diff options
author | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
---|---|---|
committer | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
commit | 05f4e2ca2d64eaba23c87df4d2e2cc9e09bba6de (patch) | |
tree | 50b2ccf6454f31a3f6bceaa997a5e2abbcb91a80 /service/test/support | |
parent | 52467b9aef76c9aac2f250478befd3afb7b6aabd (diff) | |
parent | dbb434b56e6b161a3b851ae6a81f96dff14a29da (diff) |
Merge branch 'master' of https://github.com/pixelated/pixelated-user-agent
# By Felix Hammerl (5) and others
# Via NavaL
* 'master' of https://github.com/pixelated/pixelated-user-agent:
serving the client directly, as the current dependency on proxy strips out xsrf cookies -fixing functional test
only adding feature resource in root_resource test -- fixing build
changed logout to post Issue #612
Backend and frontend protection against csrf attacks: - root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content
Consolidate stylesheets
Remove unused font and stylesheetgit s
Create a new deferred for all IMAPAccount calls
Clean up jshintrc
Recreate session on soledad problems
issue #617: Remove old html whitelister
Issue #617: Sanitize received content
Diffstat (limited to 'service/test/support')
-rw-r--r-- | service/test/support/integration/app_test_client.py | 23 | ||||
-rw-r--r-- | service/test/support/integration/multi_user_client.py | 9 | ||||
-rw-r--r-- | service/test/support/test_helper.py | 13 |
3 files changed, 34 insertions, 11 deletions
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index 8ab58397..f3ec5d25 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -244,22 +244,25 @@ class AppTestClient(object): time.sleep(1) return lambda: process.terminate() - def get(self, path, get_args='', as_json=True): - request = request_mock(path) + def stop(self): + reactor.stop() + + def get(self, path, get_args='', as_json=True, ajax=True, csrf='token'): + request = request_mock(path, ajax=ajax, csrf=csrf) request.args = get_args return self._render(request, as_json) - def post(self, path, body='', headers=None): + def post(self, path, body='', headers=None, ajax=True, csrf='token'): headers = headers or {'Content-Type': 'application/json'} - request = request_mock(path=path, method="POST", body=body, headers=headers) + request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf) return self._render(request) - def put(self, path, body): - request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}) + def put(self, path, body, ajax=True, csrf='token'): + request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf) return self._render(request) - def delete(self, path, body=""): - request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE") + def delete(self, path, body="", ajax=True, csrf='token'): + request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE", ajax=ajax, csrf=csrf) return self._render(request) @defer.inlineCallbacks @@ -322,13 +325,13 @@ class AppTestClient(object): defer.returnValue(mails) @defer.inlineCallbacks - def get_attachment(self, ident, encoding, filename=None, content_type=None): + def get_attachment(self, ident, encoding, filename=None, content_type=None, ajax=True, csrf='token'): params = {'encoding': [encoding]} if filename: params['filename'] = [filename] if content_type: params['content_type'] = [content_type] - deferred_result, req = self.get("/attachment/%s" % ident, params, as_json=False) + deferred_result, req = self.get("/attachment/%s" % ident, params, as_json=False, ajax=ajax, csrf=csrf) res = yield deferred_result defer.returnValue((res, req)) diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py index fa65fb06..5f24456b 100644 --- a/service/test/support/integration/multi_user_client.py +++ b/service/test/support/integration/multi_user_client.py @@ -82,3 +82,12 @@ class MultiUserClient(AppTestClient): session = from_request.getSession() request.session = session return self._render(request, as_json) + + def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, from_request=None): + headers = headers or {'Content-Type': 'application/json'} + request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf) + + if from_request: + session = from_request.getSession() + request.session = session + return self._render(request, as_json) diff --git a/service/test/support/test_helper.py b/service/test/support/test_helper.py index 77c74407..640baf6f 100644 --- a/service/test/support/test_helper.py +++ b/service/test/support/test_helper.py @@ -88,6 +88,7 @@ class PixRequestMock(DummyRequest): DummyRequest.__init__(self, path) self.content = None self.code = None + self.cookies = {} def getWrittenData(self): if len(self.written): @@ -97,8 +98,14 @@ class PixRequestMock(DummyRequest): self.setResponseCode(302) self.setHeader(b"location", url) + def addCookie(self, key, value): + self.cookies[key] = value -def request_mock(path='', method='GET', body='', headers={}): + def getCookie(self, key): + return self.cookies.get(key) + + +def request_mock(path='', method='GET', body='', headers={}, ajax=True, csrf='token'): dummy = PixRequestMock(path.split('/')) for name, val in headers.iteritems(): dummy.headers[name.lower()] = val @@ -108,5 +115,9 @@ def request_mock(path='', method='GET', body='', headers={}): else: for key, val in body.items(): dummy.addArg(key, val) + if ajax: + dummy.headers['x-requested-with'] = 'XMLHttpRequest' + dummy.headers['x-xsrf-token'] = csrf + dummy.addCookie('XSRF-TOKEN', csrf) return dummy |