Merge pull request #140 from whyscream/permission-denied

Changed exception for invalid session ids, add test for the correct response.
django-oscar · Nov 19, 2018 · cfeb0c3 · cfeb0c3
2 parents 3553d5a + cf590bb
commit cfeb0c3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/oscarapi/middleware.py b/oscarapi/middleware.py
@@ -84,7 +84,7 @@ def process_request(self, request):
                 if parsed_session_uri is not None:
                     domain = get_domain(request)
                     if parsed_session_uri['realm'] != domain:
-                        raise exceptions.NotAcceptable(
+                        raise exceptions.PermissionDenied(
                             _('Can not accept cookie with realm %s on realm %s') % (
                                 parsed_session_uri['realm'],
                                 domain

diff --git a/oscarapi/tests/testmiddleware.py b/oscarapi/tests/testmiddleware.py
@@ -2,7 +2,7 @@
 from django.urls import reverse
 from django.test import RequestFactory, TestCase
 
-from oscarapi.middleware import ApiGatewayMiddleWare, parse_session_id
+from oscarapi.middleware import ApiGatewayMiddleWare, HeaderSessionMiddleware, parse_session_id
 from oscarapi.models import ApiKey
 
 
@@ -82,3 +82,19 @@ def test_parse_session_id(self):
 
         dummy_request.META['HTTP_SESSION_ID'] = 'SID:ANON:987171879'
         self.assertIsNone(parse_session_id(dummy_request))
+
+
+class HeaderSessionMiddlewareTest(TestCase):
+    rf = RequestFactory()
+
+    def test_process_request(self):
+        basket_url = reverse('api-basket')
+
+        # invalid cookie realm
+        request = self.rf.get(basket_url, HTTP_SESSION_ID='SID:ANON:example.com:987171879')
+        response = HeaderSessionMiddleware().process_request(request)
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(
+            response.content, 
+            b'{"reason": "Can not accept cookie with realm example.com on realm testserver"}'
+        )