File: test_client_middleware.py

package info (click to toggle)
python-aiohttp 3.12.15-1
links: PTS, VCS
area: main
in suites: sid
size: 16,900 kB
sloc: python: 61,659; ansic: 20,773; makefile: 396; sh: 3
file content (1271 lines) | stat: -rw-r--r-- 45,648 bytes
"""Tests for client middleware."""

import json
import socket
from typing import Dict, List, NoReturn, Optional, Union

import pytest

from aiohttp import (
    ClientError,
    ClientHandlerType,
    ClientRequest,
    ClientResponse,
    ClientSession,
    ClientTimeout,
    TCPConnector,
    web,
)
from aiohttp.abc import ResolveResult
from aiohttp.client_middlewares import build_client_middlewares
from aiohttp.client_proto import ResponseHandler
from aiohttp.pytest_plugin import AiohttpServer
from aiohttp.resolver import ThreadedResolver
from aiohttp.tracing import Trace


class BlockedByMiddleware(ClientError):
    """Custom exception for when middleware blocks a request."""


async def test_client_middleware_called(aiohttp_server: AiohttpServer) -> None:
    """Test that client middleware is called."""
    middleware_called = False
    request_count = 0

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1
        return web.Response(text=f"OK {request_count}")

    async def test_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal middleware_called
        middleware_called = True
        response = await handler(request)
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(test_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "OK 1"

    assert middleware_called is True
    assert request_count == 1


async def test_client_middleware_retry(aiohttp_server: AiohttpServer) -> None:
    """Test that middleware can trigger retries."""
    request_count = 0

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1
        if request_count == 1:
            return web.Response(status=503)
        return web.Response(text=f"OK {request_count}")

    async def retry_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        response = None
        for _ in range(2):  # pragma: no branch
            response = await handler(request)
            if response.ok:
                return response
        assert False, "not reachable in test"

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(retry_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "OK 2"

    assert request_count == 2


async def test_client_middleware_per_request(aiohttp_server: AiohttpServer) -> None:
    """Test that middleware can be specified per request."""
    session_middleware_called = False
    request_middleware_called = False

    async def handler(request: web.Request) -> web.Response:
        return web.Response(text="OK")

    async def session_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal session_middleware_called
        session_middleware_called = True
        response = await handler(request)
        return response

    async def request_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal request_middleware_called
        request_middleware_called = True
        response = await handler(request)
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Request with session middleware
    async with ClientSession(middlewares=(session_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200

    assert session_middleware_called is True
    assert request_middleware_called is False

    # Reset flags
    session_middleware_called = False

    # Request with override middleware
    async with ClientSession(middlewares=(session_middleware,)) as session:
        async with session.get(
            server.make_url("/"), middlewares=(request_middleware,)
        ) as resp:
            assert resp.status == 200

    assert session_middleware_called is False
    assert request_middleware_called is True


async def test_multiple_client_middlewares(aiohttp_server: AiohttpServer) -> None:
    """Test that multiple middlewares are executed in order."""
    calls: list[str] = []

    async def handler(request: web.Request) -> web.Response:
        return web.Response(text="OK")

    async def middleware1(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        calls.append("before1")
        response = await handler(request)
        calls.append("after1")
        return response

    async def middleware2(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        calls.append("before2")
        response = await handler(request)
        calls.append("after2")
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(middleware1, middleware2)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200

    # Middlewares are applied in reverse order (like server middlewares)
    # So middleware1 wraps middleware2
    assert calls == ["before1", "before2", "after2", "after1"]


async def test_client_middleware_auth_example(aiohttp_server: AiohttpServer) -> None:
    """Test an authentication middleware example."""

    async def handler(request: web.Request) -> web.Response:
        auth_header = request.headers.get("Authorization")
        if auth_header == "Bearer valid-token":
            return web.Response(text="Authenticated")
        return web.Response(status=401, text="Unauthorized")

    async def auth_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Add authentication header before request
        request.headers["Authorization"] = "Bearer valid-token"
        response = await handler(request)
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Without middleware - should fail
    async with ClientSession() as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 401

