~petersanchez/public-inbox

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH django-impersonate] Prevent redirect loop when MAX_DURATION is used - Refs #67

Details
Message ID
<89fffb32473e64276ca1.1674671086@oscars-mbp.lan>
DKIM signature
missing
Download raw message
Patch: +29 -1
# HG changeset patch
# User Oscar Cortez <om.cortez.2010@gmail.com>
# Date 1674671062 18000
#      Wed Jan 25 13:24:22 2023 -0500
# Node ID 89fffb32473e64276ca1a114bd2291a08e078227
# Parent  839574bf40f57622b92c34d588853645f31a9137
Prevent redirect loop when MAX_DURATION is used - Refs #67

diff --git a/impersonate/middleware.py b/impersonate/middleware.py
--- a/impersonate/middleware.py
+++ b/impersonate/middleware.py
@@ -2,7 +2,7 @@
from datetime import datetime, timedelta

from django.http import HttpResponseNotAllowed
from django.shortcuts import redirect
from django.shortcuts import redirect, reverse
from django.utils import timezone
from django.utils.deprecation import MiddlewareMixin
from django.utils.functional import SimpleLazyObject
@@ -26,6 +26,9 @@

        if '_impersonate' in request.session and request.user.is_authenticated:
            if settings.MAX_DURATION:
                if request.path == reverse('impersonate-stop'):
                    return

                if '_impersonate_start' not in request.session:
                    return

diff --git a/impersonate/tests.py b/impersonate/tests.py
--- a/impersonate/tests.py
+++ b/impersonate/tests.py
@@ -150,6 +150,31 @@
            _impersonate_start=datetime.now(timezone.utc).timestamp()
        )

    @override_settings(IMPERSONATE={'MAX_DURATION': 5, 'REDIRECT_URL': '/foo/'})
    def test_impersonate_timeout_not_redirect_loop(self):
        ''' Test to ensure that when MAX_DURATION is reached dont create a redirect loop.
            See Issue #67
        '''
        self._impersonated_request(
            _impersonate_start=datetime.now(timezone.utc).timestamp()
        )
        # new request to see if the redirect to stop
        request = self.factory.get('/')
        request.user = self.superuser
        past_time = datetime.now(timezone.utc) - timedelta(hours=1)
        request.session = {
            '_impersonate': self.user,
            '_impersonate_start': past_time.timestamp(),
        }
        request = self.middleware.process_request(request)
        # Check does the redirect to stop the impersonate
        self.assertEqual(request.status_code, 302)
        self.assertEqual(request.url, reverse('impersonate-stop'))
        # Check impersonate stop redirects to the REDIRECT_URL
        request = self.client.get(reverse('impersonate-stop'))
        self.assertEqual(request.status_code, 302)
        self.assertEqual(request.url, '/foo/')

    @override_settings(IMPERSONATE={'MAX_DURATION': 3600})
    def test_reject_without_start_time(self):
        ''' Test to ensure that requests without a start time
Details
Message ID
<20230125225656.e27s3k52sgwsxt2f@thinkpad>
In-Reply-To
<89fffb32473e64276ca1.1674671086@oscars-mbp.lan> (view parent)
DKIM signature
missing
Download raw message
Thanks! Applied.
Reply to thread Export thread (mbox)