fix csrf for some integration tests

2 files changed, 22 insertions, 18 deletions

diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index ee5a1df2..9ab74261 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -49,6 +49,7 @@ from pixelated.adapter.search import SearchEngine
 from pixelated.adapter.services.draft_service import DraftService
 from pixelated.adapter.services.mail_service import MailService
 from pixelated.resources.root_resource import RootResource
+from pixelated.resources.session import IPixelatedSession
 from test.support.integration.model import MailBuilder
 from test.support.test_helper import request_mock
 from test.support.integration.model import ResponseMail
@@ -278,17 +279,21 @@ class AppTestClient(object):
         request.args = get_args
         return self._render(request, as_json)
 
-    def post(self, path, body='', headers=None, ajax=True, csrf='token'):
+    def post(self, path, body='', headers=None, ajax=True, csrf='token', session=None):
         headers = headers or {'Content-Type': 'application/json'}
         request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
+        if session:
+            request.session = session
         return self._render(request)
 
     def put(self, path, body, ajax=True, csrf='token'):
         request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf)
         return self._render(request)
 
-    def delete(self, path, body="", ajax=True, csrf='token'):
+    def delete(self, path, body="", ajax=True, csrf='token', session=None):
         request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE", ajax=ajax, csrf=csrf)
+        if session:
+            request.session = session
         return self._render(request)
 
     @defer.inlineCallbacks
@@ -387,12 +392,14 @@ class AppTestClient(object):
         return res
 
     # TODO: remove
-    def delete_mail(self, mail_ident, csrf='token'):
-        res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf)
+    def delete_mail(self, mail_ident, session):
+        csrf = IPixelatedSession(session).get_csrf_token()
+        res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf, session=session)
         return res
 
-    def delete_mails(self, idents):
-        res, req = self.post("/mails/delete", json.dumps({'idents': idents}))
+    def delete_mails(self, idents, session):
+        csrf = IPixelatedSession(session).get_csrf_token()
+        res, req = self.post("/mails/delete", json.dumps({'idents': idents}), csrf=csrf, session=session)
         return res
 
     def mark_many_as_unread(self, idents):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index fe8595fb..4b9b2864 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -58,44 +58,41 @@ class MultiUserClient(AppTestClient):
         else:
             when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError)
 
-    def login(self, username='username', password='password', from_request=None):
-        session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
+    def login(self, username='username', password='password', session=None):
+        auth_session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
         leap_session = self._test_account.leap_session
-        leap_session.user_auth = session
+        leap_session.user_auth = auth_session
         config = mock()
         config.leap_home = 'some_folder'
         leap_session.config = config
         leap_session.fresh_account = False
         self.leap_session = leap_session
         self.services = self._test_account.services
-        self.user_auth = session
+        self.user_auth = auth_session
 
         self._mock_bonafide_auth(username, password)
 
-        when(LeapSessionFactory).create(username, password, session).thenReturn(leap_session)
+        when(LeapSessionFactory).create(username, password, auth_session).thenReturn(leap_session)
         with patch('mockito.invocation.AnswerSelector', AnswerSelector):
             when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None))
         when(pixelated.config.services).Services(ANY()).thenReturn(self.services)
 
-        session = from_request.getSession()
         csrftoken = IPixelatedSession(session).get_csrf_token()
         request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False)
         request.session = session
         return self._render(request, as_json=False)
 
-    def get(self, path, get_args='', as_json=True, from_request=None):
+    def get(self, path, get_args='', as_json=True, session=None):
         request = request_mock(path)
         request.args = get_args
-        if from_request:
-            session = from_request.getSession()
+        if session:
             request.session = session
         return self._render(request, as_json)
 
-    def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, from_request=None):
+    def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, session=None):
         headers = headers or {'Content-Type': 'application/json'}
         request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
 
-        if from_request:
-            session = from_request.getSession()
+        if session:
             request.session = session
         return self._render(request, as_json)