From 9a2f7c31120fceb603cb7fed44003bfb4e61090f Mon Sep 17 00:00:00 2001 From: Michael Krotscheck Date: Wed, 28 Oct 2015 14:11:49 -0700 Subject: [PATCH] Added unit tests for CORS middleware A simple set of sanity tests that assert that the CORS middleware is correctly triggered. Change-Id: I4c40d748caf404a152bcd2b60a6b9a4dbe2cff9b --- ironic/tests/unit/api/test_middleware.py | 91 ++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 ironic/tests/unit/api/test_middleware.py diff --git a/ironic/tests/unit/api/test_middleware.py b/ironic/tests/unit/api/test_middleware.py new file mode 100644 index 0000000000..5acd6b8063 --- /dev/null +++ b/ironic/tests/unit/api/test_middleware.py @@ -0,0 +1,91 @@ +# -*- encoding: utf-8 -*- +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +""" +Tests to assert that various incorporated middleware works as expected. +""" + +from oslo_config import cfg +import oslo_middleware.cors as cors_middleware + +from ironic.tests.unit.api import base + + +class TestCORSMiddleware(base.BaseApiTest): + '''Provide a basic smoke test to ensure CORS middleware is active. + + The tests below provide minimal confirmation that the CORS middleware + is active, and may be configured. For comprehensive tests, please consult + the test suite in oslo_middleware. + ''' + def setUp(self): + # Make sure the CORS options are registered + cfg.CONF.register_opts(cors_middleware.CORS_OPTS, 'cors') + + # Load up our valid domain values before the application is created. + cfg.CONF.set_override("allowed_origin", + "http://valid.example.com", + group='cors') + + # Create the application. + super(TestCORSMiddleware, self).setUp() + + def test_valid_cors_options_request(self): + response = self.app \ + .options('/', + headers={ + 'Origin': 'http://valid.example.com', + 'Access-Control-Request-Method': 'GET' + }) + + # Assert response status. + self.assertEqual(response.status, '200 OK') + self.assertIn('Access-Control-Allow-Origin', response.headers) + self.assertEqual('http://valid.example.com', + response.headers['Access-Control-Allow-Origin']) + + def test_invalid_cors_options_request(self): + response = self.app \ + .options('/', + headers={ + 'Origin': 'http://invalid.example.com', + 'Access-Control-Request-Method': 'GET' + }) + + # Assert response status. + self.assertEqual(response.status, '200 OK') + self.assertNotIn('Access-Control-Allow-Origin', response.headers) + + def test_valid_cors_get_request(self): + response = self.app \ + .get('/', + headers={ + 'Origin': 'http://valid.example.com' + }) + + # Assert response status. + self.assertEqual(response.status, '200 OK') + self.assertIn('Access-Control-Allow-Origin', response.headers) + self.assertEqual('http://valid.example.com', + response.headers['Access-Control-Allow-Origin']) + + def test_invalid_cors_get_request(self): + response = self.app \ + .get('/', + headers={ + 'Origin': 'http://invalid.example.com' + }) + + # Assert response status. + self.assertEqual(response.status, '200 OK') + self.assertNotIn('Access-Control-Allow-Origin', response.headers)