| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 |
- # -*- coding: utf-8 -*-
- """
- (c) 2016 - Copyright Red Hat Inc
- Authors:
- Pierre-Yves Chibon <pingou@pingoured.fr>
- """
- from __future__ import unicode_literals, absolute_import
- import datetime
- import unittest
- import sys
- import time
- import os
- import flask
- import flask_wtf
- from mock import patch, MagicMock
- sys.path.insert(0, os.path.join(os.path.dirname(
- os.path.abspath(__file__)), '..'))
- import pagure.forms
- import tests
- class PagureFlaskFormTests(tests.SimplePagureTest):
- """ Tests for forms of the flask application """
- @patch.dict('pagure.config.config', {'SERVER_NAME': 'localhost.localdomain'})
- def setUp(self):
- super(PagureFlaskFormTests, self).setUp()
- def test_csrf_form_no_input(self):
- """ Test the CSRF validation if not CSRF is specified. """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.ConfirmationForm()
- self.assertFalse(form.validate_on_submit())
- def test_csrf_form_w_invalid_input(self):
- """ Test the CSRF validation with an invalid CSRF specified. """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.ConfirmationForm()
- form.csrf_token.data = 'foobar'
- self.assertFalse(form.validate_on_submit())
- def test_csrf_form_w_input(self):
- """ Test the CSRF validation with a valid CSRF specified. """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.ConfirmationForm()
- form.csrf_token.data = form.csrf_token.current_token
- self.assertTrue(form.validate_on_submit())
- def test_csrf_form_w_expired_input(self):
- """ Test the CSRF validation with an expired CSRF specified. """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.ConfirmationForm()
- data = form.csrf_token.current_token
- # CSRF token expired
- if hasattr(flask_wtf, '__version__') and \
- tuple(
- [int(v) for v in flask_wtf.__version__.split('.')]
- ) < (0, 10, 0):
- expires = time.time() - 1
- else:
- expires = (
- datetime.datetime.now() - datetime.timedelta(minutes=1)
- ).strftime('%Y%m%d%H%M%S')
- # Change the CSRF format
- if hasattr(flask_wtf, '__version__') and \
- tuple([int(e) for e in flask_wtf.__version__.split('.')]
- ) >= (0,14,0):
- import itsdangerous
- try: # ItsDangerous-1.0
- timestamp = itsdangerous.base64_encode(
- itsdangerous.encoding.int_to_bytes(int(expires)))
- except AttributeError: # ItsDangerous-0.24
- timestamp = itsdangerous.base64_encode(
- itsdangerous.int_to_bytes(int(expires)))
- timestamp = timestamp.decode("ascii")
- part1, _, part2 = data.split('.', 2)
- form.csrf_token.data = '.'.join([part1, timestamp, part2])
- else:
- _, hmac_csrf = data.split('##', 1)
- form.csrf_token.data = '%s##%s' % (expires, hmac_csrf)
- self.assertFalse(form.validate_on_submit())
- def test_csrf_form_w_unexpiring_input(self):
- """ Test the CSRF validation with a CSRF not expiring. """
- pagure.config.config['WTF_CSRF_TIME_LIMIT'] = None
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.ConfirmationForm()
- data = form.csrf_token.current_token
- if hasattr(flask_wtf, '__version__') and \
- tuple([int(e) for e in flask_wtf.__version__.split('.')]
- ) >= (0,14,0):
- form.csrf_token.data = data
- else:
- _, hmac_csrf = data.split('##', 1)
- # CSRF can no longer expire, they have no expiration info
- form.csrf_token.data = '##%s' % hmac_csrf
- self.assertTrue(form.validate_on_submit())
- def test_add_user_form(self):
- """ Test the AddUserForm of pagure.forms """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.AddUserForm()
- form.csrf_token.data = form.csrf_token.current_token
- # No user or access given
- self.assertFalse(form.validate_on_submit())
- # No access given
- form.user.data = 'foo'
- self.assertFalse(form.validate_on_submit())
- form.access.data = 'admin'
- self.assertTrue(form.validate_on_submit())
- def test_add_user_to_group_form(self):
- """ Test the AddUserToGroup form of pagure.forms """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.AddUserToGroupForm()
- form.csrf_token.data = form.csrf_token.current_token
- # No user given
- self.assertFalse(form.validate_on_submit())
- form.user.data = 'foo'
- # Everything given
- self.assertTrue(form.validate_on_submit())
- def test_add_group_form(self):
- """ Test the AddGroupForm form of pagure.forms """
- with self.app.application.test_request_context(method='POST'):
- flask.g.session = MagicMock()
- form = pagure.forms.AddGroupForm()
- form.csrf_token.data = form.csrf_token.current_token
- # No group given
- self.assertFalse(form.validate_on_submit())
- # No access given
- form.group.data = 'gname'
- self.assertFalse(form.validate_on_submit())
- form.access.data = 'admin'
- self.assertTrue(form.validate_on_submit())
- if __name__ == '__main__':
- unittest.main(verbosity=2)
|
