1
0

test_pagure_flask_form.py 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2016 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals, absolute_import
  8. import datetime
  9. import unittest
  10. import sys
  11. import time
  12. import os
  13. import flask
  14. import flask_wtf
  15. from mock import patch, MagicMock
  16. sys.path.insert(
  17. 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
  18. )
  19. import pagure.forms
  20. import tests
  21. class PagureFlaskFormTests(tests.SimplePagureTest):
  22. """ Tests for forms of the flask application """
  23. @patch.dict(
  24. "pagure.config.config", {"SERVER_NAME": "localhost.localdomain"}
  25. )
  26. def setUp(self):
  27. super(PagureFlaskFormTests, self).setUp()
  28. def test_csrf_form_no_input(self):
  29. """ Test the CSRF validation if not CSRF is specified. """
  30. with self.app.application.test_request_context(method="POST"):
  31. flask.g.session = MagicMock()
  32. form = pagure.forms.ConfirmationForm()
  33. self.assertFalse(form.validate_on_submit())
  34. def test_csrf_form_w_invalid_input(self):
  35. """ Test the CSRF validation with an invalid CSRF specified. """
  36. with self.app.application.test_request_context(method="POST"):
  37. flask.g.session = MagicMock()
  38. form = pagure.forms.ConfirmationForm()
  39. form.csrf_token.data = "foobar"
  40. self.assertFalse(form.validate_on_submit())
  41. def test_csrf_form_w_input(self):
  42. """ Test the CSRF validation with a valid CSRF specified. """
  43. with self.app.application.test_request_context(method="POST"):
  44. flask.g.session = MagicMock()
  45. form = pagure.forms.ConfirmationForm()
  46. form.csrf_token.data = form.csrf_token.current_token
  47. self.assertTrue(form.validate_on_submit())
  48. def test_csrf_form_w_expired_input(self):
  49. """ Test the CSRF validation with an expired CSRF specified. """
  50. with self.app.application.test_request_context(method="POST"):
  51. flask.g.session = MagicMock()
  52. form = pagure.forms.ConfirmationForm()
  53. data = form.csrf_token.current_token
  54. # CSRF token expired
  55. if hasattr(flask_wtf, "__version__") and tuple(
  56. [int(v) for v in flask_wtf.__version__.split(".")]
  57. ) < (0, 10, 0):
  58. expires = time.time() - 1
  59. else:
  60. expires = (
  61. datetime.datetime.now() - datetime.timedelta(minutes=1)
  62. ).strftime("%Y%m%d%H%M%S")
  63. # Change the CSRF format
  64. if hasattr(flask_wtf, "__version__") and tuple(
  65. [int(e) for e in flask_wtf.__version__.split(".")]
  66. ) >= (0, 14, 0):
  67. import itsdangerous
  68. try: # ItsDangerous-1.0
  69. timestamp = itsdangerous.base64_encode(
  70. itsdangerous.encoding.int_to_bytes(int(expires))
  71. )
  72. except AttributeError: # ItsDangerous-0.24
  73. timestamp = itsdangerous.base64_encode(
  74. itsdangerous.int_to_bytes(int(expires))
  75. )
  76. timestamp = timestamp.decode("ascii")
  77. part1, _, part2 = data.split(".", 2)
  78. form.csrf_token.data = ".".join([part1, timestamp, part2])
  79. else:
  80. _, hmac_csrf = data.split("##", 1)
  81. form.csrf_token.data = "%s##%s" % (expires, hmac_csrf)
  82. self.assertFalse(form.validate_on_submit())
  83. def test_csrf_form_w_unexpiring_input(self):
  84. """ Test the CSRF validation with a CSRF not expiring. """
  85. pagure.config.config["WTF_CSRF_TIME_LIMIT"] = None
  86. with self.app.application.test_request_context(method="POST"):
  87. flask.g.session = MagicMock()
  88. form = pagure.forms.ConfirmationForm()
  89. data = form.csrf_token.current_token
  90. if hasattr(flask_wtf, "__version__") and tuple(
  91. [int(e) for e in flask_wtf.__version__.split(".")]
  92. ) >= (0, 14, 0):
  93. form.csrf_token.data = data
  94. else:
  95. _, hmac_csrf = data.split("##", 1)
  96. # CSRF can no longer expire, they have no expiration info
  97. form.csrf_token.data = "##%s" % hmac_csrf
  98. self.assertTrue(form.validate_on_submit())
  99. def test_add_user_form(self):
  100. """ Test the AddUserForm of pagure.forms """
  101. with self.app.application.test_request_context(method="POST"):
  102. flask.g.session = MagicMock()
  103. form = pagure.forms.AddUserForm()
  104. form.csrf_token.data = form.csrf_token.current_token
  105. # No user or access given
  106. self.assertFalse(form.validate_on_submit())
  107. # No access given
  108. form.user.data = "foo"
  109. self.assertFalse(form.validate_on_submit())
  110. form.access.data = "admin"
  111. self.assertTrue(form.validate_on_submit())
  112. def test_add_user_to_group_form(self):
  113. """ Test the AddUserToGroup form of pagure.forms """
  114. with self.app.application.test_request_context(method="POST"):
  115. flask.g.session = MagicMock()
  116. form = pagure.forms.AddUserToGroupForm()
  117. form.csrf_token.data = form.csrf_token.current_token
  118. # No user given
  119. self.assertFalse(form.validate_on_submit())
  120. form.user.data = "foo"
  121. # Everything given
  122. self.assertTrue(form.validate_on_submit())
  123. def test_add_group_form(self):
  124. """ Test the AddGroupForm form of pagure.forms """
  125. with self.app.application.test_request_context(method="POST"):
  126. flask.g.session = MagicMock()
  127. form = pagure.forms.AddGroupForm()
  128. form.csrf_token.data = form.csrf_token.current_token
  129. # No group given
  130. self.assertFalse(form.validate_on_submit())
  131. # No access given
  132. form.group.data = "gname"
  133. self.assertFalse(form.validate_on_submit())
  134. form.access.data = "admin"
  135. self.assertTrue(form.validate_on_submit())
  136. if __name__ == "__main__":
  137. unittest.main(verbosity=2)