diff --git a/tests/utils_tests/test_http.py b/tests/utils_tests/test_http.py index 04c2d55380..a7a670c85b 100644 --- a/tests/utils_tests/test_http.py +++ b/tests/utils_tests/test_http.py @@ -1,77 +1,89 @@ import unittest from datetime import datetime -from django.utils import http +from django.test import SimpleTestCase from django.utils.datastructures import MultiValueDict +from django.utils.http import ( + base36_to_int, cookie_date, http_date, int_to_base36, is_safe_url, + is_same_domain, parse_etags, parse_http_date, quote_etag, urlencode, + urlquote, urlquote_plus, urlsafe_base64_decode, urlsafe_base64_encode, + urlunquote, urlunquote_plus, +) -class TestUtilsHttp(unittest.TestCase): +class URLEncodeTests(unittest.TestCase): + def test_tuples(self): + self.assertEqual(urlencode((('a', 1), ('b', 2), ('c', 3))), 'a=1&b=2&c=3') - def test_urlencode(self): - # 2-tuples (the norm) - result = http.urlencode((('a', 1), ('b', 2), ('c', 3))) - self.assertEqual(result, 'a=1&b=2&c=3') - - # A dictionary - result = http.urlencode({'a': 1, 'b': 2, 'c': 3}) - acceptable_results = [ - # Need to allow all of these as dictionaries have to be treated as - # unordered + def test_dict(self): + result = urlencode({'a': 1, 'b': 2, 'c': 3}) + # Dictionaries are treated as unordered. + self.assertIn(result, [ 'a=1&b=2&c=3', 'a=1&c=3&b=2', 'b=2&a=1&c=3', 'b=2&c=3&a=1', 'c=3&a=1&b=2', - 'c=3&b=2&a=1' - ] - self.assertIn(result, acceptable_results) - result = http.urlencode({'a': [1, 2]}, doseq=False) - self.assertEqual(result, 'a=%5B%271%27%2C+%272%27%5D') - result = http.urlencode({'a': [1, 2]}, doseq=True) - self.assertEqual(result, 'a=1&a=2') - result = http.urlencode({'a': []}, doseq=True) - self.assertEqual(result, '') + 'c=3&b=2&a=1', + ]) - # A MultiValueDict - result = http.urlencode(MultiValueDict({ + def test_dict_containing_sequence_not_doseq(self): + self.assertEqual(urlencode({'a': [1, 2]}, doseq=False), 'a=%5B%271%27%2C+%272%27%5D') + + def test_dict_containing_sequence_doseq(self): + self.assertEqual(urlencode({'a': [1, 2]}, doseq=True), 'a=1&a=2') + + def test_dict_containing_empty_sequence_doseq(self): + self.assertEqual(urlencode({'a': []}, doseq=True), '') + + def test_multivaluedict(self): + result = urlencode(MultiValueDict({ 'name': ['Adrian', 'Simon'], - 'position': ['Developer'] + 'position': ['Developer'], }), doseq=True) - acceptable_results = [ - # MultiValueDicts are similarly unordered + # MultiValueDicts are similarly unordered. + self.assertIn(result, [ 'name=Adrian&name=Simon&position=Developer', - 'position=Developer&name=Adrian&name=Simon' - ] - self.assertIn(result, acceptable_results) + 'position=Developer&name=Adrian&name=Simon', + ]) - def test_base36(self): - # reciprocity works + +class Base36IntTests(SimpleTestCase): + def test_roundtrip(self): for n in [0, 1, 1000, 1000000]: - self.assertEqual(n, http.base36_to_int(http.int_to_base36(n))) + self.assertEqual(n, base36_to_int(int_to_base36(n))) - # bad input - with self.assertRaises(ValueError): - http.int_to_base36(-1) + def test_negative_input(self): + with self.assertRaisesMessage(ValueError, 'Negative base36 conversion input.'): + int_to_base36(-1) + + def test_to_base36_errors(self): for n in ['1', 'foo', {1: 2}, (1, 2, 3), 3.141]: with self.assertRaises(TypeError): - http.int_to_base36(n) + int_to_base36(n) + def test_invalid_literal(self): for n in ['#', ' ']: - with self.assertRaises(ValueError): - http.base36_to_int(n) - with self.assertRaises(ValueError) as cm: - http.base36_to_int('1' * 14) - self.assertEqual('Base36 input too large', str(cm.exception)) + with self.assertRaisesMessage(ValueError, "invalid literal for int() with base 36: '%s'" % n): + base36_to_int(n) + + def test_input_too_large(self): + with self.assertRaisesMessage(ValueError, 'Base36 input too large'): + base36_to_int('1' * 14) + + def test_to_int_errors(self): for n in [123, {1: 2}, (1, 