test_pagure_flask_form.py 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2016 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals
  8. __requires__ = ['SQLAlchemy >= 0.8']
  9. import pkg_resources
  10. import datetime
  11. import unittest
  12. import sys
  13. import time
  14. import os
  15. import flask
  16. import flask_wtf
  17. from mock import patch, MagicMock
  18. sys.path.insert(0, os.path.join(os.path.dirname(
  19. os.path.abspath(__file__)), '..'))
  20. import pagure.forms
  21. import tests
  22. class PagureFlaskFormTests(tests.SimplePagureTest):
  23. """ Tests for forms of the flask application """
  24. @patch.dict('pagure.config.config', {'SERVER_NAME': 'localhost.localdomain'})
  25. def setUp(self):
  26. super(PagureFlaskFormTests, self).setUp()
  27. def test_csrf_form_no_input(self):
  28. """ Test the CSRF validation if not CSRF is specified. """
  29. with self.app.application.test_request_context(method='POST'):
  30. flask.g.session = MagicMock()
  31. form = pagure.forms.ConfirmationForm()
  32. self.assertFalse(form.validate_on_submit())
  33. def test_csrf_form_w_invalid_input(self):
  34. """ Test the CSRF validation with an invalid CSRF specified. """
  35. with self.app.application.test_request_context(method='POST'):
  36. flask.g.session = MagicMock()
  37. form = pagure.forms.ConfirmationForm()
  38. form.csrf_token.data = 'foobar'
  39. self.assertFalse(form.validate_on_submit())
  40. def test_csrf_form_w_input(self):
  41. """ Test the CSRF validation with a valid CSRF specified. """
  42. with self.app.application.test_request_context(method='POST'):
  43. flask.g.session = MagicMock()
  44. form = pagure.forms.ConfirmationForm()
  45. form.csrf_token.data = form.csrf_token.current_token
  46. self.assertTrue(form.validate_on_submit())
  47. def test_csrf_form_w_expired_input(self):
  48. """ Test the CSRF validation with an expired CSRF specified. """
  49. with self.app.application.test_request_context(method='POST'):
  50. flask.g.session = MagicMock()
  51. form = pagure.forms.ConfirmationForm()
  52. data = form.csrf_token.current_token
  53. # CSRF token expired
  54. if hasattr(flask_wtf, '__version__') and \
  55. tuple(
  56. [int(v) for v in flask_wtf.__version__.split('.')]
  57. ) < (0, 10, 0):
  58. expires = time.time() - 1
  59. else:
  60. expires = (
  61. datetime.datetime.now() - datetime.timedelta(minutes=1)
  62. ).strftime('%Y%m%d%H%M%S')
  63. # Change the CSRF format
  64. if hasattr(flask_wtf, '__version__') and \
  65. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  66. ) >= (0,14,0):
  67. import itsdangerous
  68. timestamp = itsdangerous.base64_encode(
  69. itsdangerous.int_to_bytes(int(expires)))
  70. timestamp = timestamp.decode("ascii")
  71. part1, _, part2 = data.split('.', 2)
  72. form.csrf_token.data = '.'.join([part1, timestamp, part2])
  73. else:
  74. _, hmac_csrf = data.split('##', 1)
  75. form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
  76. self.assertFalse(form.validate_on_submit())
  77. def test_csrf_form_w_unexpiring_input(self):
  78. """ Test the CSRF validation with a CSRF not expiring. """
  79. pagure.config.config['WTF_CSRF_TIME_LIMIT'] = None
  80. with self.app.application.test_request_context(method='POST'):
  81. flask.g.session = MagicMock()
  82. form = pagure.forms.ConfirmationForm()
  83. data = form.csrf_token.current_token
  84. if hasattr(flask_wtf, '__version__') and \
  85. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  86. ) >= (0,14,0):
  87. form.csrf_token.data = data
  88. else:
  89. _, hmac_csrf = data.split('##', 1)
  90. # CSRF can no longer expire, they have no expiration info
  91. form.csrf_token.data = '##%s' % hmac_csrf
  92. self.assertTrue(form.validate_on_submit())
  93. def test_add_user_form(self):
  94. """ Test the AddUserForm of pagure.forms """
  95. with self.app.application.test_request_context(method='POST'):
  96. flask.g.session = MagicMock()
  97. form = pagure.forms.AddUserForm()
  98. form.csrf_token.data = form.csrf_token.current_token
  99. # No user or access given
  100. self.assertFalse(form.validate_on_submit())
  101. # No access given
  102. form.user.data = 'foo'
  103. self.assertFalse(form.validate_on_submit())
  104. form.access.data = 'admin'
  105. self.assertTrue(form.validate_on_submit())
  106. def test_add_user_to_group_form(self):
  107. """ Test the AddUserToGroup form of pagure.forms """
  108. with self.app.application.test_request_context(method='POST'):
  109. flask.g.session = MagicMock()
  110. form = pagure.forms.AddUserToGroupForm()
  111. form.csrf_token.data = form.csrf_token.current_token
  112. # No user given
  113. self.assertFalse(form.validate_on_submit())
  114. form.user.data = 'foo'
  115. # Everything given
  116. self.assertTrue(form.validate_on_submit())
  117. def test_add_group_form(self):
  118. """ Test the AddGroupForm form of pagure.forms """
  119. with self.app.application.test_request_context(method='POST'):
  120. flask.g.session = MagicMock()
  121. form = pagure.forms.AddGroupForm()
  122. form.csrf_token.data = form.csrf_token.current_token
  123. # No group given
  124. self.assertFalse(form.validate_on_submit())
  125. # No access given
  126. form.group.data = 'gname'
  127. self.assertFalse(form.validate_on_submit())
  128. form.access.data = 'admin'
  129. self.assertTrue(form.validate_on_submit())
  130. if __name__ == '__main__':
  131. unittest.main(verbosity=2)