From 5733764a2c2923ae9a1b7c91de5a8d15414c99ef Mon Sep 17 00:00:00 2001
From: Baptiste Mispelon <bmispelon@gmail.com>
Date: Tue, 29 Oct 2013 23:31:53 +0100
Subject: [PATCH] Added some more tests for the debug page.

* Missing tests for ticket #12744
* Tests for the cleanse_setting feature (leaving out sensitive
  settings from the debug page)
---
 tests/view_tests/tests/test_debug.py | 44 ++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py
index 5c011a91b0..b22c7aad43 100644
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -596,6 +596,50 @@ class ExceptionReporterFilterTests(TestCase, ExceptionReportTestMixin):
             response = self.client.get('/views/raises500/')
             self.assertNotContains(response, "This should not be displayed", status_code=500)
 
+    def test_dict_setting_with_non_str_key(self):
+        """
+        A dict setting containing a non-string key should not break the
+        debug page (#12744).
+        """
+        with self.settings(DEBUG=True, FOOBAR={42: None}):
+            response = self.client.get('/views/raises500/')
+            self.assertContains(response, 'FOOBAR', status_code=500)
+
+    def test_sensitive_settings(self):
+        """
+        The debug page should not show some sensitive settings
+        (password, secret key, ...).
+        """
+        sensitive_settings = [
+            'SECRET_KEY',
+            'PASSWORD',
+            'API_KEY',
+            'AUTH_TOKEN',
+        ]
+        for setting in sensitive_settings:
+            with self.settings(DEBUG=True, **{setting: "should not be displayed"}):
+                response = self.client.get('/views/raises500/')
+                self.assertNotContains(response, 'should not be displayed', status_code=500)
+
+    def test_settings_with_sensitive_keys(self):
+        """
+        The debug page should filter out some sensitive information found in
+        dict settings.
+        """
+        sensitive_settings = [
+            'SECRET_KEY',
+            'PASSWORD',
+            'API_KEY',
+            'AUTH_TOKEN',
+        ]
+        for setting in sensitive_settings:
+            FOOBAR = {
+                setting: "should not be displayed",
+                'recursive': {setting: "should not be displayed"},
+            }
+            with self.settings(DEBUG=True, FOOBAR=FOOBAR):
+                response = self.client.get('/views/raises500/')
+                self.assertNotContains(response, 'should not be displayed', status_code=500)
 
 class AjaxResponseExceptionReporterFilter(TestCase, ExceptionReportTestMixin):
     """