2, 3), 3.141]: with self.assertRaises(TypeError): - http.base36_to_int(n) + base36_to_int(n) - # more explicit output testing + def test_values(self): for n, b36 in [(0, '0'), (1, '1'), (42, '16'), (818469960, 'django')]: - self.assertEqual(http.int_to_base36(n), b36) - self.assertEqual(http.base36_to_int(b36), n) + self.assertEqual(int_to_base36(n), b36) + self.assertEqual(base36_to_int(b36), n) - def test_is_safe_url(self): + +class IsSafeURLTests(unittest.TestCase): + def test_bad_urls(self): bad_urls = ( 'http://example.com', 'http:///example.com', @@ -105,11 +117,10 @@ class TestUtilsHttp(unittest.TestCase): 'http://2001:cdba:0000:0000:0000:0000:3257:9652]/', ) for bad_url in bad_urls: - self.assertFalse( - http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}), - "%s should be blocked" % bad_url, - ) + with self.subTest(url=bad_url): + self.assertIs(is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}), False) + def test_good_urls(self): good_urls = ( '/view/?param=http://example.com', '/view/?param=https://example.com', @@ -123,53 +134,68 @@ class TestUtilsHttp(unittest.TestCase): 'path/http:2222222222', ) for good_url in good_urls: - self.assertTrue( - http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), - "%s should be allowed" % good_url, - ) + with self.subTest(url=good_url): + self.assertIs(is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}), True) + def test_basic_auth(self): # Valid basic auth credentials are allowed. - self.assertTrue(http.is_safe_url(r'http://user:pass@testserver/', allowed_hosts={'user:pass@testserver'})) - # A path without host is allowed. - self.assertTrue(http.is_safe_url('/confirm/me@example.com')) - # Basic auth without host is not allowed. - self.assertFalse(http.is_safe_url(r'http://testserver\@example.com')) + self.assertIs(is_safe_url(r'http://user:pass@testserver/', allowed_hosts={'user:pass@testserver'}), True) - def test_is_safe_url_secure_param_https_urls(self): + def test_no_allowed_hosts(self): + # A path without host is allowed. + self.assertIs(is_safe_url('/confirm/me@example.com'), True) + # Basic auth without host is not allowed. + self.assertIs(is_safe_url(r'http://testserver\@example.com'), False) + + def test_secure_param_https_urls(self): secure_urls = ( 'https://example.com/p', 'HTTPS://example.com/p', '/view/?param=http://example.com', ) for url in secure_urls: - self.assertTrue(http.is_safe_url(url, allowed_hosts={'example.com'}, require_https=True)) + with self.subTest(url=url): + self.assertIs(is_safe_url(url, allowed_hosts={'example.com'}, require_https=True), True) - def test_is_safe_url_secure_param_non_https_urls(self): - not_secure_urls = ( + def test_secure_param_non_https_urls(self): + insecure_urls = ( 'http://example.com/p', 'ftp://example.com/p', '//example.com/p', ) - for url in not_secure_urls: - self.assertFalse(http.is_safe_url(url, allowed_hosts={'example.com'}, require_https=True)) + for url in insecure_urls: + with self.subTest(url=url): + self.assertIs(is_safe_url(url, allowed_hosts={'example.com'}, require_https=True), False) - def test_urlsafe_base64_roundtrip(self): + +class URLSafeBase64Tests(unittest.TestCase): + def test_roundtrip(self): bytestring = b'foo' - encoded = http.urlsafe_base64_encode(bytestring) - decoded = http.urlsafe_base64_decode(encoded) + encoded = urlsafe_base64_encode(bytestring) + decoded = urlsafe_base64_decode(encoded) self.assertEqual(bytestring, decoded) - def test_urlquote(self): - self.assertEqual(http.urlquote('Paris & Orl\xe9ans'), 'Paris%20%26%20Orl%C3%A9ans') - self.assertEqual(http.urlquote('Paris & Orl\xe9ans', safe="&"), 'Paris%20&%20Orl%C3%A9ans') - self.assertEqual(http.urlunquote('Paris%20%26%20Orl%C3%A9ans'), 'Paris & Orl\xe9ans') - self.assertEqual(http.urlunquote('Paris%20&%20Orl%C3%A9ans'), 'Paris & Orl\xe9ans') - self.assertEqual(http.urlquote_plus('Paris & Orl\xe9ans'), 