File: test_request.py

package info (click to toggle)
python-django-debug-toolbar 1%3A6.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,052 kB
  • sloc: python: 7,555; javascript: 636; makefile: 67; sh: 16
file content (213 lines) | stat: -rw-r--r-- 8,884 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
from django.http import QueryDict
from django.test import RequestFactory

from debug_toolbar.panels.request import RequestPanel

from ..base import BaseTestCase

rf = RequestFactory()


class RequestPanelTestCase(BaseTestCase):
    panel_id = RequestPanel.panel_id

    def test_non_ascii_session(self):
        self.request.session = {"où": "où"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        self.assertIn("où", self.panel.content)

    def test_object_with_non_ascii_repr_in_request_params(self):
        request = rf.get("/non_ascii_request/")
        response = self.panel.process_request(request)
        self.panel.generate_stats(request, response)
        self.assertIn("nôt åscíì", self.panel.content)

    def test_insert_content(self):
        """
        Test that the panel only inserts content after generate_stats and
        not the process_request.
        """
        request = rf.get("/non_ascii_request/")
        response = self.panel.process_request(request)
        # ensure the panel does not have content yet.
        self.assertNotIn("nôt åscíì", self.panel.content)
        self.panel.generate_stats(request, response)
        # ensure the panel renders correctly.
        content = self.panel.content
        self.assertIn("nôt åscíì", content)
        self.assertValidHTML(content)

    def test_query_dict_for_request_in_method_get(self):
        """
        Test verifies the correctness of the statistics generation method
        in the case when the GET request is class QueryDict
        """
        self.request.GET = QueryDict("foo=bar")
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        # ensure the panel GET request data is processed correctly.
        content = self.panel.content
        self.assertIn("foo", content)
        self.assertIn("bar", content)

    def test_dict_for_request_in_method_get(self):
        """
        Test verifies the correctness of the statistics generation method
        in the case when the GET request is class dict
        """
        self.request.GET = {"foo": "bar"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        # ensure the panel GET request data is processed correctly.
        content = self.panel.content
        self.assertIn("foo", content)
        self.assertIn("bar", content)

    def test_query_dict_for_request_in_method_post(self):
        """
        Test verifies the correctness of the statistics generation method
        in the case when the POST request is class QueryDict
        """
        self.request.POST = QueryDict("foo=bar")
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        # ensure the panel POST request data is processed correctly.
        content = self.panel.content
        self.assertIn("foo", content)
        self.assertIn("bar", content)

    def test_dict_for_request_in_method_post(self):
        """
        Test verifies the correctness of the statistics generation method
        in the case when the POST request is class dict
        """
        self.request.POST = {"foo": "bar"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        # ensure the panel POST request data is processed correctly.
        content = self.panel.content
        self.assertIn("foo", content)
        self.assertIn("bar", content)

    def test_list_for_request_in_method_post(self):
        """
        Verify that the toolbar doesn't crash if request.POST contains unexpected data.

        See https://github.com/django-commons/django-debug-toolbar/issues/1621
        """
        self.request.POST = [{"a": 1}, {"b": 2}]
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        # ensure the panel POST request data is processed correctly.
        content = self.panel.content
        self.assertIn("[{'a': 1}, {'b': 2}]", content)

    def test_namespaced_url(self):
        request = rf.get("/admin/login/")
        response = self.panel.process_request(request)
        self.panel.generate_stats(request, response)
        panel_stats = self.panel.get_stats()
        self.assertEqual(panel_stats["view_urlname"], "admin:login")

    def test_session_list_sorted_or_not(self):
        """
        Verify the session is sorted when all keys are strings.

        See  https://github.com/django-commons/django-debug-toolbar/issues/1668
        """
        self.request.session = {
            1: "value",
            "data": ["foo", "bar", 1],
            (2, 3): "tuple_key",
        }
        data = {
            "list": [(1, "value"), ("data", ["foo", "bar", 1]), ((2, 3), "tuple_key")]
        }
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        panel_stats = self.panel.get_stats()
        self.assertEqual(panel_stats["session"], data)

        self.request.session = {
            "b": "b-value",
            "a": "a-value",
        }
        data = {"list": [("a", "a-value"), ("b", "b-value")]}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)
        panel_stats = self.panel.get_stats()
        self.assertEqual(panel_stats["session"], data)

    def test_sensitive_post_data_sanitized(self):
        """Test that sensitive POST data is redacted."""
        self.request.POST = {"username": "testuser", "password": "secret123"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)

        # Check that password is redacted in panel content
        content = self.panel.content
        self.assertIn("username", content)
        self.assertIn("testuser", content)
        self.assertIn("password", content)
        self.assertNotIn("secret123", content)
        self.assertIn("********************", content)

    def test_sensitive_get_data_sanitized(self):
        """Test that sensitive GET data is redacted."""
        self.request.GET = {"api_key": "abc123", "q": "search term"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)

        # Check that api_key is redacted in panel content
        content = self.panel.content
        self.assertIn("api_key", content)
        self.assertNotIn("abc123", content)
        self.assertIn("********************", content)
        self.assertIn("q", content)
        self.assertIn("search term", content)

    def test_sensitive_cookie_data_sanitized(self):
        """Test that sensitive cookie data is redacted."""
        self.request.COOKIES = {"session_id": "abc123", "auth_token": "xyz789"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)

        # Check that auth_token is redacted in panel content
        content = self.panel.content
        self.assertIn("session_id", content)
        self.assertIn("abc123", content)
        self.assertIn("auth_token", content)
        self.assertNotIn("xyz789", content)
        self.assertIn("********************", content)

    def test_sensitive_session_data_sanitized(self):
        """Test that sensitive session data is redacted."""
        self.request.session = {"user_id": 123, "auth_token": "xyz789"}
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)

        # Check that auth_token is redacted in panel content
        content = self.panel.content
        self.assertIn("user_id", content)
        self.assertIn("123", content)
        self.assertIn("auth_token", content)
        self.assertNotIn("xyz789", content)
        self.assertIn("********************", content)

    def test_querydict_sanitized(self):
        """Test that sensitive data in QueryDict objects is properly redacted."""
        query_dict = QueryDict("username=testuser&password=secret123&token=abc456")
        self.request.GET = query_dict
        response = self.panel.process_request(self.request)
        self.panel.generate_stats(self.request, response)

        # Check that sensitive data is redacted in panel content
        content = self.panel.content
        self.assertIn("username", content)
        self.assertIn("testuser", content)
        self.assertIn("password", content)
        self.assertNotIn("secret123", content)
        self.assertIn("token", content)
        self.assertNotIn("abc456", content)
        self.assertIn("********************", content)