    # With middleware - should succeed
    async with ClientSession(middlewares=(auth_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Authenticated"


async def test_client_middleware_challenge_auth(aiohttp_server: AiohttpServer) -> None:
    """Test authentication middleware with challenge/response pattern like digest auth."""
    request_count = 0
    challenge_token = "challenge-123"

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1

        auth_header = request.headers.get("Authorization")

        # First request - no auth header, return challenge
        if request_count == 1 and not auth_header:
            return web.Response(
                status=401,
                headers={
                    "WWW-Authenticate": f'Custom realm="test", nonce="{challenge_token}"'
                },
            )

        # Subsequent requests - check for correct auth with challenge
        if auth_header == f'Custom response="{challenge_token}-secret"':
            return web.Response(text="Authenticated")

        assert False, "Should not reach here - invalid auth scenario"

    async def challenge_auth_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonce: Optional[str] = None
        attempted: bool = False

        while True:
            # If we have challenge data from previous attempt, add auth header
            if nonce and attempted:
                request.headers["Authorization"] = f'Custom response="{nonce}-secret"'

            response = await handler(request)

            # If we get a 401 with challenge, store it and retry
            if response.status == 401 and not attempted:
                www_auth = response.headers.get("WWW-Authenticate")
                if www_auth and "nonce=" in www_auth:
                    # Extract nonce from authentication header
                    nonce_start = www_auth.find('nonce="') + 7
                    nonce_end = www_auth.find('"', nonce_start)
                    nonce = www_auth[nonce_start:nonce_end]
                    attempted = True
                    continue
                else:
                    assert False, "Should not reach here"

            return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(challenge_auth_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Authenticated"

    # Should have made 2 requests: initial and retry with auth
    assert request_count == 2


async def test_client_middleware_multi_step_auth(aiohttp_server: AiohttpServer) -> None:
    """Test middleware with multi-step authentication flow."""
    auth_state: dict[str, int] = {}
    middleware_state: Dict[str, Optional[Union[int, str]]] = {
        "step": 0,
        "session": None,
        "challenge": None,
    }

    async def handler(request: web.Request) -> web.Response:
        client_id = request.headers.get("X-Client-ID", "unknown")
        auth_header = request.headers.get("Authorization")
        step = auth_state.get(client_id, 0)

        # Step 0: No auth, request client ID
        if step == 0 and not auth_header:
            auth_state[client_id] = 1
            return web.Response(
                status=401, headers={"X-Auth-Step": "1", "X-Session": "session-123"}
            )

        # Step 1: Has session, request credentials
        if step == 1 and auth_header == "Bearer session-123":
            auth_state[client_id] = 2
            return web.Response(
                status=401, headers={"X-Auth-Step": "2", "X-Challenge": "challenge-456"}
            )

        # Step 2: Has challenge response, authenticate
        if step == 2 and auth_header == "Bearer challenge-456-response":
            return web.Response(text="Authenticated")

        assert False, "Should not reach here - invalid multi-step auth flow"

    async def multi_step_auth_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        request.headers["X-Client-ID"] = "test-client"

        for _ in range(3):
            # Apply auth based on current state
            if middleware_state["step"] == 1 and middleware_state["session"]:
                request.headers["Authorization"] = (
                    f"Bearer {middleware_state['session']}"
                )
            elif middleware_state["step"] == 2 and middleware_state["challenge"]:
                request.headers["Authorization"] = (
                    f"Bearer {middleware_state['challenge']}-response"
                )

            response = await handler(request)

