From 465e45a12404475db136ef8cd6b03aa6e34c1bdb Mon Sep 17 00:00:00 2001 From: Joffrey F Date: Fri, 2 Jan 2015 15:15:34 -0800 Subject: [PATCH 1/3] Admin and middleware tests --- defender/tests.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/defender/tests.py b/defender/tests.py index e78948f..1ef1960 100644 --- a/defender/tests.py +++ b/defender/tests.py @@ -434,3 +434,29 @@ class AccessAttemptTest(TestCase): self.assertEqual( utils.get_user_attempts(req), ip_attempts ) + + def test_admin(self): + from .admin import AccessAttemptAdmin + AccessAttemptAdmin + + @patch('defender.middleware.ViewDecoratorMiddleware.watched_logins', + (ADMIN_LOGIN_URL, )) + def test_decorator_middleware(self): + # because watch_login is called twice in this test (once by the + # middleware and once by the decorator) we have half as many attempts + # before getting locked out. + # FIXME: I tried making sure every request in only processed once but + # there seems to be an issue with django reusing request objects. + for i in range(0, config.FAILURE_LIMIT / 2): + response = self._login() + # Check if we are in the same login page + self.assertContains(response, LOGIN_FORM_KEY) + + # So, we shouldn't have gotten a lock-out yet. + # But we should get one now + response = self._login() + self.assertContains(response, self.LOCKED_MESSAGE) + + # doing a get should also get locked out message + response = self.client.get(ADMIN_LOGIN_URL) + self.assertContains(response, self.LOCKED_MESSAGE) From 1b63b657a1c215ab868ddbd97b963c81b3e36ad8 Mon Sep 17 00:00:00 2001 From: Joffrey F Date: Fri, 2 Jan 2015 15:29:26 -0800 Subject: [PATCH 2/3] test_get_view for 100% coverage --- defender/tests.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/defender/tests.py b/defender/tests.py index 1ef1960..1a77180 100644 --- a/defender/tests.py +++ b/defender/tests.py @@ -460,3 +460,12 @@ class AccessAttemptTest(TestCase): # doing a get should also get locked out message response = self.client.get(ADMIN_LOGIN_URL) self.assertContains(response, self.LOCKED_MESSAGE) + + def test_get_view(self): + """ Check that the decorator doesn't tamper with GET requests""" + for i in range(0, config.FAILURE_LIMIT): + response = self.client.get(ADMIN_LOGIN_URL) + # Check if we are in the same login page + self.assertContains(response, LOGIN_FORM_KEY) + response = self.client.get(ADMIN_LOGIN_URL) + self.assertNotContains(response, self.LOCKED_MESSAGE) From 59fed5fc8a51a7e869a1459813eb171814dfa949 Mon Sep 17 00:00:00 2001 From: Joffrey F Date: Fri, 2 Jan 2015 15:31:09 -0800 Subject: [PATCH 3/3] python3 fix --- defender/tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender/tests.py b/defender/tests.py index 1a77180..f9920ef 100644 --- a/defender/tests.py +++ b/defender/tests.py @@ -447,7 +447,7 @@ class AccessAttemptTest(TestCase): # before getting locked out. # FIXME: I tried making sure every request in only processed once but # there seems to be an issue with django reusing request objects. - for i in range(0, config.FAILURE_LIMIT / 2): + for i in range(0, int(config.FAILURE_LIMIT / 2)): response = self._login() # Check if we are in the same login page self.assertContains(response, LOGIN_FORM_KEY)