diff --git a/src/backend/InvenTree/InvenTree/middleware.py b/src/backend/InvenTree/InvenTree/middleware.py index 336e03aabf..91e8ab7d8d 100644 --- a/src/backend/InvenTree/InvenTree/middleware.py +++ b/src/backend/InvenTree/InvenTree/middleware.py @@ -1,6 +1,7 @@ """Middleware for InvenTree.""" import sys +from urllib.parse import urlsplit from django.conf import settings from django.contrib.auth.middleware import PersistentRemoteUserMiddleware @@ -8,6 +9,7 @@ from django.http import HttpResponse from django.shortcuts import redirect, render from django.urls import resolve, reverse_lazy from django.utils.deprecation import MiddlewareMixin +from django.utils.http import is_same_domain import structlog from error_report.middleware import ExceptionProcessor @@ -242,9 +244,13 @@ class InvenTreeHostSettingsMiddleware(MiddlewareMixin): ) # Check trusted origins + referer = urlsplit(accessed_scheme) if not any( - accessed_scheme.startswith(origin) - for origin in settings.CSRF_TRUSTED_ORIGINS + is_same_domain(referer.netloc, host) + for host in [ + urlsplit(origin).netloc.lstrip('*') + for origin in settings.CSRF_TRUSTED_ORIGINS + ] ): msg = f'INVE-E7: The used path `{accessed_scheme}` is not in the TRUSTED_ORIGINS' logger.error(msg) diff --git a/src/backend/InvenTree/InvenTree/test_auth.py b/src/backend/InvenTree/InvenTree/test_auth.py index 82cfbda809..f8f52bfca4 100644 --- a/src/backend/InvenTree/InvenTree/test_auth.py +++ b/src/backend/InvenTree/InvenTree/test_auth.py @@ -1,6 +1,5 @@ """Test the sso and auth module functionality.""" -from django.conf import settings from django.contrib.auth.models import Group, User from django.core.exceptions import ValidationError from django.test import override_settings @@ -130,12 +129,10 @@ class EmailSettingsContext: def __enter__(self): """Enable stuff.""" InvenTreeSetting.set_setting('LOGIN_ENABLE_REG', True) - settings.EMAIL_HOST = 'localhost' def __exit__(self, type, value, traceback): """Exit stuff.""" InvenTreeSetting.set_setting('LOGIN_ENABLE_REG', False) - settings.EMAIL_HOST = '' class TestAuth(InvenTreeAPITestCase): @@ -185,7 +182,7 @@ class TestAuth(InvenTreeAPITestCase): self.post(self.reg_url, self.email_args(), expected_code=403) # Enable registration - now it should work - with EmailSettingsContext(): + with self.settings(EMAIL_HOST='localhost') as _, EmailSettingsContext() as _: resp = self.post(self.reg_url, self.email_args(), expected_code=200) self.assertEqual(resp.json()['data']['user']['email'], self.test_email) @@ -216,6 +213,6 @@ class TestAuth(InvenTreeAPITestCase): self.assertIn('The provided email domain is not approved.', str(resp.json())) # Right format should work - with EmailSettingsContext(): + with self.settings(EMAIL_HOST='localhost') as _, EmailSettingsContext() as _: resp = self.post(self.reg_url, self.email_args(), expected_code=200) self.assertEqual(resp.json()['data']['user']['email'], self.test_email) diff --git a/src/backend/InvenTree/InvenTree/test_middleware.py b/src/backend/InvenTree/InvenTree/test_middleware.py index cb334875c2..5c09058162 100644 --- a/src/backend/InvenTree/InvenTree/test_middleware.py +++ b/src/backend/InvenTree/InvenTree/test_middleware.py @@ -1,6 +1,5 @@ """Tests for middleware functions.""" -from django.conf import settings from django.http import Http404 from django.urls import reverse @@ -81,12 +80,12 @@ class MiddlewareTests(InvenTreeTestCase): log_error('testpath') # Test setup without ignored errors - settings.IGNORED_ERRORS = [] - try: - raise Http404 - except Http404: - log_error('testpath') - check(1) + with self.settings(IGNORED_ERRORS=[]): + try: + raise Http404 + except Http404: + log_error('testpath') + check(1) def test_site_url_checks(self): """Test that the site URL check is correctly working.""" @@ -133,3 +132,11 @@ class MiddlewareTests(InvenTreeTestCase): self.assertNotContains( response, 'window.INVENTREE_SETTINGS', status_code=500 ) + + with self.settings( + SITE_URL='http://testserver', CSRF_TRUSTED_ORIGINS=['http://*.testserver'] + ): + response = self.client.get(reverse('web')) + self.assertEqual(response.status_code, 200) + self.assertNotContains(response, 'INVE-E7') + self.assertContains(response, 'window.INVENTREE_SETTINGS') diff --git a/src/backend/InvenTree/InvenTree/tests.py b/src/backend/InvenTree/InvenTree/tests.py index 1d0c3d5938..c4a8c2a3e2 100644 --- a/src/backend/InvenTree/InvenTree/tests.py +++ b/src/backend/InvenTree/InvenTree/tests.py @@ -1153,41 +1153,37 @@ class TestSettings(InvenTreeTestCase): # add shortcut user_count = user_model.objects.count # enable testing mode - settings.TESTING_ENV = True + with self.settings(TESTING_ENV=True): + # nothing set + self.run_reload() + self.assertEqual(user_count(), 1) - # nothing set - self.run_reload() - self.assertEqual(user_count(), 1) + # not enough set + self.run_reload({'INVENTREE_ADMIN_USER': 'admin'}) + self.assertEqual(user_count(), 1) - # not enough set - self.run_reload({'INVENTREE_ADMIN_USER': 'admin'}) - self.assertEqual(user_count(), 1) + # enough set + self.run_reload({ + 'INVENTREE_ADMIN_USER': 'admin', # set username + 'INVENTREE_ADMIN_EMAIL': 'info@example.com', # set email + 'INVENTREE_ADMIN_PASSWORD': 'password123', # set password + }) + self.assertEqual(user_count(), 2) - # enough set - self.run_reload({ - 'INVENTREE_ADMIN_USER': 'admin', # set username - 'INVENTREE_ADMIN_EMAIL': 'info@example.com', # set email - 'INVENTREE_ADMIN_PASSWORD': 'password123', # set password - }) - self.assertEqual(user_count(), 2) + username2 = 'testuser1' + email2 = 'test1@testing.com' + password2 = 'password1' - username2 = 'testuser1' - email2 = 'test1@testing.com' - password2 = 'password1' - - # create user manually - user_model.objects.create_user(username2, email2, password2) - self.assertEqual(user_count(), 3) - # check it will not be created again - self.run_reload({ - 'INVENTREE_ADMIN_USER': username2, - 'INVENTREE_ADMIN_EMAIL': email2, - 'INVENTREE_ADMIN_PASSWORD': password2, - }) - self.assertEqual(user_count(), 3) - - # make sure to clean up - settings.TESTING_ENV = False + # create user manually + user_model.objects.create_user(username2, email2, password2) + self.assertEqual(user_count(), 3) + # check it will not be created again + self.run_reload({ + 'INVENTREE_ADMIN_USER': username2, + 'INVENTREE_ADMIN_EMAIL': email2, + 'INVENTREE_ADMIN_PASSWORD': password2, + }) + self.assertEqual(user_count(), 3) def test_initial_install(self): """Test if install of plugins on startup works.""" diff --git a/src/backend/InvenTree/plugin/samples/event/test_event_sample.py b/src/backend/InvenTree/plugin/samples/event/test_event_sample.py index 20d42ac19b..c65ff2dfd4 100644 --- a/src/backend/InvenTree/plugin/samples/event/test_event_sample.py +++ b/src/backend/InvenTree/plugin/samples/event/test_event_sample.py @@ -1,6 +1,5 @@ """Unit tests for event_sample sample plugins.""" -from django.conf import settings from django.test import TestCase from common.models import InvenTreeSetting @@ -23,14 +22,11 @@ class EventPluginSampleTests(TestCase): InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None) # Enable event testing - settings.PLUGIN_TESTING_EVENTS = True - # Check that an event is issued - with self.assertLogs(logger='inventree', level='DEBUG') as cm: - trigger_event('test.event') - self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1])) - - # Disable again - settings.PLUGIN_TESTING_EVENTS = False + with self.settings(PLUGIN_TESTING_EVENTS=True): + # Check that an event is issued + with self.assertLogs(logger='inventree', level='DEBUG') as cm: + trigger_event('test.event') + self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1])) def test_mixin(self): """Test that MixinNotImplementedError is raised.""" diff --git a/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py b/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py index 602181a0ad..0e7e9fc065 100644 --- a/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py +++ b/src/backend/InvenTree/plugin/samples/event/test_filtered_event_sample.py @@ -1,6 +1,5 @@ """Unit tests for event_sample sample plugins.""" -from django.conf import settings from django.test import TestCase from common.models import InvenTreeSetting @@ -21,14 +20,11 @@ class FilteredEventPluginSampleTests(TestCase): InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None) # Enable event testing - settings.PLUGIN_TESTING_EVENTS = True - # Check that an event is issued - with self.assertLogs(logger='inventree', level='DEBUG') as cm: - trigger_event('test.event') - self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1])) - - # Disable again - settings.PLUGIN_TESTING_EVENTS = False + with self.settings(PLUGIN_TESTING_EVENTS=True): + # Check that an event is issued + with self.assertLogs(logger='inventree', level='DEBUG') as cm: + trigger_event('test.event') + self.assertIn('Event `test.event` triggered in sample plugin', str(cm[1])) def test_ignore_event(self): """Check if the event is issued.""" @@ -40,14 +36,11 @@ class FilteredEventPluginSampleTests(TestCase): InvenTreeSetting.set_setting('ENABLE_PLUGINS_EVENTS', True, change_user=None) # Enable event testing - settings.PLUGIN_TESTING_EVENTS = True - # Check that an event is issued - with self.assertLogs(logger='inventree', level='DEBUG') as cm: - trigger_event('test.some.other.event') - self.assertNotIn( - 'DEBUG:inventree:Event `test.some.other.event` triggered in sample plugin', - cm[1], - ) - - # Disable again - settings.PLUGIN_TESTING_EVENTS = False + with self.settings(PLUGIN_TESTING_EVENTS=True): + # Check that an event is issued + with self.assertLogs(logger='inventree', level='DEBUG') as cm: + trigger_event('test.some.other.event') + self.assertNotIn( + 'DEBUG:inventree:Event `test.some.other.event` triggered in sample plugin', + cm[1], + ) diff --git a/src/backend/InvenTree/plugin/test_api.py b/src/backend/InvenTree/plugin/test_api.py index bb5625d80a..b3a0a78e81 100644 --- a/src/backend/InvenTree/plugin/test_api.py +++ b/src/backend/InvenTree/plugin/test_api.py @@ -1,6 +1,5 @@ """Tests for general API tests for the plugin app.""" -from django.conf import settings from django.test import override_settings from django.urls import reverse @@ -92,9 +91,8 @@ class PluginDetailAPITest(PluginMixin, InvenTreeAPITestCase): ) # install disabled - settings.PLUGINS_INSTALL_DISABLED = True - self.post(url, {}, expected_code=400) - settings.PLUGINS_INSTALL_DISABLED = False + with self.settings(PLUGINS_INSTALL_DISABLED=True): + self.post(url, {}, expected_code=400) def test_plugin_activate(self): """Test the plugin activate.""" diff --git a/src/backend/InvenTree/plugin/test_plugin.py b/src/backend/InvenTree/plugin/test_plugin.py index a34ec24967..2053590b20 100644 --- a/src/backend/InvenTree/plugin/test_plugin.py +++ b/src/backend/InvenTree/plugin/test_plugin.py @@ -10,7 +10,6 @@ from pathlib import Path from unittest import mock from unittest.mock import patch -from django.conf import settings from django.test import TestCase, override_settings import plugin.templatetags.plugin_extras as plugin_tags @@ -410,16 +409,11 @@ class RegistryTests(TestCase): # Check that the registry is not reloaded self.assertFalse(registry.check_reload()) - settings.TESTING = False - settings.PLUGIN_TESTING_RELOAD = True + with self.settings(TESTING=False, PLUGIN_TESTING_RELOAD=True): + # Check that the registry is reloaded + registry.reload_plugins(full_reload=True, collect=True, force_reload=True) + self.assertFalse(registry.check_reload()) - # Check that the registry is reloaded - registry.reload_plugins(full_reload=True, collect=True, force_reload=True) - self.assertFalse(registry.check_reload()) - - # Check that changed hashes run through - registry.registry_hash = 'abc' - self.assertTrue(registry.check_reload()) - - settings.TESTING = True - settings.PLUGIN_TESTING_RELOAD = False + # Check that changed hashes run through + registry.registry_hash = 'abc' + self.assertTrue(registry.check_reload())