            # Handle multi-step auth flow
            if response.status == 401:
                auth_step = response.headers.get("X-Auth-Step")

                if auth_step == "1":
                    # First step: store session token
                    middleware_state["session"] = response.headers.get("X-Session")
                    middleware_state["step"] = 1
                    continue

                elif auth_step == "2":
                    # Second step: store challenge
                    middleware_state["challenge"] = response.headers.get("X-Challenge")
                    middleware_state["step"] = 2
                    continue
                else:
                    assert False, "Should not reach here"

            return response
        # This should not be reached but keeps mypy happy
        assert False, "Should not reach here"

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(multi_step_auth_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Authenticated"


async def test_client_middleware_conditional_retry(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test middleware with conditional retry based on response content."""
    request_count = 0
    token_state: Dict[str, Union[str, bool]] = {
        "token": "old-token",
        "refreshed": False,
    }

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1

        auth_token = request.headers.get("X-Auth-Token")

        if request_count == 1:
            # First request returns expired token error
            return web.json_response(
                {"error": "token_expired", "refresh_required": True}, status=401
            )

        if auth_token == "refreshed-token":
            return web.json_response({"data": "success"})

        assert False, "Should not reach here - invalid token refresh flow"

    async def token_refresh_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        for _ in range(2):
            # Add token to request
            request.headers["X-Auth-Token"] = str(token_state["token"])

            response = await handler(request)

            # Check if token needs refresh
            if response.status == 401 and not token_state["refreshed"]:
                data = await response.json()
                if data.get("error") == "token_expired" and data.get(
                    "refresh_required"
                ):
                    # Simulate token refresh
                    token_state["token"] = "refreshed-token"
                    token_state["refreshed"] = True
                    continue
                else:
                    assert False, "Should not reach here"

            return response
        # This should not be reached but keeps mypy happy
        assert False, "Should not reach here"

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    async with ClientSession(middlewares=(token_refresh_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            data = await resp.json()
            assert data == {"data": "success"}

    assert request_count == 2  # Initial request + retry after refresh


async def test_build_client_middlewares_empty() -> None:
    """Test build_client_middlewares with empty middlewares."""

    async def handler(request: ClientRequest) -> NoReturn:
        """Dummy handler."""
        assert False

    # Test empty case
    result = build_client_middlewares(handler, ())
    assert result is handler  # Should return handler unchanged


async def test_client_middleware_class_based_auth(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test middleware using class-based pattern with instance state."""

    class TokenAuthMiddleware:
        """Middleware that handles token-based authentication."""

        def __init__(self, token: str) -> None:
            self.token = token
            self.request_count = 0

        async def __call__(
            self, request: ClientRequest, handler: ClientHandlerType
        ) -> ClientResponse:
            self.request_count += 1
            request.headers["Authorization"] = f"Bearer {self.token}"
            return await handler(request)

    async def handler(request: web.Request) -> web.Response:
        auth_header = request.headers.get("Authorization")
        if auth_header == "Bearer test-token":
            return web.Response(text="Authenticated")
        assert False, "Should not reach here - class auth should always have token"

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Create middleware instance
    auth_middleware = TokenAuthMiddleware("test-token")

    async with ClientSession(middlewares=(auth_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Authenticated"

    # Verify the middleware was called
    assert auth_middleware.request_count == 1


async def test_client_middleware_stateful_retry(aiohttp_server: AiohttpServer) -> None:
    """Test retry middleware using class with state management."""

    class RetryMiddleware:
        """Middleware that retries failed requests with backoff."""

        def __init__(self, max_retries: int = 3) -> None:
            self.max_retries = max_retries

        async def __call__(
            self, request: ClientRequest, handler: ClientHandlerType
        ) -> ClientResponse:
            retry_count = 0

            while True:
                response = await handler(request)

                if response.status >= 500 and retry_count < self.max_retries:
                    retry_count += 1
                    continue

                return response

    request_count = 0

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1

        if request_count < 3:
            return web.Response(status=503)
        return web.Response(text="Success")

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    retry_middleware = RetryMiddleware(max_retries=2)

    async with ClientSession(middlewares=(retry_middleware,)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Success"

    assert request_count == 3  # Initial + 2 retries


async def test_client_middleware_multiple_instances(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test using multiple instances of the same middleware class."""

