refactor: ran pyugprade on openedx/core/djangoapps/cors_csrf (#26844)
This commit is contained in:
Usama Sadiq
@@ -27,7 +27,7 @@ class SessionAuthenticationCrossDomainCsrf(authentication.SessionAuthentication)
|
||||
"""
|
||||
def _process_enforce_csrf(self, request):
|
||||
CsrfViewMiddleware().process_request(request)
|
||||
return super(SessionAuthenticationCrossDomainCsrf, self).enforce_csrf(request) # lint-amnesty, pylint: disable=super-with-arguments
|
||||
return super().enforce_csrf(request)
|
||||
|
||||
def enforce_csrf(self, request):
|
||||
"""
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
import contextlib
|
||||
import logging
|
||||
import six.moves.urllib.parse # pylint: disable=import-error
|
||||
import urllib.parse
|
||||
|
||||
from django.conf import settings
|
||||
|
||||
@@ -26,7 +26,7 @@ def is_cross_domain_request_allowed(request):
|
||||
|
||||
"""
|
||||
referer = request.META.get('HTTP_REFERER')
|
||||
referer_parts = six.moves.urllib.parse.urlparse(referer) if referer else None
|
||||
referer_parts = urllib.parse.urlparse(referer) if referer else None
|
||||
referer_hostname = referer_parts.hostname if referer_parts is not None else None
|
||||
|
||||
# Use CORS_ALLOW_INSECURE *only* for development and testing environments;
|
||||
@@ -34,18 +34,18 @@ def is_cross_domain_request_allowed(request):
|
||||
if not getattr(settings, 'CORS_ALLOW_INSECURE', False):
|
||||
if not request.is_secure():
|
||||
log.debug(
|
||||
u"Request is not secure, so we cannot send the CSRF token. "
|
||||
u"For testing purposes, you can disable this check by setting "
|
||||
u"`CORS_ALLOW_INSECURE` to True in the settings"
|
||||
"Request is not secure, so we cannot send the CSRF token. "
|
||||
"For testing purposes, you can disable this check by setting "
|
||||
"`CORS_ALLOW_INSECURE` to True in the settings"
|
||||
)
|
||||
return False
|
||||
|
||||
if not referer:
|
||||
log.debug(u"No referer provided over a secure connection, so we cannot check the protocol.")
|
||||
log.debug("No referer provided over a secure connection, so we cannot check the protocol.")
|
||||
return False
|
||||
|
||||
if not referer_parts.scheme == 'https':
|
||||
log.debug(u"Referer '%s' must have the scheme 'https'")
|
||||
log.debug("Referer '%s' must have the scheme 'https'")
|
||||
return False
|
||||
|
||||
domain_is_whitelisted = (
|
||||
@@ -56,20 +56,20 @@ def is_cross_domain_request_allowed(request):
|
||||
if referer_hostname is None:
|
||||
# If no referer is specified, we can't check if it's a cross-domain
|
||||
# request or not.
|
||||
log.debug(u"Referrer hostname is `None`, so it is not on the whitelist.")
|
||||
log.debug("Referrer hostname is `None`, so it is not on the whitelist.")
|
||||
elif referer_hostname != request.get_host():
|
||||
log.info(
|
||||
(
|
||||
u"Domain '%s' is not on the cross domain whitelist. "
|
||||
u"Add the domain to `CORS_ORIGIN_WHITELIST` or set "
|
||||
u"`CORS_ORIGIN_ALLOW_ALL` to True in the settings."
|
||||
"Domain '%s' is not on the cross domain whitelist. "
|
||||
"Add the domain to `CORS_ORIGIN_WHITELIST` or set "
|
||||
"`CORS_ORIGIN_ALLOW_ALL` to True in the settings."
|
||||
), referer_hostname
|
||||
)
|
||||
else:
|
||||
log.debug(
|
||||
(
|
||||
u"Domain '%s' is the same as the hostname in the request, "
|
||||
u"so we are not going to treat it as a cross-domain request."
|
||||
"Domain '%s' is the same as the hostname in the request, "
|
||||
"so we are not going to treat it as a cross-domain request."
|
||||
), referer_hostname
|
||||
)
|
||||
return False
|
||||
|
||||
@@ -65,7 +65,7 @@ class CorsCSRFMiddleware(CsrfViewMiddleware, MiddlewareMixin):
|
||||
"""Disable the middleware if the feature flag is disabled. """
|
||||
if not settings.FEATURES.get('ENABLE_CORS_HEADERS'):
|
||||
raise MiddlewareNotUsed()
|
||||
super(CorsCSRFMiddleware, self).__init__(*args, **kwargs) # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
def process_view(self, request, callback, callback_args, callback_kwargs):
|
||||
"""Skip the usual CSRF referer check if this is an allowed cross-domain request. """
|
||||
@@ -74,7 +74,7 @@ class CorsCSRFMiddleware(CsrfViewMiddleware, MiddlewareMixin):
|
||||
return
|
||||
|
||||
with skip_cross_domain_referer_check(request):
|
||||
return super(CorsCSRFMiddleware, self).process_view(request, callback, callback_args, callback_kwargs) # lint-amnesty, pylint: disable=super-with-arguments
|
||||
return super().process_view(request, callback, callback_args, callback_kwargs)
|
||||
|
||||
|
||||
class CsrfCrossDomainCookieMiddleware(MiddlewareMixin):
|
||||
@@ -110,7 +110,7 @@ class CsrfCrossDomainCookieMiddleware(MiddlewareMixin):
|
||||
"You must set `CROSS_DOMAIN_CSRF_COOKIE_DOMAIN` when "
|
||||
"`FEATURES['ENABLE_CROSS_DOMAIN_CSRF_COOKIE']` is True."
