cherrypy-foundation 1.0.0__py3-none-any.whl → 1.0.0a1__py3-none-any.whl

cherrypy_foundation/tools/tests/test_secure_headers.py

@@ -1,200 +0,0 @@
-# Cherrypy-foundation
-# Copyright (C) 2026 IKUS Software
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-import cherrypy
-from cherrypy.test import helper
-
-from cherrypy_foundation.tools import secure_headers  # noqa
-
-
-@cherrypy.tools.secure_headers(
-    csp={
-        "default-src": "'self'",
-        "style-src": ("'self'", "'unsafe-inline'"),
-        "script-src": ("'self'", "'unsafe-inline'"),
-        "img-src": ("'self'", "data:"),
-    }
-)
-@cherrypy.tools.proxy(local=None, remote='X-Real-IP')
-class Root:
-
-    @cherrypy.expose
-    @cherrypy.tools.sessions(locking='explicit')
-    def index(self):
-        return {'var1': 'test-jinja2'}
-
-    @cherrypy.expose
-    @cherrypy.tools.sessions(locking='explicit')
-    def logout(self, **kwargs):
-        raise cherrypy.HTTPRedirect('/')
-
-    @cherrypy.expose
-    @cherrypy.tools.secure_headers(on=False)
-    @cherrypy.tools.sessions(on=False)
-    def static(self, value=None):
-        return 'OK'
-
-
-class SecureHeaderTest(helper.CPWebCase):
-    interactive = False
-
-    @classmethod
-    def setup_server(cls):
-        cherrypy.tree.mount(Root(), '/')
-
-    def test_cookie_samesite_lax(self):
-        # Given a request made to rdiffweb
-        # When receiving the response
-        self.getPage('/')
-        # Then the header contains Set-Cookie with SameSite=Lax
-        cookie = self.assertHeader('Set-Cookie')
-        self.assertIn('SameSite=Lax', cookie)
-
-    def test_cookie_samesite_lax_without_session(self):
-        # Given not a client sending no cookie
-        self.cookies = None
-        # When a query is made to a static path (without session)
-        self.getPage('/static/blue.css')
-        # Then Set-Cookie is not defined.
-        self.assertNoHeader('Set-Cookie')
-
-    def test_cookie_with_https(self):
-        # Given an https request made to rdiffweb
-        self.getPage('/', headers=[('X-Forwarded-Proto', 'https')])
-        # When receiving the response
-        self.assertStatus(200)
-        # Then the header contains Set-Cookie with Secure
-        cookie = self.assertHeader('Set-Cookie')
-        self.assertIn('Secure', cookie)
-
-    def test_cookie_with_http(self):
-        # Given an https request made to rdiffweb
-        self.getPage('/')
-        # When receiving the response
-        # Then the header contains Set-Cookie with Secure
-        cookie = self.assertHeader('Set-Cookie')
-        self.assertNotIn('Secure', cookie)
-
-    def test_get_with_wrong_origin(self):
-        # Given a GET request made to rdiffweb
-        # When the request is made using a different origin
-        self.getPage('/', headers=[('Origin', 'http://www.examples.com')])
-        # Then the response status it 200 OK.
-        self.assertStatus(200)
-
-    def test_post_with_wrong_origin(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made using a different origin
-        self.getPage('/logout', headers=[('Origin', 'http://www.examples.com')], method='POST')
-        # Then the request is refused with 403 Forbiden
-        self.assertStatus(403)
-        self.assertInBody('Unexpected Origin header')
-
-    def test_post_with_prefixed_origin(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made using a different origin
-        base = 'http://%s:%s' % (self.HOST + 'anything.com', self.PORT)
-        self.getPage('/logout', headers=[('Origin', base)], method='POST')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(403)
-        self.assertInBody('Unexpected Origin header')
-
-    def test_post_with_valid_origin(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made using a different origin
-        base = 'http://%s:%s' % (self.HOST, self.PORT)
-        self.getPage('/logout', headers=[('Origin', base)], method='POST')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(303)
-
-    def test_post_without_origin(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/logout', method='POST')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(303)
-
-    def test_clickjacking_defense(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('X-Frame-Options', 'DENY')
-
-    def test_no_cache(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('Cache-control', 'no-cache')
-        self.assertHeaderItemValue('Cache-control', 'no-store')
-        self.assertHeaderItemValue('Cache-control', 'must-revalidate')
-        self.assertHeaderItemValue('Cache-control', 'max-age=0')
-        self.assertHeaderItemValue('Pragma', 'no-cache')
-        self.assertHeaderItemValue('Expires', '0')
-
-    def test_no_cache_with_static(self):
-        self.getPage('/static')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertNoHeader('Cache-control')
-        self.assertNoHeader('Pragma')
-        self.assertNoHeader('Expires')
-
-    def test_referrer_policy(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('Referrer-Policy', 'same-origin')
-
-    def test_nosniff(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('X-Content-Type-Options', 'nosniff')
-
-    def test_xss_protection(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('X-XSS-Protection', '1; mode=block')
-
-    def test_content_security_policy(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/')
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue(
-            'Content-Security-Policy',
-            "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:",
-        )
-
-    def test_strict_transport_security(self):
-        # Given a POST request made to rdiffweb
-        # When the request is made without an origin
-        self.getPage('/', headers=[('X-Forwarded-Proto', 'https')])
-        # Then the request is accepted with 200 OK
-        self.assertStatus(200)
-        self.assertHeaderItemValue('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')

