fix(backend) : use correct settings patching (#9910)

* fix(backend): use correct settings patching * and more fixes * fix context in test * add better test for cors
2025-07-06 21:50:55 +00:00 · 2025-07-02 02:35:27 +02:00
parent 252c74ab9f
commit dea8b4f0ad
8 changed files with 78 additions and 91 deletions
--- a/src/backend/InvenTree/InvenTree/middleware.py
+++ b/src/backend/InvenTree/InvenTree/middleware.py
@ -1,6 +1,7 @@
 """Middleware for InvenTree."""

 import sys
+from urllib.parse import urlsplit

 from django.conf import settings
 from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
@ -8,6 +9,7 @@ from django.http import HttpResponse
 from django.shortcuts import redirect, render
 from django.urls import resolve, reverse_lazy
 from django.utils.deprecation import MiddlewareMixin
+from django.utils.http import is_same_domain

 import structlog
 from error_report.middleware import ExceptionProcessor
@ -242,9 +244,13 @@ class InvenTreeHostSettingsMiddleware(MiddlewareMixin):
            )

        # Check trusted origins
+        referer = urlsplit(accessed_scheme)
        if not any(
-            accessed_scheme.startswith(origin)
-            for origin in settings.CSRF_TRUSTED_ORIGINS
+            is_same_domain(referer.netloc, host)
+            for host in [
+                urlsplit(origin).netloc.lstrip('*')
+                for origin in settings.CSRF_TRUSTED_ORIGINS
+            ]
        ):
            msg = f'INVE-E7: The used path `{accessed_scheme}` is not in the TRUSTED_ORIGINS'
            logger.error(msg)
--- a/src/backend/InvenTree/InvenTree/test_auth.py
+++ b/src/backend/InvenTree/InvenTree/test_auth.py
@ -1,6 +1,5 @@
 """Test the sso and auth module functionality."""

-from django.conf import settings
 from django.contrib.auth.models import Group, User
 from django.core.exceptions import ValidationError
 from django.test import override_settings
@ -130,12 +129,10 @@ class EmailSettingsContext:
    def __enter__(self):
        """Enable stuff."""
        InvenTreeSetting.set_setting('LOGIN_ENABLE_REG', True)
-        settings.EMAIL_HOST = 'localhost'

    def __exit__(self, type, value, traceback):
        """Exit stuff."""
        InvenTreeSetting.set_setting('LOGIN_ENABLE_REG', False)
-        settings.EMAIL_HOST = ''


 class TestAuth(InvenTreeAPITestCase):
@ -185,7 +182,7 @@ class TestAuth(InvenTreeAPITestCase):
        self.post(self.reg_url, self.email_args(), expected_code=403)

        # Enable registration - now it should work
-        with EmailSettingsContext():
+        with self.settings(EMAIL_HOST='localhost') as _, EmailSettingsContext() as _:
            resp = self.post(self.reg_url, self.email_args(), expected_code=200)
            self.assertEqual(resp.json()['data']['user']['email'], self.test_email)

@ -216,6 +213,6 @@ class TestAuth(InvenTreeAPITestCase):
        self.assertIn('The provided email domain is not approved.', str(resp.json()))

        # Right format should work
-        with EmailSettingsContext():
+        with self.settings(EMAIL_HOST='localhost') as _, EmailSettingsContext() as _:
            resp = self.post(self.reg_url, self.email_args(), expected_code=200)
            self.assertEqual(resp.json()['data']['user']['email'], self.test_email)
--- a/src/backend/InvenTree/InvenTree/test_middleware.py
+++ b/src/backend/InvenTree/InvenTree/test_middleware.py
@ -1,6 +1,5 @@
 """Tests for middleware functions."""

