SLASH redirects slashless URLs to a valid pattern.

        """

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/slash')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r.status_code, 301)

        self.assertEqual(r['Location'], 'http://testserver/middleware/customurlconf/slash/')

    @override_settings(APPEND_SLASH=True, DEBUG=True)

    def test_append_slash_no_redirect_on_POST_in_DEBUG_custom_urlconf(self):

        """

        Tests that while in debug mode, an exception is raised with a warning

        when a failed attempt is made to POST to an URL which would normally be

        redirected to a slashed version.

        """

      settings.APPEND_SLASH = True

      settings.DEBUG = True

        request = self._get_request('customurlconf/slash')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        request.method = 'POST'

      self.assertRaises(

          RuntimeError,

          CommonMiddleware().process_request,

          request)

      try:

        with six.assertRaisesRegex(self, RuntimeError, 'end in a slash'):

            CommonMiddleware().process_request(request)

      except RuntimeError as e:

          self.assertTrue('end in a slash' in str(e))

      settings.DEBUG = False

    @override_settings(APPEND_SLASH=False)

    def test_append_slash_disabled_custom_urlconf(self):

        """

        Tests disabling append slash functionality.

        """

      settings.APPEND_SLASH = False

        request = self._get_request('customurlconf/slash')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        self.assertEqual(CommonMiddleware().process_request(request), None)

    @override_settings(APPEND_SLASH=True)

    def test_append_slash_quoted_custom_urlconf(self):

        """

        Tests that URLs which require quoting are redirected to their slash

        version ok.

        """

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/needsquoting#')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        r = CommonMiddleware().process_request(request)

            r['Location'],

            'http://testserver/middleware/customurlconf/needsquoting%23/')

    @override_settings(APPEND_SLASH=False, PREPEND_WWW=True)

    def test_prepend_www_custom_urlconf(self):

      settings.PREPEND_WWW = True

      settings.APPEND_SLASH = False

        request = self._get_request('customurlconf/path/')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        r = CommonMiddleware().process_request(request)

            r['Location'],

            'http://www.testserver/middleware/customurlconf/path/')

    @override_settings(APPEND_SLASH=True, PREPEND_WWW=True)

    def test_prepend_www_append_slash_have_slash_custom_urlconf(self):

      settings.PREPEND_WWW = True

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/slash/')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        r = CommonMiddleware().process_request(request)

        self.assertEqual(r['Location'],

                          'http://www.testserver/middleware/customurlconf/slash/')

    @override_settings(APPEND_SLASH=True, PREPEND_WWW=True)

    def test_prepend_www_append_slash_slashless_custom_urlconf(self):

      settings.PREPEND_WWW = True

      settings.APPEND_SLASH = True

        request = self._get_request('customurlconf/slash')

        request.urlconf = 'regressiontests.middleware.extra_urls'

        r = CommonMiddleware().process_request(request)

    # Tests for the 404 error reporting via email

    @override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),

                       SEND_BROKEN_LINK_EMAILS = True)

    def test_404_error_reporting(self):

        settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)

        settings.SEND_BROKEN_LINK_EMAILS = True

        request = self._get_request('regular_url/that/does/not/exist')

        request.META['HTTP_REFERER'] = '/another/url/'

        response = self.client.get(request.path)

        self.assertEqual(len(mail.outbox), 1)

        self.assertIn('Broken', mail.outbox[0].subject)

    @override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),

                       SEND_BROKEN_LINK_EMAILS = True)

    def test_404_error_reporting_no_referer(self):

        settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)

        settings.SEND_BROKEN_LINK_EMAILS = True

        request = self._get_request('regular_url/that/does/not/exist')

        response = self.client.get(request.path)

        CommonMiddleware().process_response(request, response)

        self.assertEqual(len(mail.outbox), 0)

    @override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),

                       SEND_BROKEN_LINK_EMAILS = True)

    def test_404_error_reporting_ignored_url(self):

        settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)

        settings.SEND_BROKEN_LINK_EMAILS = True

        request = self._get_request('foo_url/that/does/not/exist/either')

        request.META['HTTP_REFERER'] = '/another/url/'

        response = self.client.get(request.path)

    """

    Tests for the X-Frame-Options clickjacking prevention middleware.

    """

    def setUp(self):

        self.x_frame_options = settings.X_FRAME_OPTIONS

    def tearDown(self):

        settings.X_FRAME_OPTIONS = self.x_frame_options

    def test_same_origin(self):

        """

        Tests that the X_FRAME_OPTIONS setting can be set to SAMEORIGIN to

        have the middleware use that value for the HTTP header.

        """

        settings.X_FRAME_OPTIONS = 'SAMEORIGIN'

        with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                           HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        settings.X_FRAME_OPTIONS = 'sameorigin'

        with override_settings(X_FRAME_OPTIONS='sameorigin'):

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                       HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        Tests that the X_FRAME_OPTIONS setting can be set to DENY to

        have the middleware use that value for the HTTP header.

        """

        settings.X_FRAME_OPTIONS = 'DENY'

        with override_settings(X_FRAME_OPTIONS='DENY'):

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                           HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'DENY')

        settings.X_FRAME_OPTIONS = 'deny'

        with override_settings(X_FRAME_OPTIONS='deny'):

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                           HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'DENY')

        Tests that if the X_FRAME_OPTIONS setting is not set then it defaults

        to SAMEORIGIN.

        """

        del settings.X_FRAME_OPTIONS

        with override_settings(X_FRAME_OPTIONS=None):

            del settings.X_FRAME_OPTIONS    # restored by override_settings

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                           HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        Tests that if the X-Frame-Options header is already set then the

        middleware does not attempt to override it.

        """

        settings.X_FRAME_OPTIONS = 'DENY'

        with override_settings(X_FRAME_OPTIONS='DENY'):

            response = HttpResponse()

            response['X-Frame-Options'] = 'SAMEORIGIN'

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                                                           response)

            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        settings.X_FRAME_OPTIONS = 'SAMEORIGIN'

        with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):

            response = HttpResponse()

            response['X-Frame-Options'] = 'DENY'

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

        to False then it still sets the header, but if it's set to True then

        it does not.

        """

        settings.X_FRAME_OPTIONS = 'SAMEORIGIN'

        with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):

            response = HttpResponse()

            response.xframe_options_exempt = False

            r = XFrameOptionsMiddleware().process_response(HttpRequest(),

                    return 'SAMEORIGIN'

                return 'DENY'

        settings.X_FRAME_OPTIONS = 'DENY'

        with override_settings(X_FRAME_OPTIONS='DENY'):

            response = HttpResponse()

            response.sameorigin = True

            r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(),

                                                                HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        settings.X_FRAME_OPTIONS = 'SAMEORIGIN'

        with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):

            r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(),

                                                                HttpResponse())

            self.assertEqual(r['X-Frame-Options'], 'DENY')