    class HeaderMiddleware:
        """Middleware that adds a header with instance-specific value."""

        def __init__(self, header_name: str, header_value: str) -> None:
            self.header_name = header_name
            self.header_value = header_value
            self.applied = False

        async def __call__(
            self, request: ClientRequest, handler: ClientHandlerType
        ) -> ClientResponse:
            self.applied = True
            request.headers[self.header_name] = self.header_value
            return await handler(request)

    headers_received = {}

    async def handler(request: web.Request) -> web.Response:
        headers_received.update(dict(request.headers))
        return web.Response(text="OK")

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Create two instances with different headers
    middleware1 = HeaderMiddleware("X-Custom-1", "value1")
    middleware2 = HeaderMiddleware("X-Custom-2", "value2")

    async with ClientSession(middlewares=(middleware1, middleware2)) as session:
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200

    # Both middlewares should have been applied
    assert middleware1.applied is True
    assert middleware2.applied is True
    assert headers_received.get("X-Custom-1") == "value1"
    assert headers_received.get("X-Custom-2") == "value2"


async def test_request_middleware_overrides_session_middleware_with_empty(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that passing empty middlewares tuple to a request disables session-level middlewares."""
    session_middleware_called = False

    async def handler(request: web.Request) -> web.Response:
        auth_header = request.headers.get("Authorization")
        if auth_header:
            return web.Response(text=f"Auth: {auth_header}")
        return web.Response(text="No auth")

    async def session_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal session_middleware_called
        session_middleware_called = True
        request.headers["Authorization"] = "Bearer session-token"
        response = await handler(request)
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Create session with middleware
    async with ClientSession(middlewares=(session_middleware,)) as session:
        # First request uses session middleware
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Auth: Bearer session-token"
            assert session_middleware_called is True

        # Reset flags
        session_middleware_called = False

        # Second request explicitly disables middlewares with empty tuple
        async with session.get(server.make_url("/"), middlewares=()) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "No auth"
            assert session_middleware_called is False


async def test_request_middleware_overrides_session_middleware_with_specific(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that passing specific middlewares to a request overrides session-level middlewares."""
    session_middleware_called = False
    request_middleware_called = False

    async def handler(request: web.Request) -> web.Response:
        auth_header = request.headers.get("Authorization")
        if auth_header:
            return web.Response(text=f"Auth: {auth_header}")
        return web.Response(text="No auth")

    async def session_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal session_middleware_called
        session_middleware_called = True
        request.headers["Authorization"] = "Bearer session-token"
        response = await handler(request)
        return response

    async def request_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        nonlocal request_middleware_called
        request_middleware_called = True
        request.headers["Authorization"] = "Bearer request-token"
        response = await handler(request)
        return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Create session with middleware
    async with ClientSession(middlewares=(session_middleware,)) as session:
        # First request uses session middleware
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Auth: Bearer session-token"
            assert session_middleware_called is True
            assert request_middleware_called is False

        # Reset flags
        session_middleware_called = False
        request_middleware_called = False

        # Second request uses request-specific middleware
        async with session.get(
            server.make_url("/"), middlewares=(request_middleware,)
        ) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Auth: Bearer request-token"
            assert session_middleware_called is False
            assert request_middleware_called is True


@pytest.mark.parametrize(
    "exception_class,match_text",
    [
        (ValueError, "Middleware error"),
        (ClientError, "Client error from middleware"),
        (OSError, "OS error from middleware"),
    ],
)
async def test_client_middleware_exception_closes_connection(
    aiohttp_server: AiohttpServer,
    exception_class: type[Exception],
    match_text: str,
) -> None:
    """Test that connections are closed when middleware raises an exception."""

    async def handler(request: web.Request) -> NoReturn:
        assert False, "Handler should not be reached"

    async def failing_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> NoReturn:
        # Raise exception before the handler is called
        raise exception_class(match_text)