-from django.conf import settings
 from django.http import Http404
 from django.urls import reverse

@ -81,12 +80,12 @@ class MiddlewareTests(InvenTreeTestCase):
            log_error('testpath')

        # Test setup without ignored errors
-        settings.IGNORED_ERRORS = []
-        try:
-            raise Http404
-        except Http404:
-            log_error('testpath')
-        check(1)
+        with self.settings(IGNORED_ERRORS=[]):
+            try:
+                raise Http404
+            except Http404:
+                log_error('testpath')
+            check(1)

    def test_site_url_checks(self):
        """Test that the site URL check is correctly working."""
@ -133,3 +132,11 @@ class MiddlewareTests(InvenTreeTestCase):
            self.assertNotContains(
                response, 'window.INVENTREE_SETTINGS', status_code=500
            )
+
+        with self.settings(
+            SITE_URL='http://testserver', CSRF_TRUSTED_ORIGINS=['http://*.testserver']
+        ):
+            response = self.client.get(reverse('web'))
+            self.assertEqual(response.status_code, 200)
+            self.assertNotContains(response, 'INVE-E7')
+            self.assertContains(response, 'window.INVENTREE_SETTINGS')
--- a/src/backend/InvenTree/InvenTree/tests.py
+++ b/src/backend/InvenTree/InvenTree/tests.py
@ -1153,41 +1153,37 @@ class TestSettings(InvenTreeTestCase):
        # add shortcut
        user_count = user_model.objects.count
        # enable testing mode
-        settings.TESTING_ENV = True
+        with self.settings(TESTING_ENV=True):
+            # nothing set
+            self.run_reload()
+            self.assertEqual(user_count(), 1)

-        # nothing set
-        self.run_reload()
-        self.assertEqual(user_count(), 1)
+            # not enough set
+            self.run_reload({'INVENTREE_ADMIN_USER': 'admin'})
+            self.assertEqual(user_count(), 1)

-        # not enough set
-        self.run_reload({'INVENTREE_ADMIN_USER': 'admin'})
-        self.assertEqual(user_count(), 1)
+            # enough set
+            self.run_reload({
+                'INVENTREE_ADMIN_USER': 'admin',  # set username
+                'INVENTREE_ADMIN_EMAIL': 'info@example.com',  # set email
+                'INVENTREE_ADMIN_PASSWORD': 'password123',  # set password
+            })
+            self.assertEqual(user_count(), 2)

-        # enough set
-        self.run_reload({
-            'INVENTREE_ADMIN_USER': 'admin',  # set username
-            'INVENTREE_ADMIN_EMAIL': 'info@example.com',  # set email
-            'INVENTREE_ADMIN_PASSWORD': 'password123',  # set password
-        })
-        self.assertEqual(user_count(), 2)
+            username2 = 'testuser1'
+            email2 = 'test1@testing.com'
+            password2 = 'password1'

-        username2 = 'testuser1'
-        email2 = 'test1@testing.com'
-        password2 = 'password1'
-
-        # create user manually
-        user_model.objects.create_user(username2, email2, password2)
-        self.assertEqual(user_count(), 3)
-        # check it will not be created again
-        self.run_reload({
-            'INVENTREE_ADMIN_USER': username2,
-            'INVENTREE_ADMIN_EMAIL': email2,
-            'INVENTREE_ADMIN_PASSWORD': password2,
-        })
-        self.assertEqual(user_count(), 3)
-
-        # make sure to clean up
-        settings.TESTING_ENV = False
+            # create user manually
+            user_model.objects.create_user(username2, email2, password2)
+            self.assertEqual(user_count(), 3)
+            # check it will not be created again
+            self.run_reload({
+                'INVENTREE_ADMIN_USER': username2,
+                'INVENTREE_ADMIN_EMAIL': email2,
+                'INVENTREE_ADMIN_PASSWORD': password2,
+            })
+            self.assertEqual(user_count(), 3)

    def test_initial_install(self):
        """Test if install of plugins on startup works."""
--- a/src/backend/InvenTree/plugin/samples/event/test_event_sample.py
+++ b/src/backend/InvenTree/plugin/samples/event/test_event_sample.py
@ -1,6 +1,5 @@
 """Unit tests for event_sample sample plugins."""

-from django.conf import settings
 from django.test import TestCase

 from common.models import InvenTreeSetting
@ -23,14 +22,11 @@ class EventPluginSampleTests(TestCase):
        InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None)

        # Enable event testing
-        settings.PLUGIN_TESTING_EVENTS = True
-        # Check that an event is issued
-        with self.assertLogs(logger='inventree', level='DEBUG') as cm:
-            trigger_event('test.event')
-        self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1]))
-
-        # Disable again
-        settings.PLUGIN_TESTING_EVENTS = False
+        with self.settings(PLUGIN_TESTING_EVENTS=True):
+            # Check that an event is issued
+            with self.assertLogs(logger='inventree', level='DEBUG') as cm:
+                trigger_event('test.event')
+            self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1]))

    def test_mixin(self):
        """Test that MixinNotImplementedError is raised."""
--- a/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py
+++ b/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py
@ -1,6 +1,5 @@
 """Unit tests for event_sample sample plugins."""

