django/tests/handlers/tests.py

# -*- coding: utf-8 -*-

from __future__ import unicode_literals

from django.core.handlers.wsgi import WSGIHandler, WSGIRequest
from django.core.signals import request_started, request_finished
from django.db import close_old_connections, connection
from django.test import RequestFactory, TestCase, TransactionTestCase
from django.test import override_settings
from django.utils.encoding import force_str
from django.utils import six


class HandlerTests(TestCase):

    def setUp(self):
        request_started.disconnect(close_old_connections)

    def tearDown(self):
        request_started.connect(close_old_connections)

    # Mangle settings so the handler will fail
    @override_settings(MIDDLEWARE_CLASSES=42)
    def test_lock_safety(self):
        """
        Tests for bug #11193 (errors inside middleware shouldn't leave
        the initLock locked).
        """
        # Try running the handler, it will fail in load_middleware
        handler = WSGIHandler()
        self.assertEqual(handler.initLock.locked(), False)
        with self.assertRaises(Exception):
            handler(None, None)
        self.assertEqual(handler.initLock.locked(), False)

    def test_bad_path_info(self):
        """Tests for bug #15672 ('request' referenced before assignment)"""
        environ = RequestFactory().get('/').environ
        environ['PATH_INFO'] = b'\xed' if six.PY2 else '\xed'
        handler = WSGIHandler()
        response = handler(environ, lambda *a, **k: None)
        self.assertEqual(response.status_code, 400)

    def test_non_ascii_query_string(self):
        """
        Test that non-ASCII query strings are properly decoded (#20530, #22996).
        """
        environ = RequestFactory().get('/').environ
        raw_query_strings = [
            b'want=caf%C3%A9',  # This is the proper way to encode 'café'
            b'want=caf\xc3\xa9',  # UA forgot to quote bytes
            b'want=caf%E9',  # UA quoted, but not in UTF-8
            b'want=caf\xe9',  # UA forgot to convert Latin-1 to UTF-8 and to quote (typical of MSIE)
        ]
        got = []
        for raw_query_string in raw_query_strings:
            if six.PY3:
                # Simulate http.server.BaseHTTPRequestHandler.parse_request handling of raw request
                environ['QUERY_STRING'] = str(raw_query_string, 'iso-8859-1')
            else:
                environ['QUERY_STRING'] = raw_query_string
            request = WSGIRequest(environ)
            got.append(request.GET['want'])
        if six.PY2:
            self.assertListEqual(got, ['café', 'café', 'café', 'café'])
        else:
            # On Python 3, %E9 is converted to the unicode replacement character by parse_qsl
            self.assertListEqual(got, ['café', 'café', 'caf\ufffd', 'café'])

    def test_non_ascii_cookie(self):
        """Test that non-ASCII cookies set in JavaScript are properly decoded (#20557)."""
        environ = RequestFactory().get('/').environ
        raw_cookie = 'want="café"'
        if six.PY3:
            raw_cookie = raw_cookie.encode('utf-8').decode('iso-8859-1')
        environ['HTTP_COOKIE'] = raw_cookie
        request = WSGIRequest(environ)
        # If would be nicer if request.COOKIES returned unicode values.
        # However the current cookie parser doesn't do this and fixing it is
        # much more work than fixing #20557. Feel free to remove force_str()!
        self.assertEqual(request.COOKIES['want'], force_str("café"))

    def test_invalid_unicode_cookie(self):
        """
        Invalid cookie content should result in an absent cookie, but not in a
        crash while trying to decode it (#23638).
        """
        environ = RequestFactory().get('/').environ
        environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e'
        request = WSGIRequest(environ)
        # We don't test COOKIES content, as the result might differ between
        # Python version because parsing invalid content became stricter in
        # latest versions.
        self.assertIsInstance(request.COOKIES, dict)


@override_settings(ROOT_URLCONF='handlers.urls')
class TransactionsPerRequestTests(TransactionTestCase):

    available_apps = []

    def test_no_transaction(self):
        response = self.client.get('/in_transaction/')
        self.assertContains(response, 'False')

    def test_auto_transaction(self):
        old_atomic_requests = connection.settings_dict['ATOMIC_REQUESTS']
        try:
            connection.settings_dict['ATOMIC_REQUESTS'] = True
            response = self.client.get('/in_transaction/')
        finally:
            connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests
        self.assertContains(response, 'True')

    def test_no_auto_transaction(self):
        old_atomic_requests = connection.settings_dict['ATOMIC_REQUESTS']
        try:
            connection.settings_dict['ATOMIC_REQUESTS'] = True
            response = self.client.get('/not_in_transaction/')
        finally:
            connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests
        self.assertContains(response, 'False')


