APPRISE_CONFIG_LOCK switch added for extra security (#57)

2025-08-17 01:50:57 +02:00 · 2021-11-06 17:21:41 -04:00
parent e65b80cb11
commit 2fcc5f43a9
11 changed files with 686 additions and 307 deletions
--- a/apprise_api/api/tests/test_json_urls.py
+++ b/apprise_api/api/tests/test_json_urls.py
@ -23,6 +23,7 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 from django.test import SimpleTestCase
+from django.test.utils import override_settings
 from unittest.mock import patch


@ -110,6 +111,23 @@ class JsonUrlsTests(SimpleTestCase):
        assert 'tags' in response.json()['urls'][0]
        assert len(response.json()['urls'][0]['tags']) == 0

+        # We can see that th URLs are not the same when the privacy flag is set
+        without_privacy = \
+            self.client.get('/json/urls/{}?privacy=1'.format(key))
+        with_privacy = self.client.get('/json/urls/{}'.format(key))
+        assert with_privacy.json()['urls'][0] != \
+            without_privacy.json()['urls'][0]
+
+        with override_settings(APPRISE_CONFIG_LOCK=True):
+            # When our configuration lock is set, our result set enforces the
+            # privacy flag even if it was otherwise set:
+            with_privacy = \
+                self.client.get('/json/urls/{}?privacy=1'.format(key))
+
+            # But now they're the same under this new condition
+            assert with_privacy.json()['urls'][0] == \
+                without_privacy.json()['urls'][0]
+
        # Add a YAML file
        response = self.client.post(
            '/add/{}'.format(key), {