diff --git a/tests/test_middleware.py b/tests/test_middleware.py index c22a00c9..a10700d2 100644 --- a/tests/test_middleware.py +++ b/tests/test_middleware.py @@ -199,11 +199,11 @@ def test_options_empty_request_method(self): HTTP_ORIGIN="https://example.com", HTTP_ACCESS_CONTROL_REQUEST_METHOD="", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK def test_options_no_headers(self): resp = self.client.options("/") - assert resp.status_code == 404 + assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED @override_settings(CORS_ALLOW_CREDENTIALS=True, CORS_ALLOW_ALL_ORIGINS=True) def test_allow_all_origins_get(self): @@ -212,7 +212,7 @@ def test_allow_all_origins_get(self): HTTP_ORIGIN="https://example.com", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.com" assert resp["vary"] == "origin" @@ -223,7 +223,7 @@ def test_allow_all_origins_options(self): HTTP_ORIGIN="https://example.com", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.com" assert resp["vary"] == "origin" @@ -237,8 +237,8 @@ def test_non_200_headers_still_set(self): place to preserve this behaviour. See `ExceptionMiddleware` mention here: https://docs.djangoproject.com/en/3.0/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware # noqa: E501 """ - resp = self.client.get("/test-401/", HTTP_ORIGIN="https://example.com") - assert resp.status_code == 401 + resp = self.client.get("/unauthorized/", HTTP_ORIGIN="https://example.com") + assert resp.status_code == HTTPStatus.UNAUTHORIZED assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.com" @override_settings(CORS_ALLOW_CREDENTIALS=True, CORS_ALLOW_ALL_ORIGINS=True) @@ -252,7 +252,7 @@ def test_auth_view_options(self): HTTP_ORIGIN="https://example.com", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.com" assert resp["Content-Length"] == "0" @@ -267,7 +267,7 @@ def handler(*args, **kwargs): HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp def test_signal_handler_that_returns_true(self): @@ -280,7 +280,7 @@ def handler(*args, **kwargs): HTTP_ORIGIN="https://example.com", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.com" @override_settings(CORS_ALLOWED_ORIGINS=["https://example.com"]) @@ -294,7 +294,7 @@ def allow_api_to_all(sender, request, **kwargs): HTTP_ORIGIN="https://example.org", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp resp = self.client.options( @@ -302,7 +302,7 @@ def allow_api_to_all(sender, request, **kwargs): HTTP_ORIGIN="https://example.org", HTTP_ACCESS_CONTROL_REQUEST_METHOD="GET", ) - assert resp.status_code == 200 + assert resp.status_code == HTTPStatus.OK assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == "https://example.org" @override_settings(CORS_ALLOWED_ORIGINS=["https://example.com"]) @@ -379,5 +379,5 @@ def test_works_if_view_deletes_cors_enabled(self): Just in case something crazy happens in the view or other middleware, check that get_response doesn't fall over if `_cors_enabled` is removed """ - resp = self.client.get("/delete-is-enabled/", HTTP_ORIGIN="https://example.com") + resp = self.client.get("/delete-enabled/", HTTP_ORIGIN="https://example.com") assert ACCESS_CONTROL_ALLOW_ORIGIN in resp diff --git a/tests/urls.py b/tests/urls.py index 74fe6dda..a790fb1d 100644 --- a/tests/urls.py +++ b/tests/urls.py @@ -1,33 +1,12 @@ from __future__ import annotations -from django.http import Http404 -from django.http import HttpResponse from django.urls import path - -def test_view(request): - if request.method != "GET": - raise Http404() - return HttpResponse("Test view") - - -async def async_(request): - return HttpResponse("Test view") - - -def test_view_http401(request): - return HttpResponse("Unauthorized", status=401) - - -def test_view_that_deletes_is_enabled(request): - del request._cors_enabled - return HttpResponse() - +from tests import views urlpatterns = [ - path("", test_view), - path("foo/", test_view), - path("async/", async_), - path("test-401/", test_view_http401), - path("delete-is-enabled/", test_view_that_deletes_is_enabled), + path("", views.index), + path("async/", views.async_), + path("unauthorized/", views.unauthorized), + path("delete-enabled/", views.delete_enabled_attribute), ] diff --git a/tests/views.py b/tests/views.py new file mode 100644 index 00000000..06e257a5 --- /dev/null +++ b/tests/views.py @@ -0,0 +1,24 @@ +from __future__ import annotations + +from http import HTTPStatus + +from django.http import HttpResponse +from django.views.decorators.http import require_GET + + +@require_GET +def index(request): + return HttpResponse("Index") + + +async def async_(request): + return HttpResponse("Asynchronous") + + +def unauthorized(request): + return HttpResponse("Unauthorized", status=HTTPStatus.UNAUTHORIZED) + + +def delete_enabled_attribute(request): + del request._cors_enabled + return HttpResponse()