tests: fix csp header tests

seantis · Nov 13, 2024 · 411a9f6 · 411a9f6
1 parent 6a06cd7
commit 411a9f6
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/src/riskmatrix/subscribers.py b/src/riskmatrix/subscribers.py
@@ -50,12 +50,12 @@ def sentry_context(event: NewRequest) -> None:
         with configure_scope() as scope:
             scope.user = {'id': request.user.id}
 
-def request_none_generator(event: 'NewRequest') -> None:
+def request_nonce_generator(event: 'NewRequest') -> None:
     request = event.request
     request.set_property(lambda r: secrets.token_urlsafe(), 'csp_nonce', reify=True)
 
 
 def includeme(config: 'Configurator') -> None:
     config.add_subscriber(csp_header, NewResponse)
-    config.add_subscriber(request_none_generator, NewRequest)
+    config.add_subscriber(request_nonce_generator, NewRequest)
     config.add_subscriber(sentry_context, NewRequest)
diff --git a/tests/test_subscribers.py b/tests/test_subscribers.py
@@ -1,13 +1,14 @@
 from pyramid.events import NewRequest
 from pyramid.events import NewResponse
 
-from riskmatrix.subscribers import csp_header
+from riskmatrix.subscribers import csp_header, request_nonce_generator
 from riskmatrix.subscribers import sentry_context
 from riskmatrix.testing import DummyRequest
 
 
 def test_csp_header(config):
     request = DummyRequest()
+    request.csp_nonce = '123'
     response = request.response
     event = NewResponse(request, response)
     csp_header(event)
@@ -21,14 +22,15 @@ def test_csp_header(config):
         "frame-ancestors 'none'; "
         "img-src 'self' data: blob:; "
         "object-src 'self'; "
-        "script-src 'self' blob: resource:; "
+        "script-src 'self' 'nonce-123' blob: resource:; "
         "style-src 'self' 'unsafe-inline'"
     )
 
 
 def test_csp_header_sentry(config):
     config.registry.settings['sentry_dsn'] = 'https://aa:[email protected]/22'
     request = DummyRequest()
+    request.csp_nonce = '123'
     response = request.response
     event = NewResponse(request, response)
     csp_header(event)
@@ -42,13 +44,14 @@ def test_csp_header_sentry(config):
         "frame-ancestors 'none'; "
         "img-src 'self' data: blob:; "
         "object-src 'self'; "
-        "script-src 'self' blob: resource:; "
+        "script-src 'self' 'nonce-123' blob: resource:; "
         "style-src 'self' 'unsafe-inline'; "
         "report-uri https://sentry.io/api/22/security/?sentry_key=aa"
     )
 
     config.registry.settings['sentry_dsn'] = 'https://[email protected]/22'
     request = DummyRequest()
+    request.csp_nonce = '123'
     response = request.response
     event = NewResponse(request, response)
     csp_header(event)
@@ -62,7 +65,7 @@ def test_csp_header_sentry(config):
         "frame-ancestors 'none'; "
         "img-src 'self' data: blob:; "
         "object-src 'self'; "
-        "script-src 'self' blob: resource:; "
+        "script-src 'self' 'nonce-123' blob: resource:; "
         "style-src 'self' 'unsafe-inline'; "
         "report-uri https://sentry.io/api/22/security/?sentry_key=aa"
     )

diff --git a/tests/views/test_home.py b/tests/views/test_home.py
@@ -13,10 +13,10 @@ def test_home_view(config):
 
 
 def test_home_view_authenticated(config, user):
-    config.add_route('organization', '/organization')
+    config.add_route('risk_catalog', '/risk_catalog')
 
     request = DummyRequest()
     response = home_view(request)
     assert response.status_int == 302
-    expected_location = 'http://example.com/organization'
+    expected_location = 'http://example.com/risk_catalog'
     assert response.location == expected_location