@override_settings(ROOT_URLCONF='handlers.urls')
class SignalsTests(TestCase):

    def setUp(self):
        self.signals = []
        self.signaled_environ = None
        request_started.connect(self.register_started)
        request_finished.connect(self.register_finished)

    def tearDown(self):
        request_started.disconnect(self.register_started)
        request_finished.disconnect(self.register_finished)

    def register_started(self, **kwargs):
        self.signals.append('started')
        self.signaled_environ = kwargs.get('environ')

    def register_finished(self, **kwargs):
        self.signals.append('finished')

    def test_request_signals(self):
        response = self.client.get('/regular/')
        self.assertEqual(self.signals, ['started', 'finished'])
        self.assertEqual(response.content, b"regular content")
        self.assertEqual(self.signaled_environ, response.wsgi_request.environ)

    def test_request_signals_streaming_response(self):
        response = self.client.get('/streaming/')
        self.assertEqual(self.signals, ['started'])
        self.assertEqual(b''.join(response.streaming_content), b"streaming content")
        self.assertEqual(self.signals, ['started', 'finished'])


@override_settings(ROOT_URLCONF='handlers.urls')
class HandlerSuspiciousOpsTest(TestCase):

    def test_suspiciousop_in_view_returns_400(self):
        response = self.client.get('/suspicious/')
        self.assertEqual(response.status_code, 400)
Harmonized some PEP 0263 coding preambles 2014-05-16 01:41:55 +08:00			`# -- coding: utf-8 --`
Fixed tests introduced in previous commit on Python 2. Refs #20557. 2013-09-07 23:43:44 +08:00
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00			`from __future__ import unicode_literals`

			`from django.core.handlers.wsgi import WSGIHandler, WSGIRequest`
Implemented persistent database connections. Thanks Anssi Kääriäinen and Karen Tracey for their inputs. 2013-02-18 18:37:26 +08:00			`from django.core.signals import request_started, request_finished`
Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED. Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience. 2013-03-06 18:12:24 +08:00			`from django.db import close_old_connections, connection`
			`from django.test import RequestFactory, TestCase, TransactionTestCase`
Imported override_settings from its new location. 2013-12-23 23:01:13 +08:00			`from django.test import override_settings`
Fixed tests introduced in previous commit on Python 2. Refs #20557. 2013-09-07 23:43:44 +08:00			`from django.utils.encoding import force_str`
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00			`from django.utils import six`
Fixed #15672 -- Refined changes made in r15918. Thanks, vung. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16082 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-22 20:15:52 +08:00
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
			`class HandlerTests(TestCase):`
Fixed #11193 -- WSGI handler not properly handling lock on error in load_middleware. Thanks to Phillip Sitbon. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15205 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-01-15 07:18:21 +08:00
Implemented persistent database connections. Thanks Anssi Kääriäinen and Karen Tracey for their inputs. 2013-02-18 18:37:26 +08:00			`def setUp(self):`
			`request_started.disconnect(close_old_connections)`

			`def tearDown(self):`
			`request_started.connect(close_old_connections)`

Used @override_settings in several tests. 2012-10-21 05:22:46 +08:00			`# Mangle settings so the handler will fail`
			`@override_settings(MIDDLEWARE_CLASSES=42)`
Fixed #11193 -- WSGI handler not properly handling lock on error in load_middleware. Thanks to Phillip Sitbon. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15205 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-01-15 07:18:21 +08:00			`def test_lock_safety(self):`
			`"""`
			`Tests for bug #11193 (errors inside middleware shouldn't leave`
			`the initLock locked).`
			`"""`
			`# Try running the handler, it will fail in load_middleware`
			`handler = WSGIHandler()`
			`self.assertEqual(handler.initLock.locked(), False)`
Removed many uses of bare "except:", which were either going to a) silence real issues, or b) were impossible to hit. 2012-09-08 03:06:23 +08:00			`with self.assertRaises(Exception):`
Fixed #11193 -- WSGI handler not properly handling lock on error in load_middleware. Thanks to Phillip Sitbon. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15205 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-01-15 07:18:21 +08:00			`handler(None, None)`
			`self.assertEqual(handler.initLock.locked(), False)`

