Skip to content

Validators

Two RequestValidator subclasses that hook into viur-core's Router.requestValidators chain. You rarely instantiate them yourself — activate() installs TokenValidator, protect() installs ProductionGuardValidator.

TokenValidator

TokenValidator

Bases: RequestValidator

Reject every request that does not carry a matching test-token cookie.

Source code in src/viur/testing/validator.py 
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
class TokenValidator(RequestValidator):
    """Reject every request that does not carry a matching test-token cookie."""

    name = "TokenValidator"

    @staticmethod
    def validate(request: "BrowseHandler") -> tuple[int, str, str] | None:
        from .constants import BOOTSTRAP_ACTIONS, TOKEN_COOKIE  # noqa: PLC0415
        from ._test.config import ConfigModule  # noqa: PLC0415

        if not ConfigModule.is_active():
            # Shouldn't happen — activate() registers this validator and
            # primes state in lockstep — but if it does, fail closed.
            return 403, "Forbidden", "viur-test: server is not in test mode"

        path = getattr(request.request, "path", None)
        if _is_bootstrap_path(path, BOOTSTRAP_ACTIONS):
            return None

        active_token = ConfigModule.current_token()
        if active_token is None:
            return (
                403,
                "Forbidden",
                "viur-test: no session token issued yet — call /_test/config/status first",
            )

        cookies = getattr(request.request, "cookies", None) or {}
        provided = cookies.get(TOKEN_COOKIE)
        if not provided:
            return 403, "Forbidden", f"viur-test: missing {TOKEN_COOKIE} cookie"

        if not hmac.compare_digest(provided, active_token):
            return 403, "Forbidden", f"viur-test: invalid {TOKEN_COOKIE} cookie"

        return None

ProductionGuardValidator

ProductionGuardValidator

Bases: RequestValidator

Reject any request that carries the test-token cookie outside dev.

Defense in depth: the full :class:TokenValidator is only installed inside :func:viur.testing.activate, which itself refuses to run outside a local dev server. A cloud deployment therefore normally has no e2e validator at all — which means the viur-test-token cookie would be ignored rather than rejected.

This validator closes that gap. The host installs it explicitly via :func:viur.testing.protect in every environment. In a dev process it is effectively a no-op (the full :class:TokenValidator owns the cookie logic). In a cloud process it raises 403 the moment the test-token cookie shows up at all, regardless of its value.

Source code in src/viur/testing/validator.py 
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
class ProductionGuardValidator(RequestValidator):
    """Reject any request that carries the test-token cookie outside dev.

    Defense in depth: the full :class:`TokenValidator` is only installed
    inside :func:`viur.testing.activate`, which itself refuses to run outside
    a local dev server. A cloud deployment therefore normally has *no*
    e2e validator at all — which means the ``viur-test-token`` cookie
    would be ignored rather than rejected.

    This validator closes that gap. The host installs it explicitly via
    :func:`viur.testing.protect` in **every** environment. In a dev process
    it is effectively a no-op (the full :class:`TokenValidator` owns the
    cookie logic). In a cloud process it raises 403 the moment the
    test-token cookie shows up at all, regardless of its value.
    """

    name = "ProductionGuardValidator"

    @staticmethod
    def validate(request: "BrowseHandler") -> tuple[int, str, str] | None:
        from viur.core.config import conf  # noqa: PLC0415
        from .constants import TOKEN_COOKIE  # noqa: PLC0415

        cookies = getattr(request.request, "cookies", None) or {}
        if not cookies.get(TOKEN_COOKIE):
            return None  # no test-token cookie — nothing to guard against

        if getattr(conf.instance, "is_dev_server", False):
            return None  # in dev the TokenValidator owns this cookie

        return (
            403,
            "Forbidden",
            f"viur-test: {TOKEN_COOKIE} cookie is not accepted on this server",
        )