isso/specs/test_cors.py


from __future__ import unicode_literals

from werkzeug.test import Client
from werkzeug.wrappers import Response

from isso.wsgi import CORSMiddleware
from isso.utils import origin


def hello_world(environ, start_response):
    start_response('200 OK', [('Content-Type', 'text/html')])
    return ["Hello, World."]


def test_simple_CORS():

    app = CORSMiddleware(hello_world, origin=origin([
        "https://example.tld/",
        "http://example.tld/",
        "http://example.tld",
    ]))

    client = Client(app, Response)

    rv = client.get("/", headers={"ORIGIN": "https://example.tld"})

    assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld"
    assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type"
    assert rv.headers["Access-Control-Allow-Credentials"] == "true"
    assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE"
    assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie"

    a = client.get("/", headers={"ORIGIN": "http://example.tld"})
    assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"

    b = client.get("/", headers={"ORIGIN": "http://example.tld"})
    assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld"

    c = client.get("/", headers={"ORIGIN": "http://foo.other"})
    assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"


def test_preflight_CORS():

    app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]))
    client = Client(app, Response)

    rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"})
    assert rv.status_code == 200

    for hdr in ("Origin", "Headers", "Credentials", "Methods"):
        assert "Access-Control-Allow-%s" % hdr in rv.headers

    assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"
add unittest for CORS headers 2013-11-05 12:04:48 +00:00
lowercase MiddleWare and fix TypeError in Headers 2013-11-05 12:33:04 +00:00			`from __future__ import unicode_literals`

add unittest for CORS headers 2013-11-05 12:04:48 +00:00			`from werkzeug.test import Client`
			`from werkzeug.wrappers import Response`

lowercase MiddleWare and fix TypeError in Headers 2013-11-05 12:33:04 +00:00			`from isso.wsgi import CORSMiddleware`
refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`from isso.utils import origin`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00

			`def hello_world(environ, start_response):`
			`start_response('200 OK', [('Content-Type', 'text/html')])`
			`return ["Hello, World."]`


			`def test_simple_CORS():`

refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`app = CORSMiddleware(hello_world, origin=origin([`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00			`"https://example.tld/",`
			`"http://example.tld/",`
			`"http://example.tld",`
refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`]))`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00
			`client = Client(app, Response)`

			`rv = client.get("/", headers={"ORIGIN": "https://example.tld"})`

			`assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld"`
			`assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type"`
			`assert rv.headers["Access-Control-Allow-Credentials"] == "true"`
			`assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE"`
			`assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie"`

refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`a = client.get("/", headers={"ORIGIN": "http://example.tld"})`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00			`assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"`

			`b = client.get("/", headers={"ORIGIN": "http://example.tld"})`
refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld"`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00
refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`c = client.get("/", headers={"ORIGIN": "http://foo.other"})`
			`assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00

			`def test_preflight_CORS():`

refactor views and introduce an API for notifications Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP. 2013-11-09 14:18:21 +00:00			`app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]))`
add unittest for CORS headers 2013-11-05 12:04:48 +00:00			`client = Client(app, Response)`

			`rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"})`
			`assert rv.status_code == 200`

			`for hdr in ("Origin", "Headers", "Credentials", "Methods"):`
			`assert "Access-Control-Allow-%s" % hdr in rv.headers`

			`assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"`