1
0

test_pagure_flask_form.py 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2016 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. __requires__ = ['SQLAlchemy >= 0.8']
  8. import pkg_resources
  9. import datetime
  10. import unittest
  11. import sys
  12. import time
  13. import os
  14. import flask
  15. import flask_wtf
  16. from mock import patch
  17. sys.path.insert(0, os.path.join(os.path.dirname(
  18. os.path.abspath(__file__)), '..'))
  19. import pagure.forms
  20. import tests
  21. class PagureFlaskFormTests(tests.Modeltests):
  22. """ Tests for forms of the flask application """
  23. def setUpt(self):
  24. pagure.APP.config['TESTING'] = True
  25. pagure.APP.config['SERVER_NAME'] = 'pagure.org'
  26. pagure.SESSION = self.session
  27. self.app = pagure.APP.test_client()
  28. def test_csrf_form_no_input(self):
  29. """ Test the CSRF validation if not CSRF is specified. """
  30. with pagure.APP.test_request_context(method='POST'):
  31. form = pagure.forms.ConfirmationForm()
  32. self.assertFalse(form.validate_on_submit())
  33. def test_csrf_form_w_invalid_input(self):
  34. """ Test the CSRF validation with an invalid CSRF specified. """
  35. with pagure.APP.test_request_context(method='POST'):
  36. form = pagure.forms.ConfirmationForm()
  37. form.csrf_token.data = 'foobar'
  38. self.assertFalse(form.validate_on_submit())
  39. def test_csrf_form_w_input(self):
  40. """ Test the CSRF validation with a valid CSRF specified. """
  41. with pagure.APP.test_request_context(method='POST'):
  42. form = pagure.forms.ConfirmationForm()
  43. form.csrf_token.data = form.csrf_token.current_token
  44. self.assertTrue(form.validate_on_submit())
  45. def test_csrf_form_w_expired_input(self):
  46. """ Test the CSRF validation with an expired CSRF specified. """
  47. with pagure.APP.test_request_context(method='POST'):
  48. form = pagure.forms.ConfirmationForm()
  49. data = form.csrf_token.current_token
  50. # CSRF token expired
  51. if hasattr(flask_wtf, '__version__') and \
  52. tuple(flask_wtf.__version__.split('.')) >= (0,10,0):
  53. expires = time.time() - 1
  54. else:
  55. expires = (
  56. datetime.datetime.now() - datetime.timedelta(minutes=1)
  57. ).strftime('%Y%m%d%H%M%S')
  58. # Change the CSRF format
  59. if hasattr(flask_wtf, '__version__') and \
  60. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  61. ) >= (0,14,0):
  62. import itsdangerous
  63. timestamp = itsdangerous.base64_encode(
  64. itsdangerous.int_to_bytes(int(expires)))
  65. print '*', data
  66. part1, _, part2 = data.split('.', 2)
  67. form.csrf_token.data = '.'.join([part1, timestamp, part2])
  68. else:
  69. _, hmac_csrf = data.split('##', 1)
  70. form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
  71. self.assertFalse(form.validate_on_submit())
  72. def test_csrf_form_w_unexpiring_input(self):
  73. """ Test the CSRF validation with a CSRF not expiring. """
  74. pagure.APP.config['WTF_CSRF_TIME_LIMIT'] = None
  75. with pagure.APP.test_request_context(method='POST'):
  76. form = pagure.forms.ConfirmationForm()
  77. data = form.csrf_token.current_token
  78. if hasattr(flask_wtf, '__version__') and \
  79. tuple([int(e) for e in flask_wtf.__version__.split('.')]
  80. ) >= (0,14,0):
  81. form.csrf_token.data = data
  82. else:
  83. _, hmac_csrf = data.split('##', 1)
  84. # CSRF can no longer expire, they have no expiration info
  85. form.csrf_token.data = '##%s' % hmac_csrf
  86. self.assertTrue(form.validate_on_submit())
  87. def test_add_user_form(self):
  88. """ Test the AddUserForm of pagure.forms """
  89. with pagure.APP.test_request_context(method='POST'):
  90. form = pagure.forms.AddUserForm()
  91. form.csrf_token.data = form.csrf_token.current_token
  92. # No user or access given
  93. self.assertFalse(form.validate_on_submit())
  94. # No access given
  95. form.user.data = 'foo'
  96. self.assertFalse(form.validate_on_submit())
  97. form.access.data = 'admin'
  98. self.assertTrue(form.validate_on_submit())
  99. def test_add_user_to_group_form(self):
  100. """ Test the AddUserToGroup form of pagure.forms """
  101. with pagure.APP.test_request_context(method='POST'):
  102. form = pagure.forms.AddUserToGroupForm()
  103. form.csrf_token.data = form.csrf_token.current_token
  104. # No user given
  105. self.assertFalse(form.validate_on_submit())
  106. form.user.data = 'foo'
  107. # Everything given
  108. self.assertTrue(form.validate_on_submit())
  109. def test_add_group_form(self):
  110. """ Test the AddGroupForm form of pagure.forms """
  111. with pagure.APP.test_request_context(method='POST'):
  112. form = pagure.forms.AddGroupForm()
  113. form.csrf_token.data = form.csrf_token.current_token
  114. # No group given
  115. self.assertFalse(form.validate_on_submit())
  116. # No access given
  117. form.group.data = 'gname'
  118. self.assertFalse(form.validate_on_submit())
  119. form.access.data = 'admin'
  120. self.assertTrue(form.validate_on_submit())
  121. if __name__ == '__main__':
  122. unittest.main(verbosity=2)