Fixed #15672 -- Refined changes made in r15918. Thanks, vung. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16082 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-22 20:15:52 +08:00			`def test_bad_path_info(self):`
			`"""Tests for bug #15672 ('request' referenced before assignment)"""`
			`environ = RequestFactory().get('/').environ`
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00			`environ['PATH_INFO'] = b'\xed' if six.PY2 else '\xed'`
Fixed #15672 -- Refined changes made in r15918. Thanks, vung. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16082 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-22 20:15:52 +08:00			`handler = WSGIHandler()`
			`response = handler(environ, lambda a, *k: None)`
			`self.assertEqual(response.status_code, 400)`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3. Thanks mitsuhiko for the report. This commit just adds a test since the problem was fixed in 8aaca651. 2013-09-08 00:41:34 +08:00			`def test_non_ascii_query_string(self):`
Fixed #22996 -- Prevented crash with unencoded query string Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham for the reviews. 2014-07-13 01:37:59 +08:00			`"""`
			`Test that non-ASCII query strings are properly decoded (#20530, #22996).`
			`"""`
Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3. Thanks mitsuhiko for the report. This commit just adds a test since the problem was fixed in 8aaca651. 2013-09-08 00:41:34 +08:00			`environ = RequestFactory().get('/').environ`
Fixed #22996 -- Prevented crash with unencoded query string Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham for the reviews. 2014-07-13 01:37:59 +08:00			`raw_query_strings = [`
Fixed flake8 warnings. 2014-08-21 02:37:33 +08:00			`b'want=caf%C3%A9', # This is the proper way to encode 'café'`
			`b'want=caf\xc3\xa9', # UA forgot to quote bytes`
			`b'want=caf%E9', # UA quoted, but not in UTF-8`
			`b'want=caf\xe9', # UA forgot to convert Latin-1 to UTF-8 and to quote (typical of MSIE)`
Fixed #22996 -- Prevented crash with unencoded query string Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham for the reviews. 2014-07-13 01:37:59 +08:00			`]`
			`got = []`
			`for raw_query_string in raw_query_strings:`
			`if six.PY3:`
			`# Simulate http.server.BaseHTTPRequestHandler.parse_request handling of raw request`
			`environ['QUERY_STRING'] = str(raw_query_string, 'iso-8859-1')`
			`else:`
			`environ['QUERY_STRING'] = raw_query_string`
			`request = WSGIRequest(environ)`
			`got.append(request.GET['want'])`
			`if six.PY2:`
			`self.assertListEqual(got, ['café', 'café', 'café', 'café'])`
			`else:`
			`# On Python 3, %E9 is converted to the unicode replacement character by parse_qsl`
			`self.assertListEqual(got, ['café', 'café', 'caf\ufffd', 'café'])`
Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3. Thanks mitsuhiko for the report. This commit just adds a test since the problem was fixed in 8aaca651. 2013-09-08 00:41:34 +08:00
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00			`def test_non_ascii_cookie(self):`
			`"""Test that non-ASCII cookies set in JavaScript are properly decoded (#20557)."""`
			`environ = RequestFactory().get('/').environ`
Fixed tests introduced in previous commit on Python 2. Refs #20557. 2013-09-07 23:43:44 +08:00			`raw_cookie = 'want="café"'`
			`if six.PY3:`
			`raw_cookie = raw_cookie.encode('utf-8').decode('iso-8859-1')`
			`environ['HTTP_COOKIE'] = raw_cookie`
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00			`request = WSGIRequest(environ)`
Fixed #20530 -- Properly decoded non-ASCII query strings on Python 3. Thanks mitsuhiko for the report. This commit just adds a test since the problem was fixed in 8aaca651. 2013-09-08 00:41:34 +08:00			`# If would be nicer if request.COOKIES returned unicode values.`
			`# However the current cookie parser doesn't do this and fixing it is`
			`# much more work than fixing #20557. Feel free to remove force_str()!`
Fixed tests introduced in previous commit on Python 2. Refs #20557. 2013-09-07 23:43:44 +08:00			`self.assertEqual(request.COOKIES['want'], force_str("café"))`
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3. Thanks mitsuhiko for the report. Non-ASCII values are supported. Non-ASCII keys still aren't, because the current parser mangles them. That's another bug. 2013-09-07 23:25:43 +08:00
Fixed #23638 -- Prevented crash while parsing invalid cookie content Thanks Philip Gatt for the report and Tim Graham for the review. 2014-10-13 02:53:19 +08:00			`def test_invalid_unicode_cookie(self):`
			`"""`
			`Invalid cookie content should result in an absent cookie, but not in a`
			`crash while trying to decode it (#23638).`
			`"""`
			`environ = RequestFactory().get('/').environ`
			`environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e'`
			`request = WSGIRequest(environ)`
Adapted invalid cookie test to all Python versions Refs #23638. Older Python versions are less strict when parsing invalid cookie content. The test just has to ensure Django doesn't crash. 2014-10-14 15:26:13 +08:00			`# We don't test COOKIES content, as the result might differ between`
			`# Python version because parsing invalid content became stricter in`
			`# latest versions.`
			`self.assertIsInstance(request.COOKIES, dict)`
Fixed #23638 -- Prevented crash while parsing invalid cookie content Thanks Philip Gatt for the report and Tim Graham for the review. 2014-10-13 02:53:19 +08:00
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-05 14:04:46 +08:00			`@override_settings(ROOT_URLCONF='handlers.urls')`
Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED. Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience. 2013-03-06 18:12:24 +08:00			`class TransactionsPerRequestTests(TransactionTestCase):`
Defined available_apps in relevant tests. Fixed #20483. 2013-06-04 14:09:29 +08:00
			`available_apps = []`
Deprecated TransactionMiddleware and TRANSACTIONS_MANAGED. Replaced them with per-database options, for proper multi-db support. Also toned down the recommendation to tie transactions to HTTP requests. Thanks Jeremy for sharing his experience. 2013-03-06 18:12:24 +08:00
			`def test_no_transaction(self):`
			`response = self.client.get('/in_transaction/')`
			`self.assertContains(response, 'False')`