|
||||
)
|
||||
super(CsrfCrossDomainCookieMiddleware, self).__init__(*args, **kwargs) # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
def process_response(self, request, response):
|
||||
"""Set the cross-domain CSRF cookie. """
|
||||
@@ -144,7 +144,7 @@ class CsrfCrossDomainCookieMiddleware(MiddlewareMixin):
|
||||
secure=True
|
||||
)
|
||||
log.debug(
|
||||
u"Set cross-domain CSRF cookie '%s' for domain '%s'",
|
||||
"Set cross-domain CSRF cookie '%s' for domain '%s'",
|
||||
settings.CROSS_DOMAIN_CSRF_COOKIE_NAME,
|
||||
settings.CROSS_DOMAIN_CSRF_COOKIE_DOMAIN
|
||||
)
|
||||
|
||||
@@ -1,6 +1,3 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
from django.conf import settings
|
||||
|
||||
@@ -19,7 +19,7 @@ class XDomainProxyConfiguration(ConfigurationModel):
|
||||
|
||||
whitelist = models.fields.TextField(
|
||||
help_text=_(
|
||||
u"List of domains that are allowed to make cross-domain "
|
||||
"List of domains that are allowed to make cross-domain "
|
||||
"requests to this site. Please list each domain on its own line."
|
||||
)
|
||||
)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
"""Tests for the CORS CSRF version of Django Rest Framework's SessionAuthentication."""
|
||||
|
||||
|
||||
from mock import patch
|
||||
from unittest.mock import patch
|
||||
|
||||
from django.middleware.csrf import get_token
|
||||
from django.test import TestCase
|
||||
@@ -15,7 +15,7 @@ from ..authentication import SessionAuthenticationCrossDomainCsrf
|
||||
|
||||
|
||||
# A class to pass into django.middleware.csrf.get_token() so we can easily get a valid CSRF token to use.
|
||||
class FakeRequest(object):
|
||||
class FakeRequest:
|
||||
META = {}
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ class CrossDomainAuthTest(TestCase):
|
||||
REFERER = "https://www.edx.org"
|
||||
|
||||
def setUp(self):
|
||||
super(CrossDomainAuthTest, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().setUp()
|
||||
self.auth = SessionAuthenticationCrossDomainCsrf()
|
||||
self.csrf_token = get_token(FakeRequest())
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
|
||||
import json
|
||||
import mock
|
||||
from unittest import mock
|
||||
from django.http import HttpResponse
|
||||
from django.test import TestCase
|
||||
|
||||
|
||||
@@ -3,9 +3,8 @@ Tests for the CORS CSRF middleware
|
||||
"""
|
||||
|
||||
|
||||
from mock import patch, Mock
|
||||
from unittest.mock import patch, Mock
|
||||
import ddt
|
||||
import six
|
||||
import pytest
|
||||
from django.test import TestCase
|
||||
from django.test.utils import override_settings
|
||||
@@ -34,7 +33,7 @@ class TestCorsMiddlewareProcessRequest(TestCase):
|
||||
|
||||
@override_settings(FEATURES={'ENABLE_CORS_HEADERS': True})
|
||||
def setUp(self):
|
||||
super(TestCorsMiddlewareProcessRequest, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().setUp()
|
||||
self.middleware = CorsCSRFMiddleware()
|
||||
|
||||
def check_not_enabled(self, request):
|
||||
@@ -114,7 +113,7 @@ class TestCsrfCrossDomainCookieMiddleware(TestCase):
|
||||
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN=COOKIE_DOMAIN
|
||||
)
|
||||
def setUp(self):
|
||||
super(TestCsrfCrossDomainCookieMiddleware, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().setUp()
|
||||
self.middleware = CsrfCrossDomainCookieMiddleware()
|
||||
|
||||
@override_settings(FEATURES={'ENABLE_CROSS_DOMAIN_CSRF_COOKIE': False})
|
||||
@@ -263,9 +262,9 @@ class TestCsrfCrossDomainCookieMiddleware(TestCase):
|
||||
"""Check that the cross-domain CSRF cookie was sent. """
|
||||
if is_set:
|
||||
assert self.COOKIE_NAME in response.cookies
|
||||
cookie_header = six.text_type(response.cookies[self.COOKIE_NAME])
|
||||
cookie_header = str(response.cookies[self.COOKIE_NAME])
|
||||
# lint-amnesty, pylint: disable=bad-option-value, unicode-format-string
|
||||
expected = six.u('Set-Cookie: {name}={value}; Domain={domain};').format(
|
||||
expected = 'Set-Cookie: {name}={value}; Domain={domain};'.format(
|
||||
name=self.COOKIE_NAME,
|
||||
value=self.COOKIE_VALUE,
|
||||
domain=self.COOKIE_DOMAIN
|
||||
|
||||
@@ -23,7 +23,7 @@ class XDomainProxyTest(TestCase):
|
||||
|
||||
def setUp(self):
|
||||
"""Clear model-based config cache. """
|
||||
super(XDomainProxyTest, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
|
||||
super().setUp()
|
||||
try:
|
||||
self.url = reverse('xdomain_proxy')
|
||||
except NoReverseMatch:
|
||||
|
||||
@@ -61,9 +61,9 @@ def xdomain_proxy(request): # pylint: disable=unused-argument
|
||||
|
||||
if not allowed_domains:
|
||||
log.warning(
|
||||
u"No whitelist configured for cross-domain proxy. "
|
||||
u"You can configure the whitelist in Django Admin "
|
||||
u"using the XDomainProxyConfiguration model."
|
||||
"No whitelist configured for cross-domain proxy. "
|
||||
"You can configure the whitelist in Django Admin "
|
||||
"using the XDomainProxyConfiguration model."
|
||||
)
|
||||
return HttpResponseNotFound()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user