| |
| |
| """ |
| (c) 2016 - Copyright Red Hat Inc |
| |
| Authors: |
| Pierre-Yves Chibon <pingou@pingoured.fr> |
| |
| """ |
| |
| from __future__ import unicode_literals, absolute_import |
| |
| import datetime |
| import unittest |
| import sys |
| import time |
| import os |
| |
| import flask |
| import flask_wtf |
| from mock import patch, MagicMock |
| |
| sys.path.insert(0, os.path.join(os.path.dirname( |
| os.path.abspath(__file__)), '..')) |
| |
| import pagure.forms |
| import tests |
| |
| |
| class PagureFlaskFormTests(tests.SimplePagureTest): |
| """ Tests for forms of the flask application """ |
| |
| @patch.dict('pagure.config.config', {'SERVER_NAME': 'localhost.localdomain'}) |
| def setUp(self): |
| super(PagureFlaskFormTests, self).setUp() |
| |
| def test_csrf_form_no_input(self): |
| """ Test the CSRF validation if not CSRF is specified. """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.ConfirmationForm() |
| self.assertFalse(form.validate_on_submit()) |
| |
| def test_csrf_form_w_invalid_input(self): |
| """ Test the CSRF validation with an invalid CSRF specified. """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.ConfirmationForm() |
| form.csrf_token.data = 'foobar' |
| self.assertFalse(form.validate_on_submit()) |
| |
| def test_csrf_form_w_input(self): |
| """ Test the CSRF validation with a valid CSRF specified. """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.ConfirmationForm() |
| form.csrf_token.data = form.csrf_token.current_token |
| self.assertTrue(form.validate_on_submit()) |
| |
| def test_csrf_form_w_expired_input(self): |
| """ Test the CSRF validation with an expired CSRF specified. """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.ConfirmationForm() |
| data = form.csrf_token.current_token |
| |
| |
| if hasattr(flask_wtf, '__version__') and \ |
| tuple( |
| [int(v) for v in flask_wtf.__version__.split('.')] |
| ) < (0, 10, 0): |
| expires = time.time() - 1 |
| else: |
| expires = ( |
| datetime.datetime.now() - datetime.timedelta(minutes=1) |
| ).strftime('%Y%m%d%H%M%S') |
| |
| |
| if hasattr(flask_wtf, '__version__') and \ |
| tuple([int(e) for e in flask_wtf.__version__.split('.')] |
| ) >= (0,14,0): |
| import itsdangerous |
| try: |
| timestamp = itsdangerous.base64_encode( |
| itsdangerous.encoding.int_to_bytes(int(expires))) |
| except AttributeError: |
| timestamp = itsdangerous.base64_encode( |
| itsdangerous.int_to_bytes(int(expires))) |
| timestamp = timestamp.decode("ascii") |
| part1, _, part2 = data.split('.', 2) |
| form.csrf_token.data = '.'.join([part1, timestamp, part2]) |
| else: |
| _, hmac_csrf = data.split('##', 1) |
| form.csrf_token.data = '%s##%s' % (expires, hmac_csrf) |
| |
| self.assertFalse(form.validate_on_submit()) |
| |
| def test_csrf_form_w_unexpiring_input(self): |
| """ Test the CSRF validation with a CSRF not expiring. """ |
| pagure.config.config['WTF_CSRF_TIME_LIMIT'] = None |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.ConfirmationForm() |
| data = form.csrf_token.current_token |
| |
| if hasattr(flask_wtf, '__version__') and \ |
| tuple([int(e) for e in flask_wtf.__version__.split('.')] |
| ) >= (0,14,0): |
| form.csrf_token.data = data |
| else: |
| _, hmac_csrf = data.split('##', 1) |
| |
| form.csrf_token.data = '##%s' % hmac_csrf |
| self.assertTrue(form.validate_on_submit()) |
| |
| def test_add_user_form(self): |
| """ Test the AddUserForm of pagure.forms """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.AddUserForm() |
| form.csrf_token.data = form.csrf_token.current_token |
| |
| self.assertFalse(form.validate_on_submit()) |
| |
| form.user.data = 'foo' |
| self.assertFalse(form.validate_on_submit()) |
| form.access.data = 'admin' |
| self.assertTrue(form.validate_on_submit()) |
| |
| def test_add_user_to_group_form(self): |
| """ Test the AddUserToGroup form of pagure.forms """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.AddUserToGroupForm() |
| form.csrf_token.data = form.csrf_token.current_token |
| |
| self.assertFalse(form.validate_on_submit()) |
| form.user.data = 'foo' |
| |
| self.assertTrue(form.validate_on_submit()) |
| |
| def test_add_group_form(self): |
| """ Test the AddGroupForm form of pagure.forms """ |
| with self.app.application.test_request_context(method='POST'): |
| flask.g.session = MagicMock() |
| form = pagure.forms.AddGroupForm() |
| form.csrf_token.data = form.csrf_token.current_token |
| |
| self.assertFalse(form.validate_on_submit()) |
| |
| form.group.data = 'gname' |
| self.assertFalse(form.validate_on_submit()) |
| form.access.data = 'admin' |
| self.assertTrue(form.validate_on_submit()) |
| |
| |
| if __name__ == '__main__': |
| unittest.main(verbosity=2) |
| |