bug / pagure

Clone
Source Code
GIT

Blame tests/test_pagure_flask_form.py

master
  1.   a19da372af8a3e45004701606bc12e0da5bb9023
  2.   tests
  3.   test_pagure_flask_form.py
Blob Raw
Pierre-Yves Chibon 05aa81 
# -*- coding: utf-8 -*-
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
"""
Pierre-Yves Chibon 05aa81 
 (c) 2016 - Copyright Red Hat Inc
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
 Authors:
Pierre-Yves Chibon 05aa81 
   Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
"""
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 67d1cc 
from __future__ import unicode_literals, absolute_import
Aurélien Bompard 626417
Pierre-Yves Chibon 05aa81 
import datetime
Pierre-Yves Chibon 05aa81 
import unittest
Pierre-Yves Chibon 05aa81 
import sys
Pierre-Yves Chibon 05aa81 
import time
Pierre-Yves Chibon 05aa81 
import os
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
import flask
Pierre-Yves Chibon 05aa81 
import flask_wtf
Pierre-Yves Chibon efbef7 
from mock import patch, MagicMock
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
sys.path.insert(0, os.path.join(os.path.dirname(
Pierre-Yves Chibon 05aa81 
    os.path.abspath(__file__)), '..'))
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
import pagure.forms
Pierre-Yves Chibon 05aa81 
import tests
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81
Clement Verna 109c4b 
class PagureFlaskFormTests(tests.SimplePagureTest):
Pierre-Yves Chibon 05aa81 
    """ Tests for forms of the flask application """
Pierre-Yves Chibon 05aa81
Neal Gompa 9c34c4 
    @patch.dict('pagure.config.config', {'SERVER_NAME': 'localhost.localdomain'})
Pierre-Yves Chibon 6b81e9 
    def setUp(self):
Pierre-Yves Chibon 6b81e9 
        super(PagureFlaskFormTests, self).setUp()
Pierre-Yves Chibon 6b81e9
Pierre-Yves Chibon 05aa81 
    def test_csrf_form_no_input(self):
Pierre-Yves Chibon 05aa81 
        """ Test the CSRF validation if not CSRF is specified. """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Pierre-Yves Chibon 05aa81 
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81 
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
    def test_csrf_form_w_invalid_input(self):
Pierre-Yves Chibon 05aa81 
        """ Test the CSRF validation with an invalid CSRF specified. """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Pierre-Yves Chibon 05aa81 
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81 
            form.csrf_token.data = 'foobar'
Pierre-Yves Chibon 05aa81 
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
    def test_csrf_form_w_input(self):
Pierre-Yves Chibon 05aa81 
        """ Test the CSRF validation with a valid CSRF specified. """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Pierre-Yves Chibon 05aa81 
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81 
            form.csrf_token.data = form.csrf_token.current_token
Pierre-Yves Chibon 05aa81 
            self.assertTrue(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
    def test_csrf_form_w_expired_input(self):
Pierre-Yves Chibon 05aa81 
        """ Test the CSRF validation with an expired CSRF specified. """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Pierre-Yves Chibon 05aa81 
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81 
            data = form.csrf_token.current_token
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
            # CSRF token expired
Pierre-Yves Chibon 05aa81 
            if hasattr(flask_wtf, '__version__') and \
Aurélien Bompard 626417 
                    tuple(
Aurélien Bompard 626417 
                        [int(v) for v in flask_wtf.__version__.split('.')]
Aurélien Bompard 626417 
                    ) < (0, 10, 0):
Pierre-Yves Chibon 05aa81 
                expires = time.time() - 1
Pierre-Yves Chibon 05aa81 
            else:
Pierre-Yves Chibon 05aa81 
                expires = (
Pierre-Yves Chibon 05aa81 
                    datetime.datetime.now() - datetime.timedelta(minutes=1)
Pierre-Yves Chibon 05aa81 
                ).strftime('%Y%m%d%H%M%S')
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 6b03d3 
            # Change the CSRF format
Pierre-Yves Chibon 6b03d3 
            if hasattr(flask_wtf, '__version__') and \
Pierre-Yves Chibon 6b03d3 
                    tuple([int(e) for e in flask_wtf.__version__.split('.')]
Pierre-Yves Chibon 6b03d3 
                    ) >= (0,14,0):
Pierre-Yves Chibon 6b03d3 
                import itsdangerous
Karsten Hopp 1ec5c0 
                try:   # ItsDangerous-1.0
Karsten Hopp 1ec5c0 
                    timestamp = itsdangerous.base64_encode(
Karsten Hopp 1ec5c0 
                        itsdangerous.encoding.int_to_bytes(int(expires)))
Karsten Hopp 1ec5c0 
