diff options
26 files changed, 421 insertions, 91 deletions
diff --git a/.gitignore b/.gitignore index 5fa2a2ee4..8dca2069c 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,7 @@ .coverage .tox/ nosetests.xml -pyramid/coverage.xml +coverage.xml tutorial.db build/ dist/ diff --git a/.travis.yml b/.travis.yml index ab9c3ff30..00c293046 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +# Wire up travis language: python python: diff --git a/CHANGES.txt b/CHANGES.txt index e6dd9f0cb..ba8aae559 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,6 +4,9 @@ next release Features -------- +- ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH`` + requests. See https://github.com/Pylons/pyramid/pull/1033. + - ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This removes the ambiguity between the potential ``AttributeError`` that would be raised on the ``context`` when the property was not defined and the @@ -29,9 +32,27 @@ Features ``initialize_myapp_db etc/development.ini a=1 b=2``. See https://github.com/Pylons/pyramid/pull/911 +- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view + predicate now take into account the value of the HTTP header named + ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they + always did). The header is tried when the form parameter does not exist. + Bug Fixes --------- +- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API + for ``__loader__`` objects specified in PEP 302. Proxies to the + ``__loader__`` set by the importer, if present; otherwise, raises + ``NotImplementedError``. This makes Pyramid static view overrides work + properly under Python 3.3 (previously they would not). See + https://github.com/Pylons/pyramid/pull/1015 for more information. + +- ``mako_templating``: added defensive workaround for non-importability of + ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako + templating will no longer work under the combination of MarkupSafe 0.17 and + Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any + supported Python 2 version will work OK). + - View lookup will now search for valid views based on the inheritance hierarchy of the context. It tries to find views based on the most specific context first, and upon predicate failure, will move up the @@ -93,6 +114,11 @@ Bug Fixes files have now been removed. See https://github.com/Pylons/pyramid/issues/981 +- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under + Python 3 would use ``__len__`` to find truthiness; this usually caused an + instance of DummyResource to be "falsy" instead of "truthy". See + https://github.com/Pylons/pyramid/pull/1032 + 1.4 (2012-12-18) ================ diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 97eb54f7b..61155ca80 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -198,3 +198,5 @@ Contributors - Georges Dubus, 2013/03/21 - Jason McKellar, 2013/03/28 + +- Luke Cyca, 2013/05/30 diff --git a/README.rst b/README.rst index 4d427a13d..a3458028b 100644 --- a/README.rst +++ b/README.rst @@ -1,8 +1,8 @@ Pyramid ======= -Pyramid is a small, fast, down-to-earth, open source Python web application -development framework. It makes real-world web application development and +Pyramid is a small, fast, down-to-earth, open source Python web framework. +It makes real-world web application development and deployment more fun, more predictable, and more productive. Pyramid is produced by the `Pylons Project <http://pylonsproject.org/>`_. diff --git a/docs/designdefense.rst b/docs/designdefense.rst index fdc57e0c1..ea46053a0 100644 --- a/docs/designdefense.rst +++ b/docs/designdefense.rst @@ -1691,7 +1691,7 @@ some sort of monolithic thing, and a lot of its software is usable externally. And while it's not really the job of this document to defend it, Zope has been around for over 10 years and has an incredibly large, active community. If you don't believe this, -http://taichino.appspot.com/pypi_ranking/authors is an eye-opening reality +http://pypi-ranking.info/author is an eye-opening reality check. Love Simplicity diff --git a/docs/narr/resources.rst b/docs/narr/resources.rst index 699a3d4ac..b1bb611e5 100644 --- a/docs/narr/resources.rst +++ b/docs/narr/resources.rst @@ -300,7 +300,7 @@ the resource by :meth:`~pyramid.request.Request.resource_url`. The ``__resource_url__`` hook is passed two arguments: ``request`` and ``info``. ``request`` is the :term:`request` object passed to :meth:`~pyramid.request.Request.resource_url`. ``info`` is a dictionary with -two keys: +the following keys: ``physical_path`` A string representing the "physical path" computed for the resource, as diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index c4f4b5f07..7ec280c8a 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -298,14 +298,15 @@ Preventing Cross-Site Request Forgery Attacks `Cross-site request forgery <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`_ attacks are a -phenomenon whereby a user with an identity on your website might click on a -URL or button on another website which secretly redirects the user to your -application to perform some command that requires elevated privileges. - -You can avoid most of these attacks by making sure that the correct *CSRF -token* has been set in an :app:`Pyramid` session object before performing any -actions in code which requires elevated privileges that is invoked via a form -post. To use CSRF token support, you must enable a :term:`session factory` +phenomenon whereby a user who is logged in to your website might inadvertantly +load a URL because it is linked from, or embedded in, an attacker's website. +If the URL is one that may modify or delete data, the consequences can be dire. + +You can avoid most of these attacks by issuing a unique token to the browser +and then requiring that it be present in all potentially unsafe requests. +:app:`Pyramid` sessions provide facilities to create and check CSRF tokens. + +To use CSRF tokens, you must first enable a :term:`session factory` as described in :ref:`using_the_default_session_factory` or :ref:`using_alternate_session_factories`. @@ -324,33 +325,82 @@ To get the current CSRF token from the session, use the The ``session.get_csrf_token()`` method accepts no arguments. It returns a CSRF *token* string. If ``session.get_csrf_token()`` or -``session.new_csrf_token()`` was invoked previously for this session, the +``session.new_csrf_token()`` was invoked previously for this session, then the existing token will be returned. If no CSRF token previously existed for -this session, a new token will be will be set into the session and returned. +this session, then a new token will be will be set into the session and returned. The newly created token will be opaque and randomized. You can use the returned token as the value of a hidden field in a form that -posts to a method that requires elevated privileges. The handler for the -form post should use ``session.get_csrf_token()`` *again* to obtain the -current CSRF token related to the user from the session, and compare it to -the value of the hidden form field. For example, if your form rendering -included the CSRF token obtained via ``session.get_csrf_token()`` as a hidden -input field named ``csrf_token``: +posts to a method that requires elevated privileges, or supply it as a request +header in AJAX requests. + +For example, include the CSRF token as a hidden field: + +.. code-block:: html + + <form method="post" action="/myview"> + <input type="hidden" name="csrf_token" value="${request.session.get_csrf_token()}"> + <input type="submit" value="Delete Everything"> + </form> + +Or, include it as a header in a jQuery AJAX request: + +.. code-block:: javascript + + var csrfToken = ${request.session.get_csrf_token()}; + $.ajax({ + type: "POST", + url: "/myview", + headers: { 'X-CSRF-Token': csrfToken } + }).done(function() { + alert("Deleted"); + }); + + +The handler for the URL that receives the request +should then require that the correct CSRF token is supplied. + +Using the ``session.check_csrf_token`` Method +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In request handling code, you can check the presence and validity of a CSRF +token with ``session.check_csrf_token(request)``. If the token is valid, +it will return True, otherwise it will raise ``HTTPBadRequest``. + +By default, it checks for a GET or POST parameter named ``csrf_token`` or a +header named ``X-CSRF-Token``. .. code-block:: python - :linenos: - token = request.session.get_csrf_token() - if token != request.POST['csrf_token']: - raise ValueError('CSRF token did not match') + def myview(request): + session = request.session + + # Require CSRF Token + session.check_csrf_token(request): + + ... .. index:: single: session.new_csrf_token +Checking CSRF Tokens With A View Predicate +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A convenient way to