Merged in [19925] from jennifer@painless-security.com:

Suppress origin template tag in production mode, show relative path only in other modes. - Legacy-Id: 19932 Note: SVN reference [19925] has been migrated to Git commit b4d07e11519d77523216bc8817058b0facd2bd41
2022-02-14 18:40:24 +00:00 · 2022-02-14 18:40:24 +00:00 · ecf768d544
parent ec4065ec57
commit ecf768d544
2 changed files with 63 additions and 8 deletions
--- a/ietf/utils/templatetags/origin.py
+++ b/ietf/utils/templatetags/origin.py
@ -1,5 +1,12 @@
 # Copyright The IETF Trust 2015-2022, All Rights Reserved
 # -*- coding: utf-8 -*-
 from pathlib import Path
 from django import template
 from django.conf import settings
 import debug                            # pyflakes:ignore
 from ietf.utils import log
 register = template.Library()
@ -9,19 +16,26 @@ class OriginNode(template.Node):
        # template file path if the template comes from a file:
        self.origin = origin
    def relative_path(self):
        origin_path = Path(str(self.origin))
        try:
            return origin_path.relative_to(settings.BASE_DIR)
        except ValueError:
            log.log(f'Rendering a template from outside the project root: {self.origin}')
            return '** path outside project root **'
    def render(self, context):
-        if self.origin:
+        if self.origin and settings.SERVER_MODE != 'production':
-            return "<!-- template: %s -->" % self.origin
+            return f'<!-- template: {self.relative_path()} -->'
        else:
            return ""
-@register.tag
+
-def origin(parser, token):
+@register.tag('origin')
-    """
+def origin_tag(parser, token):
-    Returns a node which renders the 
+    """Create a node indicating the path to the current template"""
    """
    if hasattr(token, "source"):
        origin, source = token.source
-        return OriginNode(origin=origin)
+        return OriginNode(origin)
    else:
        return OriginNode()
--- a/ietf/utils/templatetags/tests.py
+++ b/ietf/utils/templatetags/tests.py
@ -0,0 +1,41 @@
 # Copyright The IETF Trust 2022, All Rights Reserved
 # -*- coding: utf-8 -*-
 from django.template import Context, Origin, Template
 from django.test import override_settings
 from ietf.utils.test_utils import TestCase
 import debug  # pyflakes: ignore
@override_settings(BASE_DIR='/fake/base/')
 class OriginTests(TestCase):
    def test_origin_not_shown_in_production(self):
        template = Template(
            '{% load origin %}{% origin %}',
            origin=Origin('/fake/base/templates/my-template.html'),
        )
        with override_settings(SERVER_MODE='production'):
            self.assertEqual(template.render(Context()), '')
    def test_origin_shown_in_development_and_test(self):
        template = Template(
            '{% load origin %}{% origin %}',
            origin=Origin('/fake/base/templates/my-template.html'),
        )
        for mode in ['development', 'test']:
            with override_settings(SERVER_MODE=mode):
                output = template.render(Context())
                self.assertIn('templates/my-template.html', output)
                for component in ['fake', 'base']:
                    self.assertNotIn(component, output, 'Reported path should be relative to BASE_DIR')
    def test_origin_outside_base_dir(self):
        template = Template(
            '{% load origin %}{% origin %}',
            origin=Origin('/different/templates/my-template.html'),
        )
        with override_settings(SERVER_MODE='development'):
            for component in ['fake', 'base', 'different', 'templates']:
                output = template.render(Context())
                self.assertNotIn(component, output,
                                 'Full path components should not be revealed in html')