summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoald de Vries <rdevries@thoughtworks.com>2016-12-01 18:08:12 +0100
committerRoald de Vries <rdevries@thoughtworks.com>2016-12-01 18:08:12 +0100
commit20b1922794d3179b32dd930706ec5693a3562464 (patch)
tree011e974db5f907765c4692baf72eab288aed2121
parent165ab49e41faa7ba7d524c58b3b0d383a4c9a2d9 (diff)
fix csrf in drafts tests
-rw-r--r--service/test/integration/test_drafts.py30
-rw-r--r--service/test/support/integration/app_test_client.py9
2 files changed, 28 insertions, 11 deletions
diff --git a/service/test/integration/test_drafts.py b/service/test/integration/test_drafts.py
index 657cfab1..a9c7b3f7 100644
--- a/service/test/integration/test_drafts.py
+++ b/service/test/integration/test_drafts.py
@@ -17,6 +17,7 @@
from test.support.integration import SoledadTestBase, MailBuilder
from mockito import unstub, when, any
from twisted.internet import defer
+from pixelated.resources import IPixelatedSession
class DraftsTest(SoledadTestBase):
@@ -26,17 +27,20 @@ class DraftsTest(SoledadTestBase):
@defer.inlineCallbacks
def test_post_sends_mail_and_deletes_previous_draft_if_it_exists(self):
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ session = first_request.getSession()
+
# act as if sending the mail by SMTP succeeded
sendmail_deferred = defer.Deferred()
when(self.app_test_client.mail_sender).sendmail(any()).thenReturn(sendmail_deferred)
# creates one draft
first_draft = MailBuilder().with_subject('First draft').build_json()
- first_draft_ident = (yield self.app_test_client.put_mail(first_draft)[0])['ident']
+ first_draft_ident = (yield self.app_test_client.put_mail(first_draft, session=session)[0])['ident']
# sends an updated version of the draft
second_draft = MailBuilder().with_subject('Second draft').with_ident(first_draft_ident).build_json()
- deferred_res = self.post_mail(second_draft)
+ deferred_res = self.post_mail(second_draft, session)
sendmail_deferred.callback(None) # SMTP succeeded
@@ -54,12 +58,15 @@ class DraftsTest(SoledadTestBase):
@defer.inlineCallbacks
def test_post_sends_mail_even_when_draft_does_not_exist(self):
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ session = first_request.getSession()
+
# act as if sending the mail by SMTP succeeded
sendmail_deferred = defer.Deferred()
when(self.app_test_client.mail_sender).sendmail(any()).thenReturn(sendmail_deferred)
first_draft = MailBuilder().with_subject('First draft').build_json()
- res = self.post_mail(first_draft)
+ res = self.post_mail(first_draft, session)
sendmail_deferred.callback(True)
yield res
@@ -70,25 +77,32 @@ class DraftsTest(SoledadTestBase):
self.assertEquals('First draft', sent_mails[0].subject)
self.assertEquals(0, len(drafts))
- def post_mail(self, data):
- deferred_res, req = self.app_test_client.post('/mails', data)
+ def post_mail(self, data, session):
+ csrf = IPixelatedSession(session).get_csrf_token()
+ deferred_res, req = self.app_test_client.post('/mails', data, csrf=csrf, session=session)
return deferred_res
@defer.inlineCallbacks
def test_put_creates_a_draft_if_it_does_not_exist(self):
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ session = first_request.getSession()
+
mail = MailBuilder().with_subject('A new draft').build_json()
- yield self.app_test_client.put_mail(mail)[0]
+ yield self.app_test_client.put_mail(mail, session=session)[0]
mails = yield self.app_test_client.get_mails_by_tag('drafts')
self.assertEquals('A new draft', mails[0].subject)
@defer.inlineCallbacks
def test_put_updates_draft_if_it_already_exists(self):
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ session = first_request.getSession()
+
draft = MailBuilder().with_subject('First draft').build_json()
- draft_ident = (yield self.app_test_client.put_mail(draft)[0])['ident']
+ draft_ident = (yield self.app_test_client.put_mail(draft, session=session)[0])['ident']
updated_draft = MailBuilder().with_subject('First draft edited').with_ident(draft_ident).build_json()
- yield self.app_test_client.put_mail(updated_draft)[0]
+ yield self.app_test_client.put_mail(updated_draft, session=session)[0]
drafts = yield self.app_test_client.get_mails_by_tag('drafts')
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index 9ab74261..f04f67fd 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -286,8 +286,10 @@ class AppTestClient(object):
request.session = session
return self._render(request)
- def put(self, path, body, ajax=True, csrf='token'):
+ def put(self, path, body, ajax=True, csrf='token', session=None):
request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf)
+ if session:
+ request.session = session
return self._render(request)
def delete(self, path, body="", ajax=True, csrf='token', session=None):
@@ -375,8 +377,9 @@ class AppTestClient(object):
res = yield deferred_result
defer.returnValue((res, req))
- def put_mail(self, data):
- res, req = self.put('/mails', data)
+ def put_mail(self, data, session):
+ csrf = IPixelatedSession(session).get_csrf_token()
+ res, req = self.put('/mails', data, csrf=csrf, session=session)
return res, req
def post_tags(self, mail_ident, tags_json):