diff options
author | Jon Janzen <jon@jonjanzen.com> | 2023-03-22 02:21:04 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-22 10:21:04 +0100 |
commit | 23cbed21876bf02f4600c0dac3a5277db5b2afbb (patch) | |
tree | d0046e9b5930842d4b647129b479c5fd0d7c2677 /tests/view_tests | |
parent | 6087bc4e15e89d968396807f8485f4b5624c4f03 (diff) | |
download | django-23cbed21876bf02f4600c0dac3a5277db5b2afbb.tar.gz |
Refs #31949 -- Enabled @sensitive_variables to work with async functions.
Diffstat (limited to 'tests/view_tests')
-rw-r--r-- | tests/view_tests/tests/test_debug.py | 43 | ||||
-rw-r--r-- | tests/view_tests/views.py | 18 |
2 files changed, 57 insertions, 4 deletions
diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 15e69f6811..d0bcc68032 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -9,6 +9,8 @@ from io import StringIO from pathlib import Path from unittest import mock, skipIf, skipUnless +from asgiref.sync import async_to_sync, iscoroutinefunction + from django.core import mail from django.core.files.uploadedfile import SimpleUploadedFile from django.db import DatabaseError, connection @@ -39,6 +41,7 @@ from django.views.debug import ( from django.views.decorators.debug import sensitive_post_parameters, sensitive_variables from ..views import ( + async_sensitive_view, custom_exception_reporter_filter_view, index_page, multivalue_dict_key_error, @@ -1351,7 +1354,10 @@ class ExceptionReportTestMixin: Asserts that potentially sensitive info are displayed in the response. """ request = self.rf.post("/some_url/", self.breakfast_data) - response = view(request) + if iscoroutinefunction(view): + response = async_to_sync(view)(request) + else: + response = view(request) if check_for_vars: # All variables are shown. self.assertContains(response, "cooked_eggs", status_code=500) @@ -1371,7 +1377,10 @@ class ExceptionReportTestMixin: Asserts that certain sensitive info are not displayed in the response. """ request = self.rf.post("/some_url/", self.breakfast_data) - response = view(request) + if iscoroutinefunction(view): + response = async_to_sync(view)(request) + else: + response = view(request) if check_for_vars: # Non-sensitive variable's name and value are shown. self.assertContains(response, "cooked_eggs", status_code=500) @@ -1418,7 +1427,10 @@ class ExceptionReportTestMixin: with self.settings(ADMINS=[("Admin", "admin@fattie-breakie.com")]): mail.outbox = [] # Empty outbox request = self.rf.post("/some_url/", self.breakfast_data) - view(request) + if iscoroutinefunction(view): + async_to_sync(view)(request) + else: + view(request) self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] @@ -1451,7 +1463,10 @@ class ExceptionReportTestMixin: with self.settings(ADMINS=[("Admin", "admin@fattie-breakie.com")]): mail.outbox = [] # Empty outbox request = self.rf.post("/some_url/", self.breakfast_data) - view(request) + if iscoroutinefunction(view): + async_to_sync(view)(request) + else: + view(request) self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] @@ -1543,6 +1558,15 @@ class ExceptionReporterFilterTests( self.verify_safe_response(sensitive_view) self.verify_safe_email(sensitive_view) + def test_async_sensitive_request(self): + with self.settings(DEBUG=True): + self.verify_unsafe_response(async_sensitive_view) + self.verify_unsafe_email(async_sensitive_view) + + with self.settings(DEBUG=False): + self.verify_safe_response(async_sensitive_view) + self.verify_safe_email(async_sensitive_view) + def test_paranoid_request(self): """ No POST parameters and frame variables can be seen in the @@ -1890,6 +1914,17 @@ class NonHTMLResponseExceptionReporterFilter( with self.settings(DEBUG=False): self.verify_safe_response(sensitive_view, check_for_vars=False) + def test_async_sensitive_request(self): + """ + Sensitive POST parameters cannot be seen in the default + error reports for sensitive requests. + """ + with self.settings(DEBUG=True): + self.verify_unsafe_response(async_sensitive_view, check_for_vars=False) + + with self.settings(DEBUG=False): + self.verify_safe_response(async_sensitive_view, check_for_vars=False) + def test_paranoid_request(self): """ No POST parameters can be seen in the default error reports diff --git a/tests/view_tests/views.py b/tests/view_tests/views.py index a9eeee3cd2..97febdaf83 100644 --- a/tests/view_tests/views.py +++ b/tests/view_tests/views.py @@ -178,6 +178,24 @@ def sensitive_view(request): return technical_500_response(request, *exc_info) +@sensitive_variables("sauce") +@sensitive_post_parameters("bacon-key", "sausage-key") +async def async_sensitive_view(request): + # Do not just use plain strings for the variables' values in the code + # so that the tests don't return false positives when the function's source + # is displayed in the exception report. + cooked_eggs = "".join(["s", "c", "r", "a", "m", "b", "l", "e", "d"]) # NOQA + sauce = "".join( # NOQA + ["w", "o", "r", "c", "e", "s", "t", "e", "r", "s", "h", "i", "r", "e"] + ) + try: + raise Exception + except Exception: + exc_info = sys.exc_info() + send_log(request, exc_info) + return technical_500_response(request, *exc_info) + + @sensitive_variables() @sensitive_post_parameters() def paranoid_view(request): |