require a valid CSRF Token for a particular view is to +include ``check_csrf=True`` as a view predicate. +See :meth:`pyramid.config.Configurator.add_route`. + +.. code-block:: python + + @view_config(request_method='POST', check_csrf=True, ...) + def myview(request): + ... + + Using the ``session.new_csrf_token`` Method ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To explicitly add a new CSRF token to the session, use the +To explicitly create a new CSRF token, use the ``session.new_csrf_token()`` method. This differs only from ``session.get_csrf_token()`` inasmuch as it clears any existing CSRF token, creates a new CSRF token, sets the token into the session, and returns the diff --git a/pyramid/chameleon_text.py b/pyramid/chameleon_text.py index 8cf04bf79..d2a943a28 100644 --- a/pyramid/chameleon_text.py +++ b/pyramid/chameleon_text.py @@ -1,7 +1,5 @@ from zope.interface import implementer -from chameleon.zpt.template import PageTextTemplateFile - from pyramid.interfaces import ITemplateRenderer from pyramid.decorator import reify @@ -20,6 +18,7 @@ class TextTemplateRenderer(object): @reify # avoid looking up reload_templates before manager pushed def template(self): + from chameleon.zpt.template import PageTextTemplateFile return PageTextTemplateFile(self.path, auto_reload=self.lookup.auto_reload, debug=self.lookup.debug, diff --git a/pyramid/chameleon_zpt.py b/pyramid/chameleon_zpt.py index d8a8ee1be..89e5d02b5 100644 --- a/pyramid/chameleon_zpt.py +++ b/pyramid/chameleon_zpt.py @@ -1,7 +1,5 @@ from zope.interface import implementer -from chameleon.zpt.template import PageTemplateFile - from pyramid.interfaces import ITemplateRenderer from pyramid.decorator import reify from pyramid import renderers @@ -18,6 +16,7 @@ class ZPTTemplateRenderer(object): @reify # avoid looking up reload_templates before manager pushed def template(self): + from chameleon.zpt.template import PageTemplateFile tf = PageTemplateFile( self.path, auto_reload=self.lookup.auto_reload, diff --git a/pyramid/config/assets.py b/pyramid/config/assets.py index 5d4682349..0616e6cda 100644 --- a/pyramid/config/assets.py +++ b/pyramid/config/assets.py @@ -81,14 +81,12 @@ class OverrideProvider(pkg_resources.DefaultProvider): self, resource_name) @implementer(IPackageOverrides) -class PackageOverrides: +class PackageOverrides(object): # pkg_resources arg in kw args below for testing def __init__(self, package, pkg_resources=pkg_resources): - if hasattr(package, '__loader__') and not isinstance(package.__loader__, - self.__class__): - raise TypeError('Package %s already has a non-%s __loader__ ' - '(probably a module in a zipped egg)' % - (package, self.__class__)) + loader = self._real_loader = getattr(package, '__loader__', None) + if isinstance(loader, self.__class__): + self._real_loader = None # We register ourselves as a __loader__ *only* to support the # setuptools _find_adapter adapter lookup; this class doesn't # actually support the PEP 302 loader "API". This is @@ -150,7 +148,33 @@ class PackageOverrides: for package, rname in self.search_path(resource_name): if pkg_resources.resource_exists(package, rname): return pkg_resources.resource_listdir(package, rname) - + + @property + def real_loader(self): + if self._real_loader is None: + raise NotImplementedError() + return self._real_loader + + def get_data(self, path): + """ See IPEP302Loader. + """ + return self.real_loader.get_data(path) + + def is_package(self, fullname): + """ See IPEP302Loader. + """ + return self.real_loader.is_package(fullname) + + def get_code(self, fullname): + """ See IPEP302Loader. + """ + return self.real_loader.get_code(fullname) + + def get_source(self, fullname): + """ See IPEP302Loader. + """ + return self.real_loader.get_source(fullname) + class DirectoryOverride: def __init__(self, path, package, prefix): diff --git a/pyramid/interfaces.py b/pyramid/interfaces.py index 4fb4d615c..a57f61ddb 100644 --- a/pyramid/interfaces.py +++ b/pyramid/interfaces.py @@ -793,7 +793,49 @@ deprecated( 'See the "What\'s new In Pyramid 1.3" document for more details.' ) -class IPackageOverrides(Interface): +class IPEP302Loader(Interface): + """ See http://www.python.org/dev/peps/pep-0302/#id30. + """ + def get_data(path): + """ Retrieve data for and arbitrary "files" from storage backend. + + Raise IOError for not found. + + Data is returned as bytes. + """ + + def is_package(fullname): + """ Return True if the module