diff options
author | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 18:08:12 +0100 |
---|---|---|
committer | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 18:08:12 +0100 |
commit | 20b1922794d3179b32dd930706ec5693a3562464 (patch) | |
tree | 011e974db5f907765c4692baf72eab288aed2121 | |
parent | 165ab49e41faa7ba7d524c58b3b0d383a4c9a2d9 (diff) |
fix csrf in drafts tests
-rw-r--r-- | service/test/integration/test_drafts.py | 30 | ||||
-rw-r--r-- | service/test/support/integration/app_test_client.py | 9 |
2 files changed, 28 insertions, 11 deletions
diff --git a/service/test/integration/test_drafts.py b/service/test/integration/test_drafts.py index 657cfab1..a9c7b3f7 100644 --- a/service/test/integration/test_drafts.py +++ b/service/test/integration/test_drafts.py @@ -17,6 +17,7 @@ from test.support.integration import SoledadTestBase, MailBuilder from mockito import unstub, when, any from twisted.internet import defer +from pixelated.resources import IPixelatedSession class DraftsTest(SoledadTestBase): @@ -26,17 +27,20 @@ class DraftsTest(SoledadTestBase): @defer.inlineCallbacks def test_post_sends_mail_and_deletes_previous_draft_if_it_exists(self): + response, first_request = yield self.app_test_client.get('/', as_json=False) + session = first_request.getSession() + # act as if sending the mail by SMTP succeeded sendmail_deferred = defer.Deferred() when(self.app_test_client.mail_sender).sendmail(any()).thenReturn(sendmail_deferred) # creates one draft first_draft = MailBuilder().with_subject('First draft').build_json() - first_draft_ident = (yield self.app_test_client.put_mail(first_draft)[0])['ident'] + first_draft_ident = (yield self.app_test_client.put_mail(first_draft, session=session)[0])['ident'] # sends an updated version of the draft second_draft = MailBuilder().with_subject('Second draft').with_ident(first_draft_ident).build_json() - deferred_res = self.post_mail(second_draft) + deferred_res = self.post_mail(second_draft, session) sendmail_deferred.callback(None) # SMTP succeeded @@ -54,12 +58,15 @@ class DraftsTest(SoledadTestBase): @defer.inlineCallbacks def test_post_sends_mail_even_when_draft_does_not_exist(self): + response, first_request = yield self.app_test_client.get('/', as_json=False) + session = first_request.getSession() + # act as if sending the mail by SMTP succeeded sendmail_deferred = defer.Deferred() when(self.app_test_client.mail_sender).sendmail(any()).thenReturn(sendmail_deferred) first_draft = MailBuilder().with_subject('First draft').build_json() - res = self.post_mail(first_draft) + res = self.post_mail(first_draft, session) sendmail_deferred.callback(True) yield res @@ -70,25 +77,32 @@ class DraftsTest(SoledadTestBase): self.assertEquals('First draft', sent_mails[0].subject) self.assertEquals(0, len(drafts)) - def post_mail(self, data): - deferred_res, req = self.app_test_client.post('/mails', data) + def post_mail(self, data, session): + csrf = IPixelatedSession(session).get_csrf_token() + deferred_res, req = self.app_test_client.post('/mails', data, csrf=csrf, session=session) return deferred_res @defer.inlineCallbacks def test_put_creates_a_draft_if_it_does_not_exist(self): + response, first_request = yield self.app_test_client.get('/', as_json=False) + session = first_request.getSession() + mail = MailBuilder().with_subject('A new draft').build_json() - yield self.app_test_client.put_mail(mail)[0] + yield self.app_test_client.put_mail(mail, session=session)[0] mails = yield self.app_test_client.get_mails_by_tag('drafts') self.assertEquals('A new draft', mails[0].subject) @defer.inlineCallbacks def test_put_updates_draft_if_it_already_exists(self): + response, first_request = yield self.app_test_client.get('/', as_json=False) + session = first_request.getSession() + draft = MailBuilder().with_subject('First draft').build_json() - draft_ident = (yield self.app_test_client.put_mail(draft)[0])['ident'] + draft_ident = (yield self.app_test_client.put_mail(draft, session=session)[0])['ident'] updated_draft = MailBuilder().with_subject('First draft edited').with_ident(draft_ident).build_json() - yield self.app_test_client.put_mail(updated_draft)[0] + yield self.app_test_client.put_mail(updated_draft, session=session)[0] drafts = yield self.app_test_client.get_mails_by_tag('drafts') diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index 9ab74261..f04f67fd 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -286,8 +286,10 @@ class AppTestClient(object): request.session = session return self._render(request) - def put(self, path, body, ajax=True, csrf='token'): + def put(self, path, body, ajax=True, csrf='token', session=None): request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf) + if session: + request.session = session return self._render(request) def delete(self, path, body="", ajax=True, csrf='token', session=None): @@ -375,8 +377,9 @@ class AppTestClient(object): res = yield deferred_result defer.returnValue((res, req)) - def put_mail(self, data): - res, req = self.put('/mails', data) + def put_mail(self, data, session): + csrf = IPixelatedSession(session).get_csrf_token() + res, req = self.put('/mails', data, csrf=csrf, session=session) return res, req def post_tags(self, mail_ident, tags_json): |