cherrypy_foundation-1.0.0.dist-info/METADATA

@@ -1,71 +0,0 @@
-Metadata-Version: 2.4
-Name: cherrypy-foundation
-Version: 1.0.0
-Summary: Cherrypy-foundation
-Author-email: Patrik Dufresne <patrik@ikus-soft.com>
-License: GPLv3
-Project-URL: Homepage, https://gitlab.com/ikus-soft/cherrypy-foundation
-Classifier: Development Status :: 4 - Beta
-Classifier: Framework :: CherryPy
-Classifier: Intended Audience :: System Administrators
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3.13
-Requires-Python: <4,>=3.11
-Description-Content-Type: text/markdown
-License-File: LICENSE.md
-Requires-Dist: babel
-Requires-Dist: CherryPy
-Requires-Dist: Jinja2
-Requires-Dist: jinjax
-Requires-Dist: pytz
-Requires-Dist: WTForms>=3.2.1
-Provides-Extra: test
-Requires-Dist: apscheduler; extra == "test"
-Requires-Dist: argon2-cffi; extra == "test"
-Requires-Dist: ldap3; extra == "test"
-Requires-Dist: parameterized; extra == "test"
-Requires-Dist: pytest; extra == "test"
-Requires-Dist: requests_oauthlib; extra == "test"
-Requires-Dist: selenium; extra == "test"
-Requires-Dist: sqlalchemy; extra == "test"
-Provides-Extra: ldap
-Requires-Dist: ldap3; extra == "ldap"
-Provides-Extra: oauth
-Requires-Dist: requests_oauthlib; extra == "oauth"
-Provides-Extra: passwd
-Requires-Dist: argon2-cffi; extra == "passwd"
-Provides-Extra: scheduler
-Requires-Dist: apscheduler; extra == "scheduler"
-Dynamic: license-file
-
-# Cherrypy-foundation
-
-<p align="center">
-<a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-GPL--3.0-orange"></a>
-<a href="https://gitlab.com/ikus-soft/cherrypy-foundation/pipelines"><img alt="Build" src="https://gitlab.com/ikus-soft/cherrypy-foundation/badges/master/pipeline.svg"></a>
-<a href="https://sonar.ikus-soft.com/dashboard?id=cherrypy-foundation"><img alt="Quality Gate" src="https://sonar.ikus-soft.com/api/project_badges/measure?project=cherrypy-foundation&metric=alert_status"></a>
-<a href="https://sonar.ikus-soft.com/dashboard?id=cherrypy-foundation"><img alt="Coverage" src="https://sonar.ikus-soft.com/api/project_badges/measure?project=cherrypy-foundation&metric=coverage"></a>
-</p>
-
-Cherrypy-foundation is a comprehensive toolkit that accelerates web application development with CherryPy. It provides a curated collection of utilities and integrations that handle common web development tasks, allowing you to focus on building your application's unique features.
-
-## What's Included
-
-- **Database Integration**: Seamless SQLAlchemy integration for database operations
-- **Template Engine**: Jinja2 and JinjaX support for flexible, component-based templating
-- **Form Handling**: Enhanced WTForms integration with automatic validation and Bootstrap rendering
-- **URL Management**: Flexible URL generation with `url_for` utility
-- **Error Handling**: Smart error pages that adapt to response content type (HTML, JSON, plain text)
-- **UI Components**: Bootstrap-ready components for rapid interface development
-
-## Who Is This For?
-
-Cherrypy-foundation is designed for developers who:
-
-- Want to build modern web applications with CherryPy without reinventing the wheel
-- Need a lightweight alternative to full-stack frameworks while maintaining flexibility
-- Prefer convention over configuration but value customization options
-- Want battle-tested components that integrate seamlessly with CherryPy's architecture
-
-This documentation will guide you through all available features, from basic utilities to advanced integrations, with practical examples to help you get started quickly.