# -*- coding: utf-8 -*-
"""
(c) 2016 - Copyright Red Hat Inc
Authors:
Pierre-Yves Chibon <pingou@pingoured.fr>
"""
from __future__ import unicode_literals, absolute_import
import datetime
import unittest
import sys
import time
import os
import flask
import flask_wtf
from mock import patch, MagicMock
sys.path.insert(
0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
)
import pagure.forms
import tests
class PagureFlaskFormTests(tests.SimplePagureTest):
""" Tests for forms of the flask application """
@patch.dict(
"pagure.config.config", {"SERVER_NAME": "localhost.localdomain"}
)
def setUp(self):
super(PagureFlaskFormTests, self).setUp()
def test_csrf_form_no_input(self):
""" Test the CSRF validation if not CSRF is specified. """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.ConfirmationForm()
self.assertFalse(form.validate_on_submit())
def test_csrf_form_w_invalid_input(self):
""" Test the CSRF validation with an invalid CSRF specified. """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.ConfirmationForm()
form.csrf_token.data = "foobar"
self.assertFalse(form.validate_on_submit())
def test_csrf_form_w_input(self):
""" Test the CSRF validation with a valid CSRF specified. """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.ConfirmationForm()
form.csrf_token.data = form.csrf_token.current_token
self.assertTrue(form.validate_on_submit())
def test_csrf_form_w_expired_input(self):
""" Test the CSRF validation with an expired CSRF specified. """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.ConfirmationForm()
data = form.csrf_token.current_token
# CSRF token expired
if hasattr(flask_wtf, "__version__") and tuple(
[int(v) for v in flask_wtf.__version__.split(".")]
) < (0, 10, 0):
expires = time.time() - 1
else:
expires = (
datetime.datetime.now() - datetime.timedelta(minutes=1)
).strftime("%Y%m%d%H%M%S")
# Change the CSRF format
if hasattr(flask_wtf, "__version__") and tuple(
[int(e) for e in flask_wtf.__version__.split(".")]
) >= (0, 14, 0):
import itsdangerous
try: # ItsDangerous-1.0
timestamp = itsdangerous.base64_encode(
itsdangerous.encoding.int_to_bytes(int(expires))
)
except AttributeError: # ItsDangerous-0.24
timestamp = itsdangerous.base64_encode(
itsdangerous.int_to_bytes(int(expires))
)
timestamp = timestamp.decode("ascii")
part1, _, part2 = data.split(".", 2)
form.csrf_token.data = ".".join([part1, timestamp, part2])
else:
_, hmac_csrf = data.split("##", 1)
form.csrf_token.data = "%s##%s" % (expires, hmac_csrf)
self.assertFalse(form.validate_on_submit())
def test_csrf_form_w_unexpiring_input(self):
""" Test the CSRF validation with a CSRF not expiring. """
pagure.config.config["WTF_CSRF_TIME_LIMIT"] = None
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.ConfirmationForm()
data = form.csrf_token.current_token
if hasattr(flask_wtf, "__version__") and tuple(
[int(e) for e in flask_wtf.__version__.split(".")]
) >= (0, 14, 0):
form.csrf_token.data = data
else:
_, hmac_csrf = data.split("##", 1)
# CSRF can no longer expire, they have no expiration info
form.csrf_token.data = "##%s" % hmac_csrf
self.assertTrue(form.validate_on_submit())
def test_add_user_form(self):
""" Test the AddUserForm of pagure.forms """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.AddUserForm()
form.csrf_token.data = form.csrf_token.current_token
# No user or access given
self.assertFalse(form.validate_on_submit())
# No access given
form.user.data = "foo"
self.assertFalse(form.validate_on_submit())
form.access.data = "admin"
self.assertTrue(form.validate_on_submit())
def test_add_user_to_group_form(self):
""" Test the AddUserToGroup form of pagure.forms """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.AddUserToGroupForm()
form.csrf_token.data = form.csrf_token.current_token
# No user given
self.assertFalse(form.validate_on_submit())
form.user.data = "foo"
# Everything given
self.assertTrue(form.validate_on_submit())
def test_add_group_form(self):
""" Test the AddGroupForm form of pagure.forms """
with self.app.application.test_request_context(method="POST"):
flask.g.session = MagicMock()
form = pagure.forms.AddGroupForm()
form.csrf_token.data = form.csrf_token.current_token
# No group given
self.assertFalse(form.validate_on_submit())
# No access given
form.group.data = "gname"
self.assertFalse(form.validate_on_submit())
form.access.data = "admin"
self.assertTrue(form.validate_on_submit())
if __name__ == "__main__":
unittest.main(verbosity=2)