diff options
author | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 15:56:57 +0100 |
---|---|---|
committer | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 15:56:57 +0100 |
commit | f0880aff32bbb30c6a8a0d4e078e563d24b97909 (patch) | |
tree | 76e92c88e1ef5a9f63e49eb5489ec18fb1c35823 /service/test/integration | |
parent | 875249af34fc5a53b727fe8b8296a5d4206c11c7 (diff) |
fix csrf for some integration tests
Diffstat (limited to 'service/test/integration')
-rw-r--r-- | service/test/integration/test_delete_mail.py | 12 | ||||
-rw-r--r-- | service/test/integration/test_logout.py | 4 | ||||
-rw-r--r-- | service/test/integration/test_multi_user_login.py | 8 | ||||
-rw-r--r-- | service/test/integration/test_users_count.py | 5 |
4 files changed, 17 insertions, 12 deletions
diff --git a/service/test/integration/test_delete_mail.py b/service/test/integration/test_delete_mail.py index 6cb9ceb6..34ea5048 100644 --- a/service/test/integration/test_delete_mail.py +++ b/service/test/integration/test_delete_mail.py @@ -29,8 +29,7 @@ class DeleteMailTest(SoledadTestBase): self.assertEquals(1, len(inbox_mails)) response, first_request = yield self.app_test_client.get('/', as_json=False) - csrftoken = IPixelatedSession(first_request.getSession()).get_csrf_token() - yield self.app_test_client.delete_mail(mail.mail_id, csrf=csrftoken) + yield self.app_test_client.delete_mail(mail.mail_id, session=first_request.getSession()) inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox') self.assertEquals(0, len(inbox_mails)) @@ -40,7 +39,8 @@ class DeleteMailTest(SoledadTestBase): @defer.inlineCallbacks def test_delete_mail_when_trashing_mail_from_trash_mailbox(self): mails = yield self.app_test_client.add_multiple_to_mailbox(1, 'trash') - yield self.app_test_client.delete_mails([mails[0].ident]) + response, first_request = yield self.app_test_client.get('/', as_json=False) + yield self.app_test_client.delete_mails([mails[0].ident], session=first_request.getSession()) trash_mails = yield self.app_test_client.get_mails_by_tag('trash') @@ -52,7 +52,8 @@ class DeleteMailTest(SoledadTestBase): mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'inbox') mail_idents = [m.ident for m in mails] - yield self.app_test_client.delete_mails(mail_idents) + response, first_request = yield self.app_test_client.get('/', as_json=False) + yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession()) inbox = yield self.app_test_client.get_mails_by_tag('inbox') self.assertEquals(0, len(inbox)) @@ -62,7 +63,8 @@ class DeleteMailTest(SoledadTestBase): mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'trash') mail_idents = [m.ident for m in mails] - yield self.app_test_client.delete_mails(mail_idents) + response, first_request = yield self.app_test_client.get('/', as_json=False) + yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession()) trash = yield self.app_test_client.get_mails_by_tag('trash') self.assertEquals(0, len(trash)) diff --git a/service/test/integration/test_logout.py b/service/test/integration/test_logout.py index b4f8ebf3..92c2afe5 100644 --- a/service/test/integration/test_logout.py +++ b/service/test/integration/test_logout.py @@ -30,7 +30,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase): @defer.inlineCallbacks def test_logout_deletes_services_stop_background_reactor_tasks_and_closes_soledad(self): response, first_request = yield self.app_test_client.get('/login', as_json=False) - response, login_request = yield self.app_test_client.login(from_request=first_request) + response, login_request = yield self.app_test_client.login(session=first_request.getSession()) yield response yield self.wait_for_session_user_id_to_finish() @@ -39,7 +39,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase): "/logout", json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}), ajax=False, - from_request=login_request, + session=login_request.getSession(), as_json=False) yield response diff --git a/service/test/integration/test_multi_user_login.py b/service/test/integration/test_multi_user_login.py index af2a81ac..e1f58202 100644 --- a/service/test/integration/test_multi_user_login.py +++ b/service/test/integration/test_multi_user_login.py @@ -33,13 +33,14 @@ class MultiUserLoginTest(MultiUserSoledadTestBase): @defer.inlineCallbacks def test_logged_in_users_sees_resources(self): - response, login_request = yield self.app_test_client.login() + response, first_request = yield self.app_test_client.get('/login', as_json=False) + response, login_request = yield self.app_test_client.login(session=first_request.getSession()) yield response mail = load_mail_from_file('mbox00000000') mail_id = yield self._create_mail_in_soledad(mail) expected_mail_dict = {'body': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'header': {u'date': u'Tue, 21 Apr 2015 08:43:27 +0000 (UTC)', u'to': [u'carmel@murazikortiz.name'], u'x-tw-pixelated-tags': u'nite, macro, trash', u'from': u'darby.senger@zemlak.biz', u'subject': u'Itaque consequatur repellendus provident sunt quia.'}, 'ident': mail_id, 'status': [], 'tags': [], 'textPlainBody': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'mailbox': u'inbox', 'attachments': [], 'security_casing': {'imprints': [{'state': 'no_signature_information'}], 'locks': []}} - response, request = self.app_test_client.get("/mail/%s" % mail_id, from_request=login_request) + response, request = self.app_test_client.get("/mail/%s" % mail_id, session=login_request.getSession()) response = yield response self.assertEqual(200, request.code) @@ -48,7 +49,8 @@ class MultiUserLoginTest(MultiUserSoledadTestBase): @defer.inlineCallbacks def test_wrong_credentials_cannot_access_resources(self): - response, login_request = self.app_test_client.login('username', 'wrong_password') + response, first_request = yield self.app_test_client.get('/login', as_json=False) + response, login_request = self.app_test_client.login('username', 'wrong_password', session=first_request.getSession()) response_str = yield response self.assertEqual(401, login_request.responseCode) self.assertIn('Invalid credentials', login_request.written) diff --git a/service/test/integration/test_users_count.py b/service/test/integration/test_users_count.py index a03adacf..a9813b2c 100644 --- a/service/test/integration/test_users_count.py +++ b/service/test/integration/test_users_count.py @@ -31,7 +31,8 @@ class UsersResourceTest(MultiUserSoledadTestBase): @defer.inlineCallbacks def test_online_users_count_uses_leap_auth_privileges(self): - response, login_request = yield self.app_test_client.login() + response, first_request = yield self.app_test_client.get('/', as_json=False) + response, login_request = yield self.app_test_client.login(session=first_request.getSession()) yield response yield self.wait_for_session_user_id_to_finish() @@ -40,7 +41,7 @@ class UsersResourceTest(MultiUserSoledadTestBase): response, request = self.app_test_client.get( "/users", json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}), - from_request=login_request, + session=login_request.getSession(), as_json=False) yield response |