1
0

test_pagure_flask_form.py 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2016 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. __requires__ = ['SQLAlchemy >= 0.8']
  8. import pkg_resources
  9. import datetime
  10. import unittest
  11. import sys
  12. import time
  13. import os
  14. import flask
  15. import flask_wtf
  16. from mock import patch, MagicMock
  17. sys.path.insert(0, os.path.join(os.path.dirname(
  18. os.path.abspath(__file__)), '..'))
  19. import pagure.forms
  20. import tests
  21. class PagureFlaskFormTests(tests.SimplePagureTest):
  22. """ Tests for forms of the flask application """
  23. @patch.dict('pagure.config.config', {'SERVER_NAME': 'pagure.org'})
  24. def setUp(self):
  25. super(PagureFlaskFormTests, self).setUp()
  26. def test_csrf_form_no_input(self):
  27. """ Test the CSRF validation if not CSRF is specified. """
  28. with self.app.application.test_request_context(method='POST'):
  29. flask.g.session = MagicMock()
  30. form = pagure.forms.ConfirmationForm()
  31. self.assertFalse(form.validate_on_submit())
  32. def test_csrf_form_w_invalid_input(self):
  33. """ Test the CSRF validation with an invalid CSRF specified. """
  34. with self.app.application.test_request_context(method='POST'):
  35. flask.g.session = MagicMock()
  36. form = pagure.forms.ConfirmationForm()
  37. form.csrf_token.data = 'foobar'
  38. self.assertFalse(form.validate_on_submit())
  39. def test_csrf_form_w_input(self):
  40. """ Test the CSRF validation with a valid CSRF specified. """
  41. with self.app.application.test_request_context(method='POST'):
  42. flask.g.session = MagicMock()
  43. form = pagure.forms.ConfirmationForm()
  44. form.csrf_token.data = form.csrf_token.current_token
  45. self.assertTrue(form.validate_on_submit())
  46. def test_csrf_form_w_expired_input(self):
  47. """ Test the CSRF validation with an expired CSRF specified. """
  48. with self.app.application.test_request_context(method='POST'):
  49. flask.g.session = MagicMock()
  50. form = pagure.forms.ConfirmationForm()
  51. data = form.csrf_token.current_token
  52. # CSRF token expired
  53. if hasattr(flask_wtf, '__version__') and \
  54. tuple(flask_wtf.__version__.split('.')) >= (0,10,0):
  55. expires = time.time() - 1
  56. else:
  57. expires = (
  58. datetime.datetime.now() - datetime.timedelta(minutes=1)
  59. ).strftime('%Y%m%d%H%M%S')
  60. # Change the CSRF format
  61. if hasattr(flask_wtf, '__version__') and \
  62. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  63. ) >= (0,14,0):
  64. import itsdangerous
  65. timestamp = itsdangerous.base64_encode(
  66. itsdangerous.int_to_bytes(int(expires)))
  67. print '*', data
  68. part1, _, part2 = data.split('.', 2)
  69. form.csrf_token.data = '.'.join([part1, timestamp, part2])
  70. else:
  71. _, hmac_csrf = data.split('##', 1)
  72. form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
  73. self.assertFalse(form.validate_on_submit())
  74. def test_csrf_form_w_unexpiring_input(self):
  75. """ Test the CSRF validation with a CSRF not expiring. """
  76. pagure.config.config['WTF_CSRF_TIME_LIMIT'] = None
  77. with self.app.application.test_request_context(method='POST'):
  78. flask.g.session = MagicMock()
  79. form = pagure.forms.ConfirmationForm()
  80. data = form.csrf_token.current_token
  81. if hasattr(flask_wtf, '__version__') and \
  82. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  83. ) >= (0,14,0):
  84. form.csrf_token.data = data
  85. else:
  86. _, hmac_csrf = data.split('##', 1)
  87. # CSRF can no longer expire, they have no expiration info
  88. form.csrf_token.data = '##%s' % hmac_csrf
  89. self.assertTrue(form.validate_on_submit())
  90. def test_add_user_form(self):
  91. """ Test the AddUserForm of pagure.forms """
  92. with self.app.application.test_request_context(method='POST'):
  93. flask.g.session = MagicMock()
  94. form = pagure.forms.AddUserForm()
  95. form.csrf_token.data = form.csrf_token.current_token
  96. # No user or access given
  97. self.assertFalse(form.validate_on_submit())
  98. # No access given
  99. form.user.data = 'foo'
  100. self.assertFalse(form.validate_on_submit())
  101. form.access.data = 'admin'
  102. self.assertTrue(form.validate_on_submit())
  103. def test_add_user_to_group_form(self):
  104. """ Test the AddUserToGroup form of pagure.forms """
  105. with self.app.application.test_request_context(method='POST'):
  106. flask.g.session = MagicMock()
  107. form = pagure.forms.AddUserToGroupForm()
  108. form.csrf_token.data = form.csrf_token.current_token
  109. # No user given
  110. self.assertFalse(form.validate_on_submit())
  111. form.user.data = 'foo'
  112. # Everything given
  113. self.assertTrue(form.validate_on_submit())
  114. def test_add_group_form(self):
  115. """ Test the AddGroupForm form of pagure.forms """
  116. with self.app.application.test_request_context(method='POST'):
  117. flask.g.session = MagicMock()
  118. form = pagure.forms.AddGroupForm()
  119. form.csrf_token.data = form.csrf_token.current_token
  120. # No group given
  121. self.assertFalse(form.validate_on_submit())
  122. # No access given
  123. form.group.data = 'gname'
  124. self.assertFalse(form.validate_on_submit())
  125. form.access.data = 'admin'
  126. self.assertTrue(form.validate_on_submit())
  127. if __name__ == '__main__':
  128. unittest.main(verbosity=2)