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    # Create custom connector
    connector = TCPConnector()

    async with ClientSession(
        connector=connector, middlewares=(failing_middleware,)
    ) as session:
        # Make request that should fail in middleware
        with pytest.raises(exception_class, match=match_text):
            await session.get(server.make_url("/"))

    # Check that the connector has no active connections
    # If connections were properly closed, _conns should be empty
    assert len(connector._conns) == 0

    await connector.close()


async def test_client_middleware_blocks_connection_before_established(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can block connections before they are established."""
    blocked_hosts = {"blocked.example.com", "evil.com"}
    connection_attempts: List[str] = []

    async def handler(request: web.Request) -> web.Response:
        return web.Response(text="Reached")

    async def blocking_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Record the connection attempt
        connection_attempts.append(str(request.url))

        # Block requests to certain hosts
        if request.url.host in blocked_hosts:
            raise BlockedByMiddleware(f"Connection to {request.url.host} is blocked")

        # Allow the request to proceed
        return await handler(request)

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    connector = TCPConnector()
    async with ClientSession(
        connector=connector, middlewares=(blocking_middleware,)
    ) as session:
        # Test allowed request
        allowed_url = server.make_url("/")
        async with session.get(allowed_url) as resp:
            assert resp.status == 200
            assert await resp.text() == "Reached"

        # Test blocked request
        with pytest.raises(BlockedByMiddleware) as exc_info:
            # Use a fake URL that would fail DNS if connection was attempted
            await session.get("https://blocked.example.com/")

        assert "Connection to blocked.example.com is blocked" in str(exc_info.value)

        # Test another blocked host
        with pytest.raises(BlockedByMiddleware) as exc_info:
            await session.get("https://evil.com/path")

        assert "Connection to evil.com is blocked" in str(exc_info.value)

    # Verify that connections were attempted in the correct order
    assert len(connection_attempts) == 3
    assert allowed_url.host

    assert connection_attempts == [
        str(server.make_url("/")),
        "https://blocked.example.com/",
        "https://evil.com/path",
    ]

    # Check that no connections were leaked
    assert len(connector._conns) == 0

    await connector.close()


async def test_client_middleware_blocks_connection_without_dns_lookup(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware prevents DNS lookups for blocked hosts."""
    blocked_hosts = {"blocked.domain.tld"}
    dns_lookups_made: List[str] = []

    # Create a simple server for the allowed request
    async def handler(request: web.Request) -> web.Response:
        return web.Response(text="OK")

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    class TrackingResolver(ThreadedResolver):
        async def resolve(
            self,
            hostname: str,
            port: int = 0,
            family: socket.AddressFamily = socket.AF_INET,
        ) -> List[ResolveResult]:
            dns_lookups_made.append(hostname)
            return await super().resolve(hostname, port, family)

    async def blocking_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Block requests to certain hosts before DNS lookup
        if request.url.host in blocked_hosts:
            raise BlockedByMiddleware(f"Blocked by policy: {request.url.host}")

        return await handler(request)

    resolver = TrackingResolver()
    connector = TCPConnector(resolver=resolver)
    async with ClientSession(
        connector=connector, middlewares=(blocking_middleware,)
    ) as session:
        # Test blocked request to non-existent domain
        with pytest.raises(BlockedByMiddleware) as exc_info:
            await session.get("https://blocked.domain.tld/")

        assert "Blocked by policy: blocked.domain.tld" in str(exc_info.value)

        # Verify that no DNS lookup was made for the blocked domain
        assert "blocked.domain.tld" not in dns_lookups_made

        # Test allowed request to existing server - this should trigger DNS lookup
        async with session.get(f"http://localhost:{server.port}") as resp:
            assert resp.status == 200

        # Verify that DNS lookup was made for the allowed request
        # The server might use a hostname that requires DNS resolution
        assert len(dns_lookups_made) > 0