specified by 'fullname' is a package. + """ + + def get_code(fullname): + """ Return the code object for the module identified by 'fullname'. + + Return 'None' if it's a built-in or extension module. + + If the loader doesn't have the code object but it does have the source + code, return the compiled source code. + + Raise ImportError if the module can't be found by the importer at all. + """ + + def get_source(fullname): + """ Return the source code for the module identified by 'fullname'. + + Return a string, using newline characters for line endings, or None + if the source is not available. + + Raise ImportError if the module can't be found by the importer at all. + """ + + def get_filename(fullname): + """ Return the value of '__file__' if the named module was loaded. + + If the module is not found, raise ImportError. + """ + + +class IPackageOverrides(IPEP302Loader): """ Utility for pkg_resources overrides """ # VH_ROOT_KEY is an interface; its imported from other packages (e.g. diff --git a/pyramid/mako_templating.py b/pyramid/mako_templating.py index 061bcb717..8d4583d82 100644 --- a/pyramid/mako_templating.py +++ b/pyramid/mako_templating.py @@ -1,6 +1,5 @@ import os import posixpath -import re import sys import threading @@ -23,8 +22,34 @@ from pyramid.interfaces import ITemplateRenderer from pyramid.settings import asbool from pyramid.util import DottedNameResolver -from mako.lookup import TemplateLookup -from mako import exceptions +def _no_mako(*arg, **kw): # pragma: no cover + raise NotImplementedError( + "'mako' package is not importable (maybe downgrade MarkupSafe to " + "0.16 or below if you're using Python 3.2)" + ) + +try: + from mako.lookup import TemplateLookup +except (ImportError, SyntaxError, AttributeError): #pragma NO COVER + class TemplateLookup(object): + def __init__(self, **kw): + for name in ('adjust_uri', 'get_template', 'filename_to_uri', + 'put_string', 'put_template'): + setattr(self, name, _no_mako) + self.filesystem_checks = False + +try: + from mako.exceptions import TopLevelLookupException +except (ImportError, SyntaxError, AttributeError): #pragma NO COVER + class TopLevelLookupException(Exception): + pass + +try: + from mako.exceptions import text_error_template +except (ImportError, SyntaxError, AttributeError): #pragma NO COVER + def text_error_template(lookup=None): + _no_mako() + class IMakoLookup(Interface): pass @@ -78,7 +103,7 @@ class PkgResourceTemplateLookup(TemplateLookup): srcfile = abspath_from_asset_spec(path, pname) if os.path.isfile(srcfile): return self._load(srcfile, adjusted) - raise exceptions.TopLevelLookupException( + raise TopLevelLookupException( "Can not locate template for uri %r" % uri) return TemplateLookup.get_template(self, uri) @@ -208,7 +233,7 @@ class MakoLookupTemplateRenderer(object): except: try: exc_info = sys.exc_info() - errtext = exceptions.text_error_template().render( + errtext = text_error_template().render( error=exc_info[1], traceback=exc_info[2] ) diff --git a/pyramid/router.py b/pyramid/router.py index 63c12a1af..df1f02b22 100644 --- a/pyramid/router.py +++ b/pyramid/router.py @@ -1,5 +1,4 @@ from zope.interface import ( - Interface, implementer, providedBy, ) diff --git a/pyramid/scaffolds/__init__.py b/pyramid/scaffolds/__init__.py index dc207b540..c993ce5f9 100644 --- a/pyramid/scaffolds/__init__.py +++ b/pyramid/scaffolds/__init__.py @@ -1,5 +1,6 @@ import binascii import os +from textwrap import dedent from pyramid.compat import native_ @@ -33,7 +34,22 @@ class PyramidTemplate(Template): """ Overrides :meth:`pyramid.scaffolds.template.Template.post`, to print "Welcome to Pyramid. Sorry for the convenience." after a successful scaffolding rendering.""" - self.out('Welcome to Pyramid. Sorry for the convenience.') + + separator = "=" * 79 + msg = dedent( + """ + %(separator)s + Tutorials: http://docs.pylonsproject.org/projects/pyramid_tutorials + Documentation: http://docs.pylonsproject.org/projects/pyramid + + Twitter (tips & updates): http://twitter.com/pylons + Mailing List: http://groups.google.com/group/pylons-discuss + + Welcome to Pyramid. Sorry for the convenience. + %(separator)s + """ % {'separator': separator}) + + self.out(msg) return Template.post(self, command, output_dir, vars) def out(self, msg): # pragma: no cover (replaceable testing hook) diff --git a/pyramid/scripts/prequest.py b/pyramid/scripts/prequest.py index da6b8cc14..3d8921b15 100644 --- a/pyramid/scripts/prequest.py +++ b/pyramid/scripts/prequest.py @@ -18,9 +18,16 @@ class PRequestCommand(object): This command makes an artifical request to a web application that uses a PasteDeploy (.ini) configuration file for the server and application. - Use "prequest config.ini /path" to request "/path". Use "prequest - --method=POST config.ini /path < data" to do a POST with the given - request body. + Use "prequest config.ini /path" to request "/path". + + Use "prequest --method=POST config.ini /path < data" to do a POST with + the given request body. + + Use "prequest --method=PUT config.ini /path < data" to do a + PUT with the given request body. + + Use "prequest --method=PATCH config.ini /path < data" to do a + PATCH with the given request body. If the path is relative (doesn't begin with "/") it is interpreted as relative to "/". The path passed to this script should be URL-quoted. @@ -59,9 +66,9 @@ class PRequestCommand(object): parser.add_option( '-m', '--method', dest='method', - choices=['GET', 'HEAD', 'POST', 'DELETE'], + choices=['GET', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE'], type='choice', - help='Request method type (GET, POST, DELETE)', + help='Request method type', ) get_app = staticmethod(get_app) @@ -110,9 +117,9 @@ class PRequestCommand(object): environ = { 'REQUEST_METHOD': request_method, 'SCRIPT_NAME': '', # may be empty if app is at the root - 'PATH_INFO': path, + 'PATH_INFO': path, 'SERVER_NAME': 'localhost', # always mandatory - 'SERVER_PORT': '80', # always mandatory + 'SERVER_PORT': '80', # always mandatory 'SERVER_PROTOCOL': 'HTTP/1.0', 'CONTENT_TYPE': 'text/plain', 'REMOTE_ADDR':'127.0.0.1', @@ -127,7 +134,7 @@ class PRequestCommand(object): 'paste.command_request': True, } - if request_method == 'POST': + if request_method in ('POST', 'PUT', 'PATCH'): environ['wsgi.input'] = self.stdin environ['CONTENT_LENGTH'] = '-1' diff --git a/pyramid/session.py b/pyramid/session.py index 7db8c8e0e..3708ef879 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -81,15 +81,22 @@ def signed_deserialize(serialized, secret, hmac=hmac): return pickle.loads(pickled) -def check_csrf_token(request, token='csrf_token', raises=True): +def check_csrf_token(request, + token='csrf_token', + header='X-CSRF-Token', + raises=True): """ Check the CSRF token in the request's session against the value in - ``request.params.get(token)``. If a ``token`` keyword is not supplied - to this function, the string ``csrf_token`` will be used to look up - the token within ``request.params``. If the value in - ``request.params.get(token)`` doesn't match the value supplied by - ``request.session.get_csrf_token()``, and ``raises`` is ``True``, this - function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest` - exception. If the check does succeed and ``raises`` is ``False``, this + ``request.params.get(token)`` or ``request.headers.get(header)``. + If a ``token`` keyword is not supplied to this function, the string + ``csrf_token`` will be used to look up the token in ``request.params``. + If a ``header`` keyword is not supplied to this function, the string + ``X-CSRF-Token`` will be used to look up the token in ``request.headers``. + + If the value supplied by param or by header doesn't match the value + supplied by ``request.session.get_csrf_token()``, and ``raises`` is + ``True``, this function will raise an + :exc:`pyramid.httpexceptions.HTTPBadRequest` exception. + If the check does succeed and ``raises`` is ``False``, this function will return ``False``. If the CSRF check is successful, this function will return ``True`` unconditionally. @@ -98,7 +105,8 @@ def check_csrf_token(request, token='csrf_token', raises=True): .. versionadded:: 1.4a2 """ - if request.params.get(token) != request.session.get_csrf_token(): + supplied_token = request.params.get(token, request.headers.get(header)) + if supplied_token != request.session.get_csrf_token(): if raises: raise HTTPBadRequest('incorrect CSRF token') return False diff --git a/pyramid/testing.py b/pyramid/testing.py index 0c701727b..9bd245e4e 100644 --- a/pyramid/testing.py +++ b/pyramid/testing.py @@ -222,6 +222,8 @@ class DummyResource: def __nonzero__(self): return True + __bool__ = __nonzero__ + def __len__(self): return len(self.subs) @@ -482,9 +484,9 @@ def tearDown(unhook_zca=True): If the ``unhook_zca`` argument is ``True`` (the default), call :func:`zope.component.getSiteManager.reset`. This