                except AttributeError: # ItsDangerous-0.24
Karsten Hopp 1ec5c0 
                    timestamp = itsdangerous.base64_encode(
Karsten Hopp 1ec5c0 
                        itsdangerous.int_to_bytes(int(expires)))
Aurélien Bompard 626417 
                timestamp = timestamp.decode("ascii")
Pierre-Yves Chibon 6b03d3 
                part1, _, part2 = data.split('.', 2)
Pierre-Yves Chibon 6b03d3 
                form.csrf_token.data = '.'.join([part1, timestamp, part2])
Pierre-Yves Chibon 6b03d3 
            else:
Pierre-Yves Chibon 6b03d3 
                _, hmac_csrf = data.split('##', 1)
Pierre-Yves Chibon 6b03d3 
                form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 05aa81 
            self.assertFalse(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Pierre-Yves Chibon 05aa81 
    def test_csrf_form_w_unexpiring_input(self):
Pierre-Yves Chibon 05aa81 
        """ Test the CSRF validation with a CSRF not expiring. """
Pierre-Yves Chibon b130e5 
        pagure.config.config['WTF_CSRF_TIME_LIMIT'] = None
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Pierre-Yves Chibon 05aa81 
            form = pagure.forms.ConfirmationForm()
Pierre-Yves Chibon 05aa81 
            data = form.csrf_token.current_token
Pierre-Yves Chibon 6b03d3
Pierre-Yves Chibon 6b03d3 
            if hasattr(flask_wtf, '__version__') and \
Pierre-Yves Chibon 6b03d3 
                    tuple([int(e) for e in flask_wtf.__version__.split('.')]
Pierre-Yves Chibon 6b03d3 
                    ) >= (0,14,0):
Pierre-Yves Chibon 6b03d3 
                form.csrf_token.data = data
Pierre-Yves Chibon 6b03d3 
            else:
Pierre-Yves Chibon 6b03d3 
                _, hmac_csrf = data.split('##', 1)
Pierre-Yves Chibon 6b03d3 
                # CSRF can no longer expire, they have no expiration info
Pierre-Yves Chibon 6b03d3 
                form.csrf_token.data = '##%s' % hmac_csrf
Pierre-Yves Chibon 05aa81 
            self.assertTrue(form.validate_on_submit())
Pierre-Yves Chibon 05aa81
Vivek Anand 2b440e 
    def test_add_user_form(self):
Vivek Anand 2b440e 
        """ Test the AddUserForm of pagure.forms """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Vivek Anand 2b440e 
            form = pagure.forms.AddUserForm()
Vivek Anand 2b440e 
            form.csrf_token.data = form.csrf_token.current_token
Vivek Anand 2b440e 
            # No user or access given
Vivek Anand 2b440e 
            self.assertFalse(form.validate_on_submit())
Vivek Anand 2b440e 
            # No access given
Vivek Anand 2b440e 
            form.user.data = 'foo'
Vivek Anand 2b440e 
            self.assertFalse(form.validate_on_submit())
Vivek Anand 2b440e 
            form.access.data = 'admin'
Vivek Anand 2b440e 
            self.assertTrue(form.validate_on_submit())
Vivek Anand 2b440e
Vivek Anand 2b440e 
    def test_add_user_to_group_form(self):
Vivek Anand 2b440e 
        """ Test the AddUserToGroup form of pagure.forms """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Vivek Anand 2b440e 
            form = pagure.forms.AddUserToGroupForm()
Vivek Anand 2b440e 
            form.csrf_token.data = form.csrf_token.current_token
Vivek Anand 2b440e 
            # No user given
Vivek Anand 2b440e 
            self.assertFalse(form.validate_on_submit())
Vivek Anand 2b440e 
            form.user.data = 'foo'
Vivek Anand 2b440e 
            # Everything given
Vivek Anand 2b440e 
            self.assertTrue(form.validate_on_submit())
Vivek Anand 2b440e
Vivek Anand 3944f0 
    def test_add_group_form(self):
Vivek Anand 3944f0 
        """ Test the AddGroupForm form of pagure.forms """
Pierre-Yves Chibon b130e5 
        with self.app.application.test_request_context(method='POST'):
Pierre-Yves Chibon efbef7 
            flask.g.session = MagicMock()
Vivek Anand 3944f0 
            form = pagure.forms.AddGroupForm()
Vivek Anand 3944f0 
            form.csrf_token.data = form.csrf_token.current_token
Vivek Anand 3944f0 
            # No group given
Vivek Anand 3944f0 
            self.assertFalse(form.validate_on_submit())
Vivek Anand 3944f0 
            # No access given
Vivek Anand 3944f0 
            form.group.data = 'gname'
Vivek Anand 3944f0 
            self.assertFalse(form.validate_on_submit())
Vivek Anand 3944f0 
            form.access.data = 'admin'
Vivek Anand 3944f0 
            self.assertTrue(form.validate_on_submit())
Vivek Anand 3944f0
Vivek Anand 3944f0
Pierre-Yves Chibon 05aa81 
if __name__ == '__main__':
Pierre-Yves Chibon 393f31 
    unittest.main(verbosity=2)
Pierre-Yves Chibon 05aa81

Powered by Pagure 5.7.4

SSH Hostkey/Fingerprint | Documentation | About

© 2014-2019 Red Hat, Inc. and others.

Logo by Pavel Lashutin