6e85c54a2e
Keep Isso modular, not monolithic. Make it easy to integrate a web interface or add XMPP notifications. This refactorization includes minor bugfixes and changes: * CORS middleware did not work properly due to wrong unit tests * more type checks on JSON input * new detection for origin and public url, closes #28 * new activation and delete url (no redirect for old urls, but you can convert the old urls: copy hash after `/activate/` (or delete) and open `/id/<id of comment>/activate/<hash>` * move crypto.py to utils/ With this commit, SMTP is no longer automatically configured: add `notify = smtp` to the `[general]` section to use SMTP.
56 lines
1.8 KiB
Python
56 lines
1.8 KiB
Python
|
|
from __future__ import unicode_literals
|
|
|
|
from werkzeug.test import Client
|
|
from werkzeug.wrappers import Response
|
|
|
|
from isso.wsgi import CORSMiddleware
|
|
from isso.utils import origin
|
|
|
|
|
|
def hello_world(environ, start_response):
|
|
start_response('200 OK', [('Content-Type', 'text/html')])
|
|
return ["Hello, World."]
|
|
|
|
|
|
def test_simple_CORS():
|
|
|
|
app = CORSMiddleware(hello_world, origin=origin([
|
|
"https://example.tld/",
|
|
"http://example.tld/",
|
|
"http://example.tld",
|
|
]))
|
|
|
|
client = Client(app, Response)
|
|
|
|
rv = client.get("/", headers={"ORIGIN": "https://example.tld"})
|
|
|
|
assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld"
|
|
assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type"
|
|
assert rv.headers["Access-Control-Allow-Credentials"] == "true"
|
|
assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE"
|
|
assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie"
|
|
|
|
a = client.get("/", headers={"ORIGIN": "http://example.tld"})
|
|
assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|
|
|
|
b = client.get("/", headers={"ORIGIN": "http://example.tld"})
|
|
assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|
|
|
|
c = client.get("/", headers={"ORIGIN": "http://foo.other"})
|
|
assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"
|
|
|
|
|
|
def test_preflight_CORS():
|
|
|
|
app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]))
|
|
client = Client(app, Response)
|
|
|
|
rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"})
|
|
assert rv.status_code == 200
|
|
|
|
for hdr in ("Origin", "Headers", "Credentials", "Methods"):
|
|
assert "Access-Control-Allow-%s" % hdr in rv.headers
|
|
|
|
assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|