undoes the - action of :func:`pyramid.testing.setUp` called with the + action of :func:`pyramid.testing.setUp` when called with the argument ``hook_zca=True``. If :mod:`zope.component` cannot be - imported, ignore the argument. + imported, ``unhook_zca`` is set to ``False``. """ global have_zca if unhook_zca and have_zca: diff --git a/pyramid/tests/pkgs/viewdecoratorapp/views/templates/foo.mak b/pyramid/tests/pkgs/viewdecoratorapp/views/templates/foo.pt index 6a2f701b6..6a2f701b6 100644 --- a/pyramid/tests/pkgs/viewdecoratorapp/views/templates/foo.mak +++ b/pyramid/tests/pkgs/viewdecoratorapp/views/templates/foo.pt diff --git a/pyramid/tests/pkgs/viewdecoratorapp/views/views.py b/pyramid/tests/pkgs/viewdecoratorapp/views/views.py index 6f7ff1e21..2b7d7e928 100644 --- a/pyramid/tests/pkgs/viewdecoratorapp/views/views.py +++ b/pyramid/tests/pkgs/viewdecoratorapp/views/views.py @@ -1,11 +1,11 @@ from pyramid.view import view_config -@view_config(renderer='templates/foo.mak', name='first') +@view_config(renderer='templates/foo.pt', name='first') def first(request): return {'result':'OK1'} @view_config( - renderer='pyramid.tests.pkgs.viewdecoratorapp.views:templates/foo.mak', + renderer='pyramid.tests.pkgs.viewdecoratorapp.views:templates/foo.pt', name='second') def second(request): return {'result':'OK2'} diff --git a/pyramid/tests/test_config/test_assets.py b/pyramid/tests/test_config/test_assets.py index 5fe02c358..345e7f8d6 100644 --- a/pyramid/tests/test_config/test_assets.py +++ b/pyramid/tests/test_config/test_assets.py @@ -314,16 +314,40 @@ class TestPackageOverrides(unittest.TestCase): from pyramid.config.assets import PackageOverrides return PackageOverrides - def _makeOne(self, package, pkg_resources=None): + def _makeOne(self, package=None, pkg_resources=None): + if package is None: + package = DummyPackage('package') klass = self._getTargetClass() if pkg_resources is None: pkg_resources = DummyPkgResources() return klass(package, pkg_resources=pkg_resources) + def test_class_conforms_to_IPackageOverrides(self): + from zope.interface.verify import verifyClass + from pyramid.interfaces import IPackageOverrides + verifyClass(IPackageOverrides, self._getTargetClass()) + + def test_instance_conforms_to_IPackageOverrides(self): + from zope.interface.verify import verifyObject + from pyramid.interfaces import IPackageOverrides + verifyObject(IPackageOverrides, self._makeOne()) + + def test_class_conforms_to_IPEP302Loader(self): + from zope.interface.verify import verifyClass + from pyramid.interfaces import IPEP302Loader + verifyClass(IPEP302Loader, self._getTargetClass()) + + def test_instance_conforms_to_IPEP302Loader(self): + from zope.interface.verify import verifyObject + from pyramid.interfaces import IPEP302Loader + verifyObject(IPEP302Loader, self._makeOne()) + def test_ctor_package_already_has_loader_of_different_type(self): package = DummyPackage('package') - package.__loader__ = True - self.assertRaises(TypeError, self._makeOne, package) + loader = package.__loader__ = DummyLoader() + po = self._makeOne(package) + self.assertTrue(package.__loader__ is po) + self.assertTrue(po.real_loader is loader) def test_ctor_package_already_has_loader_of_same_type(self): package = DummyPackage('package') @@ -502,6 +526,55 @@ class TestPackageOverrides(unittest.TestCase): po.overrides= overrides self.assertEqual(po.listdir('whatever'), None) + # PEP 302 __loader__ extensions: use the "real" __loader__, if present. + def test_get_data_pkg_has_no___loader__(self): + package = DummyPackage('package') + po = self._makeOne(package) + self.assertRaises(NotImplementedError, po.get_data, 'whatever') + + def test_get_data_pkg_has___loader__(self): + package = DummyPackage('package') + loader = package.__loader__ = DummyLoader() + po = self._makeOne(package) + self.assertEqual(po.get_data('whatever'), b'DEADBEEF') + self.assertEqual(loader._got_data, 'whatever') + + def test_is_package_pkg_has_no___loader__(self): + package = DummyPackage('package') + po = self._makeOne(package) + self.assertRaises(NotImplementedError, po.is_package, 'whatever') + + def test_is_package_pkg_has___loader__(self): + package = DummyPackage('package') + loader = package.__loader__ = DummyLoader() + po = self._makeOne(package) + self.assertTrue(po.is_package('whatever')) + self.assertEqual(loader._is_package, 'whatever') + + def test_get_code_pkg_has_no___loader__(self): + package = DummyPackage('package') + po = self._makeOne(package) + self.assertRaises(NotImplementedError, po.get_code, 'whatever') + + def test_get_code_pkg_has___loader__(self): + package = DummyPackage('package') + loader = package.