-from django.conf import settings
 from django.test import TestCase

 from common.models import InvenTreeSetting
@ -21,14 +20,11 @@ class FilteredEventPluginSampleTests(TestCase):
        InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None)

        # Enable event testing
-        settings.PLUGIN_TESTING_EVENTS = True
-        # Check that an event is issued
-        with self.assertLogs(logger='inventree', level='DEBUG') as cm:
-            trigger_event('test.event')
-        self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1]))
-
-        # Disable again
-        settings.PLUGIN_TESTING_EVENTS = False
+        with self.settings(PLUGIN_TESTING_EVENTS=True):
+            # Check that an event is issued
+            with self.assertLogs(logger='inventree', level='DEBUG') as cm:
+                trigger_event('test.event')
+            self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1]))

    def test_ignore_event(self):
        """Check if the event is issued."""
@ -40,14 +36,11 @@ class FilteredEventPluginSampleTests(TestCase):
        InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None)

        # Enable event testing
-        settings.PLUGIN_TESTING_EVENTS = True
-        # Check that an event is issued
-        with self.assertLogs(logger='inventree', level='DEBUG') as cm:
-            trigger_event('test.some.other.event')
-        self.assertNotIn(
-            'DEBUG:inventree:Event `test.some.other.event` triggered in sample plugin',
-            cm[1],
-        )
-
-        # Disable again
-        settings.PLUGIN_TESTING_EVENTS = False
+        with self.settings(PLUGIN_TESTING_EVENTS=True):
+            # Check that an event is issued
+            with self.assertLogs(logger='inventree', level='DEBUG') as cm:
+                trigger_event('test.some.other.event')
+            self.assertNotIn(
+                'DEBUG:inventree:Event `test.some.other.event` triggered in sample plugin',
+                cm[1],
+            )
--- a/src/backend/InvenTree/plugin/test_api.py
+++ b/src/backend/InvenTree/plugin/test_api.py
@ -1,6 +1,5 @@
 """Tests for general API tests for the plugin app."""

-from django.conf import settings
 from django.test import override_settings
 from django.urls import reverse

@ -92,9 +91,8 @@ class PluginDetailAPITest(PluginMixin, InvenTreeAPITestCase):
        )

        # install disabled
-        settings.PLUGINS_INSTALL_DISABLED = True
-        self.post(url, {}, expected_code=400)
-        settings.PLUGINS_INSTALL_DISABLED = False
+        with self.settings(PLUGINS_INSTALL_DISABLED=True):
+            self.post(url, {}, expected_code=400)

    def test_plugin_activate(self):
        """Test the plugin activate."""
--- a/src/backend/InvenTree/plugin/test_plugin.py
+++ b/src/backend/InvenTree/plugin/test_plugin.py
@ -10,7 +10,6 @@ from pathlib import Path
 from unittest import mock
 from unittest.mock import patch

-from django.conf import settings
 from django.test import TestCase, override_settings

 import plugin.templatetags.plugin_extras as plugin_tags
@ -410,16 +409,11 @@ class RegistryTests(TestCase):
        # Check that the registry is not reloaded
        self.assertFalse(registry.check_reload())

-        settings.TESTING = False
-        settings.PLUGIN_TESTING_RELOAD = True
+        with self.settings(TESTING=False, PLUGIN_TESTING_RELOAD=True):
+            # Check that the registry is reloaded
+            registry.reload_plugins(full_reload=True, collect=True, force_reload=True)
+            self.assertFalse(registry.check_reload())

-        # Check that the registry is reloaded
-        registry.reload_plugins(full_reload=True, collect=True, force_reload=True)
-        self.assertFalse(registry.check_reload())
-
-        # Check that changed hashes run through
-        registry.registry_hash = 'abc'
-        self.assertTrue(registry.check_reload())
-
-        settings.TESTING = True
-        settings.PLUGIN_TESTING_RELOAD = False
+            # Check that changed hashes run through
+            registry.registry_hash = 'abc'
+            self.assertTrue(registry.check_reload())