Mercurial > p > roundup > code

view test/wsgi_liveserver.py @ 7155:89a59e46b3af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
improve REST interface security When using REST, we reflect the client's origin. If the wildcard '*' is used in allowed_api_origins all origins are allowed. When this is done, it also added an 'Access-Control-Allow-Credentials: true' header. This Credentials header should not be added if the site is matched only by '*'. This header should be provided only for explicit origins (e.g. https://example.org) not for the wildcard. This is now fixed for CORS preflight OPTIONS request as well as normal GET, PUT, DELETE, POST, PATCH and OPTIONS requests. A missing Access-Control-Allow-Credentials will prevent the tracker from being accessed using credentials. This prevents an unauthorized third party web site from using a user's credentials to access information in the tracker that is not publicly available. Added test for this specific case. In addition, allowed_api_origins can include explicit origins in addition to '*'. '*' must be first in the list. Also adapted numerous tests to work with these changes. Doc updates.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Feb 2023 12:01:33 -0500
parents e9760702bf0c
children f6923d2ba9a5
line wrap: on
line source

# -*- coding: utf-8 -*-
"""
wsgi-liveserver provides a simple LiverServerTestCase class that can be used to
help start a web server in the background to serve a WSGI compliant application
for use with testing. Generally it will be used in conjuction with something
like Selenium to perform a series of functional tests using a browser.

Licensed under the GNU GPL v3

Copyright (c) 2013 John Kristensen (unless explicitly stated otherwise).
"""
import threading
import socket
import unittest
from wsgiref.simple_server import make_server, WSGIRequestHandler

__author__ = 'John Kristensen'
__version__ = '0.3.1'
__license__ = 'GPLv3'


class QuietHandler(WSGIRequestHandler):
    def log_request(*args, **kwargs):
        pass


class LiveServerTestCase(unittest.TestCase):

    port_range = (8080, 8090)

    def create_app(self):
        """Create your wsgi app and return it."""
        raise NotImplementedError

    def __call__(self, result=None):
        """
        Do some custom setup stuff and then hand off to TestCase to do its
        thing.
        """
        try:
            self._pre_setup()
            super(LiveServerTestCase, self).__call__(result)
        finally:
            self._post_teardown()

    def url_base(self):
        """Return the url of the test server."""
        return 'http://{0}:{1}'.format(self.host, self.port)

    def _pre_setup(self):
        """Setup and start the test server in the background."""
        self._server = None

        self.host = 'localhost'
        self.port = self.port_range[0]
        self._thread = None

        # Get the app
        self.app = self.create_app()

        # Cycle through the port range to find a free port
        while self._server is None and self.port <= self.port_range[1]:
            try:
                self._server = make_server(self.host, self.port, self.app,
                                           handler_class=QuietHandler)
            except socket.error:
                self.port += 1

        # No free port, raise an exception
        if self._server is None:
            raise socket.error('Ports {0}-{1} are all already in use'.format(
                *self.port_range))

        # Start the test server in the background
        self._thread = threading.Thread(target=self._server.serve_forever)
        self._thread.start()

    def _post_teardown(self):
        """Stop the test server."""
        if self._thread is not None:
            self._server.shutdown()
            self._server.server_close()
            self._thread.join()
            del self._server
Roundup Issue Tracker: http://roundup-tracker.org/