__loader__ = DummyLoader() + po = self._makeOne(package) + self.assertEqual(po.get_code('whatever'), b'DEADBEEF') + self.assertEqual(loader._got_code, 'whatever') + + def test_get_source_pkg_has_no___loader__(self): + package = DummyPackage('package') + po = self._makeOne(package) + self.assertRaises(NotImplementedError, po.get_source, 'whatever') + + def test_get_source_pkg_has___loader__(self): + package = DummyPackage('package') + loader = package.__loader__ = DummyLoader() + po = self._makeOne(package) + self.assertEqual(po.get_source('whatever'), 'def foo():\n pass') + self.assertEqual(loader._got_source, 'whatever') + class TestDirectoryOverride(unittest.TestCase): def _getTargetClass(self): from pyramid.config.assets import DirectoryOverride @@ -570,10 +643,25 @@ class DummyPkgResources: def register_loader_type(self, typ, inst): self.registered.append((typ, inst)) - + class DummyPackage: def __init__(self, name): self.__name__ = name + +class DummyLoader: + _got_data = _is_package = None + def get_data(self, path): + self._got_data = path + return b'DEADBEEF' + def is_package(self, fullname): + self._is_package = fullname + return True + def get_code(self, fullname): + self._got_code = fullname + return b'DEADBEEF' + def get_source(self, fullname): + self._got_source = fullname + return 'def foo():\n pass' class DummyUnderOverride: def __call__(self, package, path, override_package, override_prefix, diff --git a/pyramid/tests/test_integration.py b/pyramid/tests/test_integration.py index c8418c61d..66205e618 100644 --- a/pyramid/tests/test_integration.py +++ b/pyramid/tests/test_integration.py @@ -369,22 +369,12 @@ class TestForbiddenAppHasResult(IntegrationBase, unittest.TestCase): class TestViewDecoratorApp(IntegrationBase, unittest.TestCase): package = 'pyramid.tests.pkgs.viewdecoratorapp' - def _configure_mako(self): - tmpldir = os.path.join(os.path.dirname(__file__), - 'pkgs', - 'viewdecoratorapp', - 'views') - self.config.registry.settings['mako.directories'] = tmpldir def test_first(self): - # we use mako here instead of chameleon because it works on Jython - self._configure_mako() res = self.testapp.get('/first', status=200) self.assertTrue(b'OK' in res.body) def test_second(self): - # we use mako here instead of chameleon because it works on Jython - self._configure_mako() res = self.testapp.get('/second', status=200) self.assertTrue(b'OK2' in res.body) diff --git a/pyramid/tests/test_mako_templating.py b/pyramid/tests/test_mako_templating.py index 50ef360d9..f607a5497 100644 --- a/pyramid/tests/test_mako_templating.py +++ b/pyramid/tests/test_mako_templating.py @@ -22,7 +22,20 @@ class Base(object): def tearDown(self): self.config.end() -class Test_renderer_factory(Base, unittest.TestCase): +def maybe_unittest(): + # The latest release of MarkupSafe (0.17) which is used by Mako is + # incompatible with Python 3.2, so we skip these tests if we cannot + # import a Mako module which ends up importing MarkupSafe. Note that + # this version of MarkupSafe *is* compatible with Python 2.6, 2.7, and 3.3, + # so these tests should not be skipped on those platforms. + try: + import mako.lookup + except (ImportError, SyntaxError, AttributeError): # pragma: no cover + return object + else: + return unittest.TestCase + +class Test_renderer_factory(Base, maybe_unittest()): def _callFUT(self, info): from pyramid.mako_templating import renderer_factory return renderer_factory(info) @@ -298,7 +311,7 @@ class Test_renderer_factory(Base, unittest.TestCase): self.assertEqual(result.path, 'hello .world.mako') self.assertEqual(result.defname, 'comp') -class MakoRendererFactoryHelperTests(Base, unittest.TestCase): +class MakoRendererFactoryHelperTests(Base, maybe_unittest()): def _getTargetClass(self): from pyramid.mako_templating import MakoRendererFactoryHelper return MakoRendererFactoryHelper @@ -345,7 +358,7 @@ class MakoRendererFactoryHelperTests(Base, unittest.TestCase): self.assertEqual(renderer.path, 'helloworld.mak') self.assertEqual(renderer.lookup, lookup) -class MakoLookupTemplateRendererTests(Base, unittest.TestCase): +class MakoLookupTemplateRendererTests(Base, maybe_unittest()): def _getTargetClass(self): from pyramid.mako_templating import MakoLookupTemplateRenderer return MakoLookupTemplateRenderer @@ -426,7 +439,7 @@ class MakoLookupTemplateRendererTests(Base, unittest.TestCase): self.assertTrue(isinstance(result, text_type)) self.assertEqual(result, text_('result')) -class TestIntegration(unittest.TestCase): +class TestIntegration(maybe_unittest()): def setUp(self): import pyramid.mako_templating self.config = testing.setUp() @@ -501,7 +514,7 @@ class TestIntegration(unittest.TestCase): {'name':'<b>fred</b>'}).replace('\r','') self.assertEqual(result, text_('Hello, <b>fred</b>!