Blame tests/test_pagure_flask_form.py

Pierre-Yves Chibon 05aa81
# -*- coding: utf-8 -*-
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
"""
Pierre-Yves Chibon 05aa81
 (c) 2016 - Copyright Red Hat Inc
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
 Authors:
Pierre-Yves Chibon 05aa81
   Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
"""
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
__requires__ = ['SQLAlchemy >= 0.8']
Pierre-Yves Chibon 05aa81
import pkg_resources
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
import datetime
Pierre-Yves Chibon 05aa81
import unittest
Pierre-Yves Chibon 05aa81
import sys
Pierre-Yves Chibon 05aa81
import time
Pierre-Yves Chibon 05aa81
import os
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
import flask
Pierre-Yves Chibon 05aa81
import flask_wtf
Pierre-Yves Chibon 05aa81
from mock import patch
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
sys.path.insert(0, os.path.join(os.path.dirname(
Pierre-Yves Chibon 05aa81
    os.path.abspath(__file__)), '..'))
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
import pagure.forms
Pierre-Yves Chibon 05aa81
import tests
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
class PagureFlaskFormTests(tests.Modeltests):
Pierre-Yves Chibon 05aa81
    """ Tests for forms of the flask application """
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def setUpt(self):
Pierre-Yves Chibon 05aa81
        pagure.APP.config['TESTING'] = True
Pierre-Yves Chibon 05aa81
        pagure.APP.config['SERVER_NAME'] = 'pagure.org'
Pierre-Yves Chibon 05aa81
        pagure.SESSION = self.session
Pierre-Yves Chibon 05aa81
        self.app = pagure.APP.test_client()
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def test_csrf_form_no_input(self):
Pierre-Yves Chibon 05aa81
        """ Test the CSRF validation if not CSRF is specified. """
Pierre-Yves Chibon 05aa81
        with pagure.APP.test_request_context(method='POST'):
Pierre-Yves Chibon 05aa81
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def test_csrf_form_w_invalid_input(self):
Pierre-Yves Chibon 05aa81
        """ Test the CSRF validation with an invalid CSRF specified. """
Pierre-Yves Chibon 05aa81
        with pagure.APP.test_request_context(method='POST'):
Pierre-Yves Chibon 05aa81
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81
            form.csrf_token.data = 'foobar'
Pierre-Yves Chibon 05aa81
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def test_csrf_form_w_input(self):
Pierre-Yves Chibon 05aa81
        """ Test the CSRF validation with a valid CSRF specified. """
Pierre-Yves Chibon 05aa81
        with pagure.APP.test_request_context(method='POST'):
Pierre-Yves Chibon 05aa81
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81
            form.csrf_token.data = form.csrf_token.current_token
Pierre-Yves Chibon 05aa81
            self.assertTrue(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def test_csrf_form_w_expired_input(self):
Pierre-Yves Chibon 05aa81
        """ Test the CSRF validation with an expired CSRF specified. """
Pierre-Yves Chibon 05aa81
        with pagure.APP.test_request_context(method='POST'):
Pierre-Yves Chibon 05aa81
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81
            data = form.csrf_token.current_token
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
            # CSRF token expired
Pierre-Yves Chibon 05aa81
            if hasattr(flask_wtf, '__version__') and \
Pierre-Yves Chibon 05aa81
                    tuple(flask_wtf.__version__.split('.')) >= (0,10,0):
Pierre-Yves Chibon 05aa81
                expires = time.time() - 1
Pierre-Yves Chibon 05aa81
            else:
Pierre-Yves Chibon 05aa81
                expires = (
Pierre-Yves Chibon 05aa81
                    datetime.datetime.now() - datetime.timedelta(minutes=1)
Pierre-Yves Chibon 05aa81
                ).strftime('%Y%m%d%H%M%S')
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 6b03d3
            # Change the CSRF format
Pierre-Yves Chibon 6b03d3
            if hasattr(flask_wtf, '__version__') and \
Pierre-Yves Chibon 6b03d3
                    tuple([int(e) for e in flask_wtf.__version__.split('.')]
Pierre-Yves Chibon 6b03d3
                    ) >= (0,14,0):
Pierre-Yves Chibon 6b03d3
                import itsdangerous
Pierre-Yves Chibon 6b03d3
                timestamp = itsdangerous.base64_encode(
Pierre-Yves Chibon 6b03d3
                    itsdangerous.int_to_bytes(int(expires)))
Pierre-Yves Chibon 6b03d3
                print '*', data
Pierre-Yves Chibon 6b03d3
                part1, _, part2 = data.split('.', 2)
Pierre-Yves Chibon 6b03d3
                form.csrf_token.data = '.'.join([part1, timestamp, part2])
Pierre-Yves Chibon 6b03d3
            else:
Pierre-Yves Chibon 6b03d3
                _, hmac_csrf = data.split('##', 1)
Pierre-Yves Chibon 6b03d3
                form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 05aa81
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
    def test_csrf_form_w_unexpiring_input(self):
Pierre-Yves Chibon 05aa81
        """ Test the CSRF validation with a CSRF not expiring. """
Pierre-Yves Chibon 05aa81
        pagure.APP.config['WTF_CSRF_TIME_LIMIT'] = None
Pierre-Yves Chibon 05aa81
        with pagure.APP.test_request_context(method='POST'):
Pierre-Yves Chibon 05aa81
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81
            data = form.csrf_token.current_token
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 6b03d3
            if hasattr(flask_wtf, '__version__') and \
Pierre-Yves Chibon 6b03d3
                    tuple([int(e) for e in flask_wtf.__version__.split('.')]
Pierre-Yves Chibon 6b03d3
                    ) >= (0,14,0):
Pierre-Yves Chibon 6b03d3
                form.csrf_token.data = data
Pierre-Yves Chibon 6b03d3
            else:
Pierre-Yves Chibon 6b03d3
                _, hmac_csrf = data.split('##', 1)
Pierre-Yves Chibon 6b03d3
                # CSRF can no longer expire, they have no expiration info
Pierre-Yves Chibon 6b03d3
                form.csrf_token.data = '##%s' % hmac_csrf
Pierre-Yves Chibon 05aa81
            self.assertTrue(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
if __name__ == '__main__':
Pierre-Yves Chibon 05aa81
    SUITE = unittest.TestLoader().loadTestsFromTestCase(
Pierre-Yves Chibon 05aa81
        PagureFlaskFormTests)
Pierre-Yves Chibon 05aa81
    unittest.TextTestRunner(verbosity=2).run(SUITE)
Pierre-Yves Chibon 05aa81