WIP: add csrf token to every request

author: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 10:36:29 +0100
committer: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 10:36:39 +0100
commit: 770b439c8495c3a0b16550c2f04740f31646d66b (patch)
tree: 46ed7570ed1b742aca55c22f3efa5532a861cbee /service/test/integration
parent: 13378255c02b97184132881599ed47826963f54a (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/service/test/integration/test_delete_mail.py b/service/test/integration/test_delete_mail.py
index a912f9f0..6cb9ceb6 100644
--- a/service/test/integration/test_delete_mail.py
+++ b/service/test/integration/test_delete_mail.py
@@ -15,6 +15,7 @@
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 from twisted.internet import defer
 from test.support.integration import SoledadTestBase, MailBuilder
+from pixelated.resources import IPixelatedSession
 
 
 class DeleteMailTest(SoledadTestBase):
@@ -27,7 +28,9 @@ class DeleteMailTest(SoledadTestBase):
         inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(1, len(inbox_mails))
 
-        yield self.app_test_client.delete_mail(mail.mail_id)
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        csrftoken = IPixelatedSession(first_request.getSession()).get_csrf_token()
+        yield self.app_test_client.delete_mail(mail.mail_id, csrf=csrftoken)
 
         inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(0, len(inbox_mails))
diff --git a/service/test/integration/test_logout.py b/service/test/integration/test_logout.py
index c9d39d17..b4f8ebf3 100644
--- a/service/test/integration/test_logout.py
+++ b/service/test/integration/test_logout.py
@@ -29,7 +29,8 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
 
     @defer.inlineCallbacks
     def test_logout_deletes_services_stop_background_reactor_tasks_and_closes_soledad(self):
-        response, login_request = yield self.app_test_client.login()
+        response, first_request = yield self.app_test_client.get('/login', as_json=False)
+        response, login_request = yield self.app_test_client.login(from_request=first_request)
         yield response
 
         yield self.wait_for_session_user_id_to_finish()
@@ -37,6 +38,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
         response, request = self.app_test_client.post(
             "/logout",
             json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
+            ajax=False,
             from_request=login_request,
             as_json=False)
         yield response
author	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 10:36:29 +0100
committer	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 10:36:39 +0100
commit	770b439c8495c3a0b16550c2f04740f31646d66b (patch)
tree	46ed7570ed1b742aca55c22f3efa5532a861cbee /service/test/integration
parent	13378255c02b97184132881599ed47826963f54a (diff)