        # Make sure blocked domain is still not in DNS lookups
        assert "blocked.domain.tld" not in dns_lookups_made

    # Clean up
    await connector.close()


async def test_client_middleware_retry_reuses_connection(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that connections are reused when middleware performs retries."""
    request_count = 0

    async def handler(request: web.Request) -> web.Response:
        nonlocal request_count
        request_count += 1
        if request_count == 1:
            return web.Response(status=400)  # First request returns 400 with no body
        return web.Response(text="OK")

    class TrackingConnector(TCPConnector):
        """Connector that tracks connection attempts."""

        connection_attempts = 0

        async def _create_connection(
            self, req: ClientRequest, traces: List["Trace"], timeout: "ClientTimeout"
        ) -> ResponseHandler:
            self.connection_attempts += 1
            return await super()._create_connection(req, traces, timeout)

    class RetryOnceMiddleware:
        """Middleware that retries exactly once."""

        def __init__(self) -> None:
            self.attempt_count = 0

        async def __call__(
            self, request: ClientRequest, handler: ClientHandlerType
        ) -> ClientResponse:
            retry_count = 0
            while True:
                self.attempt_count += 1
                response = await handler(request)
                if response.status == 400 and retry_count == 0:
                    retry_count += 1
                    continue
                return response

    app = web.Application()
    app.router.add_get("/", handler)
    server = await aiohttp_server(app)

    connector = TrackingConnector()
    middleware = RetryOnceMiddleware()

    async with ClientSession(connector=connector, middlewares=(middleware,)) as session:
        # Make initial request
        async with session.get(server.make_url("/")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "OK"

    # Should have made 2 request attempts (initial + 1 retry)
    assert middleware.attempt_count == 2
    # Should have created only 1 connection (reused on retry)
    assert connector.connection_attempts == 1

    await connector.close()


async def test_middleware_uses_session_avoids_recursion_with_path_check(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can avoid infinite recursion using a path check."""
    log_collector: List[Dict[str, str]] = []

    async def log_api_handler(request: web.Request) -> web.Response:
        """Handle log API requests."""
        data: Dict[str, str] = await request.json()
        log_collector.append(data)
        return web.Response(text="OK")

    async def main_handler(request: web.Request) -> web.Response:
        """Handle main server requests."""
        return web.Response(text=f"Hello from {request.path}")

    # Create log API server
    log_app = web.Application()
    log_app.router.add_post("/log", log_api_handler)
    log_server = await aiohttp_server(log_app)

    # Create main server
    main_app = web.Application()
    main_app.router.add_get("/{path:.*}", main_handler)
    main_server = await aiohttp_server(main_app)

    async def log_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        """Log requests to external API, avoiding recursion with path check."""
        # Avoid infinite recursion by not logging requests to the /log endpoint
        if request.url.path != "/log":
            # Use the session from the request to make the logging call
            async with request.session.post(
                f"http://localhost:{log_server.port}/log",
                json={"method": str(request.method), "url": str(request.url)},
            ) as resp:
                assert resp.status == 200

        return await handler(request)

    # Create session with the middleware
    async with ClientSession(middlewares=(log_middleware,)) as session:
        # Make request to main server - should be logged
        async with session.get(main_server.make_url("/test")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Hello from /test"

        # Make direct request to log API - should NOT be logged (avoid recursion)
        async with session.post(
            log_server.make_url("/log"),
            json={"method": "DIRECT_POST", "url": "manual_test_entry"},
        ) as resp:
            assert resp.status == 200