'Paris+%26+Orl%C3%A9ans') - self.assertEqual(http.urlquote_plus('Paris & Orl\xe9ans', safe="&"), 'Paris+&+Orl%C3%A9ans') - self.assertEqual(http.urlunquote_plus('Paris+%26+Orl%C3%A9ans'), 'Paris & Orl\xe9ans') - self.assertEqual(http.urlunquote_plus('Paris+&+Orl%C3%A9ans'), 'Paris & Orl\xe9ans') - def test_is_same_domain_good(self): +class URLQuoteTests(unittest.TestCase): + def test_quote(self): + self.assertEqual(urlquote('Paris & Orl\xe9ans'), 'Paris%20%26%20Orl%C3%A9ans') + self.assertEqual(urlquote('Paris & Orl\xe9ans', safe="&"), 'Paris%20&%20Orl%C3%A9ans') + + def test_unquote(self): + self.assertEqual(urlunquote('Paris%20%26%20Orl%C3%A9ans'), 'Paris & Orl\xe9ans') + self.assertEqual(urlunquote('Paris%20&%20Orl%C3%A9ans'), 'Paris & Orl\xe9ans') + + def test_quote_plus(self): + self.assertEqual(urlquote_plus('Paris & Orl\xe9ans'), 'Paris+%26+Orl%C3%A9ans') + self.assertEqual(urlquote_plus('Paris & Orl\xe9ans', safe="&"), 'Paris+&+Orl%C3%A9ans') + + def test_unquote_plus(self): + self.assertEqual(urlunquote_plus('Paris+%26+Orl%C3%A9ans'), 'Paris & Orl\xe9ans') + self.assertEqual(urlunquote_plus('Paris+&+Orl%C3%A9ans'), 'Paris & Orl\xe9ans') + + +class IsSameDomainTests(unittest.TestCase): + def test_good(self): for pair in ( ('example.com', 'example.com'), ('example.com', '.example.com'), @@ -178,51 +204,51 @@ class TestUtilsHttp(unittest.TestCase): ('example.com:8888', '.example.com:8888'), ('foo.example.com:8888', '.example.com:8888'), ): - self.assertTrue(http.is_same_domain(*pair)) + self.assertIs(is_same_domain(*pair), True) - def test_is_same_domain_bad(self): + def test_bad(self): for pair in ( ('example2.com', 'example.com'), ('foo.example.com', 'example.com'), ('example.com:9999', 'example.com:8888'), ): - self.assertFalse(http.is_same_domain(*pair)) + self.assertIs(is_same_domain(*pair), False) class ETagProcessingTests(unittest.TestCase): def test_parsing(self): self.assertEqual( - http.parse_etags(r'"" , "etag", "e\\tag", W/"weak"'), + parse_etags(r'"" , "etag", "e\\tag", W/"weak"'), ['""', '"etag"', r'"e\\tag"', 'W/"weak"'] ) - self.assertEqual(http.parse_etags('*'), ['*']) + self.assertEqual(parse_etags('*'), ['*']) # Ignore RFC 2616 ETags that are invalid according to RFC 7232. - self.assertEqual(http.parse_etags(r'"etag", "e\"t\"ag"'), ['"etag"']) + self.assertEqual(parse_etags(r'"etag", "e\"t\"ag"'), ['"etag"']) def test_quoting(self): - self.assertEqual(http.quote_etag('etag'), '"etag"') # unquoted - self.assertEqual(http.quote_etag('"etag"'), '"etag"') # quoted - self.assertEqual(http.quote_etag('W/"etag"'), 'W/"etag"') # quoted, weak + self.assertEqual(quote_etag('etag'), '"etag"') # unquoted + self.assertEqual(quote_etag('"etag"'), '"etag"') # quoted + self.assertEqual(quote_etag('W/"etag"'), 'W/"etag"') # quoted, weak class HttpDateProcessingTests(unittest.TestCase): def test_http_date(self): t = 1167616461.0 - self.assertEqual(http.http_date(t), 'Mon, 01 Jan 2007 01:54:21 GMT') + self.assertEqual(http_date(t), 'Mon, 01 Jan 2007 01:54:21 GMT') def test_cookie_date(self): t = 1167616461.0 - self.assertEqual(http.cookie_date(t), 'Mon, 01-Jan-2007 01:54:21 GMT') + self.assertEqual(cookie_date(t), 'Mon, 01-Jan-2007 01:54:21 GMT') def test_parsing_rfc1123(self): - parsed = http.parse_http_date('Sun, 06 Nov 1994 08:49:37 GMT') + parsed = parse_http_date('Sun, 06 Nov 1994 08:49:37 GMT') self.assertEqual(datetime.utcfromtimestamp(parsed), datetime(1994, 11, 6, 8, 49, 37)) def test_parsing_rfc850(self): - parsed = http.parse_http_date('Sunday, 06-Nov-94 08:49:37 GMT') + parsed = parse_http_date('Sunday, 06-Nov-94 08:49:37 GMT') self.assertEqual(datetime.utcfromtimestamp(parsed), datetime(1994, 11, 6, 8, 49, 37)) def test_parsing_asctime(self): - parsed = http.parse_http_date('Sun Nov 6 08:49:37 1994') + parsed = parse_http_date('Sun Nov 6 08:49:37 1994') self.assertEqual(datetime.utcfromtimestamp(parsed), datetime(1994, 11, 6, 8, 49, 37))