summaryrefslogtreecommitdiff
path: root/service/test
diff options
context:
space:
mode:
authorRoald de Vries <rdevries@thoughtworks.com>2016-12-01 15:56:57 +0100
committerRoald de Vries <rdevries@thoughtworks.com>2016-12-01 15:56:57 +0100
commitf0880aff32bbb30c6a8a0d4e078e563d24b97909 (patch)
tree76e92c88e1ef5a9f63e49eb5489ec18fb1c35823 /service/test
parent875249af34fc5a53b727fe8b8296a5d4206c11c7 (diff)
fix csrf for some integration tests
Diffstat (limited to 'service/test')
-rw-r--r--service/test/integration/test_delete_mail.py12
-rw-r--r--service/test/integration/test_logout.py4
-rw-r--r--service/test/integration/test_multi_user_login.py8
-rw-r--r--service/test/integration/test_users_count.py5
-rw-r--r--service/test/support/integration/app_test_client.py19
-rw-r--r--service/test/support/integration/multi_user_client.py21
6 files changed, 39 insertions, 30 deletions
diff --git a/service/test/integration/test_delete_mail.py b/service/test/integration/test_delete_mail.py
index 6cb9ceb6..34ea5048 100644
--- a/service/test/integration/test_delete_mail.py
+++ b/service/test/integration/test_delete_mail.py
@@ -29,8 +29,7 @@ class DeleteMailTest(SoledadTestBase):
self.assertEquals(1, len(inbox_mails))
response, first_request = yield self.app_test_client.get('/', as_json=False)
- csrftoken = IPixelatedSession(first_request.getSession()).get_csrf_token()
- yield self.app_test_client.delete_mail(mail.mail_id, csrf=csrftoken)
+ yield self.app_test_client.delete_mail(mail.mail_id, session=first_request.getSession())
inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
self.assertEquals(0, len(inbox_mails))
@@ -40,7 +39,8 @@ class DeleteMailTest(SoledadTestBase):
@defer.inlineCallbacks
def test_delete_mail_when_trashing_mail_from_trash_mailbox(self):
mails = yield self.app_test_client.add_multiple_to_mailbox(1, 'trash')
- yield self.app_test_client.delete_mails([mails[0].ident])
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ yield self.app_test_client.delete_mails([mails[0].ident], session=first_request.getSession())
trash_mails = yield self.app_test_client.get_mails_by_tag('trash')
@@ -52,7 +52,8 @@ class DeleteMailTest(SoledadTestBase):
mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'inbox')
mail_idents = [m.ident for m in mails]
- yield self.app_test_client.delete_mails(mail_idents)
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession())
inbox = yield self.app_test_client.get_mails_by_tag('inbox')
self.assertEquals(0, len(inbox))
@@ -62,7 +63,8 @@ class DeleteMailTest(SoledadTestBase):
mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'trash')
mail_idents = [m.ident for m in mails]
- yield self.app_test_client.delete_mails(mail_idents)
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession())
trash = yield self.app_test_client.get_mails_by_tag('trash')
self.assertEquals(0, len(trash))
diff --git a/service/test/integration/test_logout.py b/service/test/integration/test_logout.py
index b4f8ebf3..92c2afe5 100644
--- a/service/test/integration/test_logout.py
+++ b/service/test/integration/test_logout.py
@@ -30,7 +30,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
@defer.inlineCallbacks
def test_logout_deletes_services_stop_background_reactor_tasks_and_closes_soledad(self):
response, first_request = yield self.app_test_client.get('/login', as_json=False)
- response, login_request = yield self.app_test_client.login(from_request=first_request)
+ response, login_request = yield self.app_test_client.login(session=first_request.getSession())
yield response
yield self.wait_for_session_user_id_to_finish()
@@ -39,7 +39,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
"/logout",
json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
ajax=False,
- from_request=login_request,
+ session=login_request.getSession(),
as_json=False)
yield response
diff --git a/service/test/integration/test_multi_user_login.py b/service/test/integration/test_multi_user_login.py
index af2a81ac..e1f58202 100644
--- a/service/test/integration/test_multi_user_login.py
+++ b/service/test/integration/test_multi_user_login.py
@@ -33,13 +33,14 @@ class MultiUserLoginTest(MultiUserSoledadTestBase):
@defer.inlineCallbacks
def test_logged_in_users_sees_resources(self):
- response, login_request = yield self.app_test_client.login()
+ response, first_request = yield self.app_test_client.get('/login', as_json=False)
+ response, login_request = yield self.app_test_client.login(session=first_request.getSession())
yield response
mail = load_mail_from_file('mbox00000000')
mail_id = yield self._create_mail_in_soledad(mail)