\n')) -class TestPkgResourceTemplateLookup(unittest.TestCase): +class TestPkgResourceTemplateLookup(maybe_unittest()): def _makeOne(self, **kw): from pyramid.mako_templating import PkgResourceTemplateLookup return PkgResourceTemplateLookup(**kw) diff --git a/pyramid/tests/test_scripts/test_prequest.py b/pyramid/tests/test_scripts/test_prequest.py index 91d2b322a..64a7c3045 100644 --- a/pyramid/tests/test_scripts/test_prequest.py +++ b/pyramid/tests/test_scripts/test_prequest.py @@ -114,6 +114,32 @@ class TestPRequestCommand(unittest.TestCase): self.assertEqual(self._app_name, None) self.assertEqual(self._out, ['abc']) + def test_command_method_put(self): + from pyramid.compat import NativeIO + command = self._makeOne(['', '--method=PUT', 'development.ini', '/']) + stdin = NativeIO() + command.stdin = stdin + command.run() + self.assertEqual(self._environ['CONTENT_LENGTH'], '-1') + self.assertEqual(self._environ['wsgi.input'], stdin) + self.assertEqual(self._path_info, '/') + self.assertEqual(self._spec, 'development.ini') + self.assertEqual(self._app_name, None) + self.assertEqual(self._out, ['abc']) + + def test_command_method_patch(self): + from pyramid.compat import NativeIO + command = self._makeOne(['', '--method=PATCH', 'development.ini', '/']) + stdin = NativeIO() + command.stdin = stdin + command.run() + self.assertEqual(self._environ['CONTENT_LENGTH'], '-1') + self.assertEqual(self._environ['wsgi.input'], stdin) + self.assertEqual(self._path_info, '/') + self.assertEqual(self._spec, 'development.ini') + self.assertEqual(self._app_name, None) + self.assertEqual(self._out, ['abc']) + def test_command_with_query_string(self): command = self._makeOne(['', 'development.ini', '/abc?a=1&b=2&c']) command.run() diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index b3e0e20c4..35e2b5c27 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -356,20 +356,29 @@ class Test_signed_deserialize(unittest.TestCase): self.assertRaises(ValueError, self._callFUT, serialized, 'secret') class Test_check_csrf_token(unittest.TestCase): - def _callFUT(self, request, token, raises=True): + def _callFUT(self, *args, **kwargs): from ..session import check_csrf_token - return check_csrf_token(request, token, raises=raises) + return check_csrf_token(*args, **kwargs) - def test_success(self): + def test_success_token(self): request = testing.DummyRequest() request.params['csrf_token'] = request.session.get_csrf_token() - self.assertEqual(self._callFUT(request, 'csrf_token'), True) + self.assertEqual(self._callFUT(request, token='csrf_token'), True) + + def test_success_header(self): + request = testing.DummyRequest() + request.headers['X-CSRF-Token'] = request.session.get_csrf_token() + self.assertEqual(self._callFUT(request, header='X-CSRF-Token'), True) def test_success_default_token(self): - from ..session import check_csrf_token request = testing.DummyRequest() request.params['csrf_token'] = request.session.get_csrf_token() - self.assertEqual(check_csrf_token(request), True) + self.assertEqual(self._callFUT(request), True) + + def test_success_default_header(self): + request = testing.DummyRequest() + request.headers['X-CSRF-Token'] = request.session.get_csrf_token() + self.assertEqual(self._callFUT(request), True) def test_failure_raises(self): from pyramid.httpexceptions import HTTPBadRequest diff --git a/pyramid/tests/test_testing.py b/pyramid/tests/test_testing.py index 7f14462a2..da57c6301 100644 --- a/pyramid/tests/test_testing.py +++ b/pyramid/tests/test_testing.py @@ -114,6 +114,10 @@ class TestDummyResource(unittest.TestCase): resource = self._makeOne() self.assertEqual(resource.__nonzero__(), True) + def test_bool(self): + resource = self._makeOne() + self.assertEqual(resource.__bool__(), True) + def test_ctor_with__provides__(self): resource = self._makeOne(__provides__=IDummy) self.assertTrue(IDummy.providedBy(resource)) |