    # Check logs
    # The first request should be logged
    # The second request (to /log) should also be logged but not the middleware's own log request
    assert len(log_collector) == 2
    assert log_collector[0]["method"] == "GET"
    assert log_collector[0]["url"] == str(main_server.make_url("/test"))
    assert log_collector[1]["method"] == "DIRECT_POST"
    assert log_collector[1]["url"] == "manual_test_entry"


async def test_middleware_uses_session_avoids_recursion_with_disabled_middleware(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can avoid infinite recursion by disabling middleware."""
    log_collector: List[Dict[str, str]] = []
    request_count = 0

    async def log_api_handler(request: web.Request) -> web.Response:
        """Handle log API requests."""
        nonlocal request_count
        request_count += 1
        data: Dict[str, str] = await request.json()
        log_collector.append(data)
        return web.Response(text="OK")

    async def main_handler(request: web.Request) -> web.Response:
        """Handle main server requests."""
        return web.Response(text=f"Hello from {request.path}")

    # Create log API server
    log_app = web.Application()
    log_app.router.add_post("/log", log_api_handler)
    log_server = await aiohttp_server(log_app)

    # Create main server
    main_app = web.Application()
    main_app.router.add_get("/{path:.*}", main_handler)
    main_server = await aiohttp_server(main_app)

    async def log_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        """Log all requests using session with disabled middleware."""
        # Use the session from the request to make the logging call
        # Disable middleware to avoid infinite recursion
        async with request.session.post(
            f"http://localhost:{log_server.port}/log",
            json={"method": str(request.method), "url": str(request.url)},
            middlewares=(),  # This prevents infinite recursion
        ) as resp:
            assert resp.status == 200

        return await handler(request)

    # Create session with the middleware
    async with ClientSession(middlewares=(log_middleware,)) as session:
        # Make request to main server - should be logged
        async with session.get(main_server.make_url("/test")) as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "Hello from /test"

        # Make another request - should also be logged
        async with session.get(main_server.make_url("/another")) as resp:
            assert resp.status == 200

    # Check logs - both requests should be logged
    assert len(log_collector) == 2
    assert log_collector[0]["method"] == "GET"
    assert log_collector[0]["url"] == str(main_server.make_url("/test"))
    assert log_collector[1]["method"] == "GET"
    assert log_collector[1]["url"] == str(main_server.make_url("/another"))

    # Ensure that log requests were made without the middleware
    # (request_count equals number of logged requests, not infinite)
    assert request_count == 2


async def test_middleware_can_check_request_body(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can check request body."""
    received_bodies: List[str] = []
    received_headers: List[Dict[str, str]] = []

    async def handler(request: web.Request) -> web.Response:
        """Server handler that receives requests."""
        body = await request.text()
        received_bodies.append(body)
        received_headers.append(dict(request.headers))
        return web.Response(text="OK")

    app = web.Application()
    app.router.add_post("/api", handler)
    app.router.add_get("/api", handler)  # Add GET handler too
    server = await aiohttp_server(app)

    class CustomAuth:
        """Middleware that follows the GitHub discussion pattern for authentication."""

        def __init__(self, secretkey: str) -> None:
            self.secretkey = secretkey

        def get_hash(self, request: ClientRequest) -> str:
            if request.body:
                data = request.body.decode("utf-8")
            else:
                data = "{}"

            # Simulate authentication hash without using real crypto
            return f"SIGNATURE-{self.secretkey}-{len(data)}-{data[:10]}"

        async def __call__(
            self, request: ClientRequest, handler: ClientHandlerType
        ) -> ClientResponse:
            request.headers["CUSTOM-AUTH"] = self.get_hash(request)
            return await handler(request)

    middleware = CustomAuth("test-secret-key")

    async with ClientSession(middlewares=(middleware,)) as session:
        # Test 1: Send JSON data with user/action
        data1 = {"user": "alice", "action": "login"}
        json_str1 = json.dumps(data1)
        async with session.post(
            server.make_url("/api"),
            data=json_str1,
            headers={"Content-Type": "application/json"},
        ) as resp:
            assert resp.status == 200

        # Test 2: Send JSON data with different fields
        data2 = {"user": "bob", "value": 42}
        json_str2 = json.dumps(data2)
        async with session.post(
            server.make_url("/api"),
            data=json_str2,
            headers={"Content-Type": "application/json"},
        ) as resp:
            assert resp.status == 200