			`def test_auto_transaction(self):`
			`old_atomic_requests = connection.settings_dict['ATOMIC_REQUESTS']`
			`try:`
			`connection.settings_dict['ATOMIC_REQUESTS'] = True`
			`response = self.client.get('/in_transaction/')`
			`finally:`
			`connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests`
			`self.assertContains(response, 'True')`

			`def test_no_auto_transaction(self):`
			`old_atomic_requests = connection.settings_dict['ATOMIC_REQUESTS']`
			`try:`
			`connection.settings_dict['ATOMIC_REQUESTS'] = True`
			`response = self.client.get('/not_in_transaction/')`
			`finally:`
			`connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests`
			`self.assertContains(response, 'False')`

Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00
Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-05 14:04:46 +08:00			`@override_settings(ROOT_URLCONF='handlers.urls')`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00			`class SignalsTests(TestCase):`

			`def setUp(self):`
			`self.signals = []`
Fixed #21483 -- Added WSGI environ to kwargs sent to request_started signal. 2013-11-21 09:03:02 +08:00			`self.signaled_environ = None`
Implemented persistent database connections. Thanks Anssi Kääriäinen and Karen Tracey for their inputs. 2013-02-18 18:37:26 +08:00			`request_started.connect(self.register_started)`
			`request_finished.connect(self.register_finished)`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
			`def tearDown(self):`
Implemented persistent database connections. Thanks Anssi Kääriäinen and Karen Tracey for their inputs. 2013-02-18 18:37:26 +08:00			`request_started.disconnect(self.register_started)`
			`request_finished.disconnect(self.register_finished)`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
			`def register_started(self, **kwargs):`
			`self.signals.append('started')`
Fixed #21483 -- Added WSGI environ to kwargs sent to request_started signal. 2013-11-21 09:03:02 +08:00			`self.signaled_environ = kwargs.get('environ')`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
			`def register_finished(self, **kwargs):`
			`self.signals.append('finished')`

			`def test_request_signals(self):`
			`response = self.client.get('/regular/')`
			`self.assertEqual(self.signals, ['started', 'finished'])`
			`self.assertEqual(response.content, b"regular content")`
Fixed #21483 -- Added WSGI environ to kwargs sent to request_started signal. 2013-11-21 09:03:02 +08:00			`self.assertEqual(self.signaled_environ, response.wsgi_request.environ)`
Fixed #19519 -- Fired request_finished in the WSGI iterable's close(). 2012-12-30 22:19:22 +08:00
			`def test_request_signals_streaming_response(self):`
			`response = self.client.get('/streaming/')`
			`self.assertEqual(self.signals, ['started'])`
			`self.assertEqual(b''.join(response.streaming_content), b"streaming content")`
			`self.assertEqual(self.signals, ['started', 'finished'])`
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00

Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-05 14:04:46 +08:00			`@override_settings(ROOT_URLCONF='handlers.urls')`
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00			`class HandlerSuspiciousOpsTest(TestCase):`

			`def test_suspiciousop_in_view_returns_400(self):`
			`response = self.client.get('/suspicious/')`
			`self.assertEqual(response.status_code, 400)`