        # Test 3: Send GET request with no body
        async with session.get(server.make_url("/api")) as resp:
            assert resp.status == 200  # GET with empty body still should validate

        # Test 4: Send plain text (non-JSON)
        text_data = "plain text body"
        async with session.post(
            server.make_url("/api"),
            data=text_data,
            headers={"Content-Type": "text/plain"},
        ) as resp:
            assert resp.status == 200

    # Verify server received the correct headers with authentication
    headers1 = received_headers[0]
    assert (
        headers1["CUSTOM-AUTH"]
        == f"SIGNATURE-test-secret-key-{len(json_str1)}-{json_str1[:10]}"
    )

    headers2 = received_headers[1]
    assert (
        headers2["CUSTOM-AUTH"]
        == f"SIGNATURE-test-secret-key-{len(json_str2)}-{json_str2[:10]}"
    )

    headers3 = received_headers[2]
    # GET request with no body should have empty JSON body
    assert headers3["CUSTOM-AUTH"] == "SIGNATURE-test-secret-key-2-{}"

    headers4 = received_headers[3]
    assert (
        headers4["CUSTOM-AUTH"]
        == f"SIGNATURE-test-secret-key-{len(text_data)}-{text_data[:10]}"
    )

    # Verify all responses were successful
    assert received_bodies[0] == json_str1
    assert received_bodies[1] == json_str2
    assert received_bodies[2] == ""  # GET request has no body
    assert received_bodies[3] == text_data


async def test_client_middleware_update_shorter_body(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can update request body using update_body method."""

    async def handler(request: web.Request) -> web.Response:
        body = await request.text()
        return web.Response(text=body)

    app = web.Application()
    app.router.add_post("/", handler)
    server = await aiohttp_server(app)

    async def update_body_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Update the request body
        await request.update_body(b"short body")
        return await handler(request)

    async with ClientSession(middlewares=(update_body_middleware,)) as session:
        async with session.post(server.make_url("/"), data=b"original body") as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "short body"


async def test_client_middleware_update_longer_body(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can update request body using update_body method."""

    async def handler(request: web.Request) -> web.Response:
        body = await request.text()
        return web.Response(text=body)

    app = web.Application()
    app.router.add_post("/", handler)
    server = await aiohttp_server(app)

    async def update_body_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Update the request body
        await request.update_body(b"much much longer body")
        return await handler(request)

    async with ClientSession(middlewares=(update_body_middleware,)) as session:
        async with session.post(server.make_url("/"), data=b"original body") as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "much much longer body"


async def test_client_middleware_update_string_body(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can update request body using update_body method."""

    async def handler(request: web.Request) -> web.Response:
        body = await request.text()
        return web.Response(text=body)

    app = web.Application()
    app.router.add_post("/", handler)
    server = await aiohttp_server(app)

    async def update_body_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Update the request body
        await request.update_body("this is a string")
        return await handler(request)

    async with ClientSession(middlewares=(update_body_middleware,)) as session:
        async with session.post(server.make_url("/"), data="original string") as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "this is a string"


async def test_client_middleware_switch_types(
    aiohttp_server: AiohttpServer,
) -> None:
    """Test that middleware can update request body using update_body method."""

    async def handler(request: web.Request) -> web.Response:
        body = await request.text()
        return web.Response(text=body)

    app = web.Application()
    app.router.add_post("/", handler)
    server = await aiohttp_server(app)

    async def update_body_middleware(
        request: ClientRequest, handler: ClientHandlerType
    ) -> ClientResponse:
        # Update the request body
        await request.update_body("now a string")
        return await handler(request)

    async with ClientSession(middlewares=(update_body_middleware,)) as session:
        async with session.post(server.make_url("/"), data=b"original bytes") as resp:
            assert resp.status == 200
            text = await resp.text()
            assert text == "now a string"