expected_mail_dict = {'body': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'header': {u'date': u'Tue, 21 Apr 2015 08:43:27 +0000 (UTC)', u'to': [u'carmel@murazikortiz.name'], u'x-tw-pixelated-tags': u'nite, macro, trash', u'from': u'darby.senger@zemlak.biz', u'subject': u'Itaque consequatur repellendus provident sunt quia.'}, 'ident': mail_id, 'status': [], 'tags': [], 'textPlainBody': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'mailbox': u'inbox', 'attachments': [], 'security_casing': {'imprints': [{'state': 'no_signature_information'}], 'locks': []}}
- response, request = self.app_test_client.get("/mail/%s" % mail_id, from_request=login_request)
+ response, request = self.app_test_client.get("/mail/%s" % mail_id, session=login_request.getSession())
response = yield response
self.assertEqual(200, request.code)
@@ -48,7 +49,8 @@ class MultiUserLoginTest(MultiUserSoledadTestBase):
@defer.inlineCallbacks
def test_wrong_credentials_cannot_access_resources(self):
- response, login_request = self.app_test_client.login('username', 'wrong_password')
+ response, first_request = yield self.app_test_client.get('/login', as_json=False)
+ response, login_request = self.app_test_client.login('username', 'wrong_password', session=first_request.getSession())
response_str = yield response
self.assertEqual(401, login_request.responseCode)
self.assertIn('Invalid credentials', login_request.written)
diff --git a/service/test/integration/test_users_count.py b/service/test/integration/test_users_count.py
index a03adacf..a9813b2c 100644
--- a/service/test/integration/test_users_count.py
+++ b/service/test/integration/test_users_count.py
@@ -31,7 +31,8 @@ class UsersResourceTest(MultiUserSoledadTestBase):
@defer.inlineCallbacks
def test_online_users_count_uses_leap_auth_privileges(self):
- response, login_request = yield self.app_test_client.login()
+ response, first_request = yield self.app_test_client.get('/', as_json=False)
+ response, login_request = yield self.app_test_client.login(session=first_request.getSession())
yield response
yield self.wait_for_session_user_id_to_finish()
@@ -40,7 +41,7 @@ class UsersResourceTest(MultiUserSoledadTestBase):
response, request = self.app_test_client.get(
"/users",
json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
- from_request=login_request,
+ session=login_request.getSession(),
as_json=False)
yield response
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index ee5a1df2..9ab74261 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -49,6 +49,7 @@ from pixelated.adapter.search import SearchEngine
from pixelated.adapter.services.draft_service import DraftService
from pixelated.adapter.services.mail_service import MailService
from pixelated.resources.root_resource import RootResource
+from pixelated.resources.session import IPixelatedSession
from test.support.integration.model import MailBuilder
from test.support.test_helper import request_mock
from test.support.integration.model import ResponseMail
@@ -278,17 +279,21 @@ class AppTestClient(object):
request.args = get_args
return self._render(request, as_json)
- def post(self, path, body='', headers=None, ajax=True, csrf='token'):
+ def post(self, path, body='', headers=None, ajax=True, csrf='token', session=None):
headers = headers or {'Content-Type': 'application/json'}
request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
+ if session:
+ request.session = session
return self._render(request)
def put(self, path, body, ajax=True, csrf='token'):
request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf)
return self._render(request)
- def delete(self, path, body="", ajax=True, csrf='token'):
+ def delete(self, path, body="", ajax=True, csrf='token', session=None):
request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE", ajax=ajax, csrf=csrf)
+ if session:
+ request.session = session
return self._render(request)
@defer.inlineCallbacks
@@ -387,12 +392,14 @@ class AppTestClient(object):
return res
# TODO: remove
- def delete_mail(self, mail_ident, csrf='token'):
- res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf)
+ def delete_mail(self, mail_ident, session):
+ csrf = IPixelatedSession(session).get_csrf_token()
+ res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf, session=session)
return res
- def delete_mails(self, idents):
- res, req = self.post("/mails/delete", json.dumps({'idents': idents}))
+ def delete_mails(self, idents, session):
+ csrf = IPixelatedSession(session).get_csrf_token()
+ res, req = self.post("/mails/delete", json.dumps({'idents': idents}), csrf=csrf, session=session)
return res
def mark_many_as_unread(self, idents):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index fe8595fb..4b9b2864 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -58,44 +58,41 @@ class MultiUserClient(AppTestClient):
else:
when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError)
- def login(self, username='username', password='password', from_request=None):
- session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
+ def login(self, username='username', password='password', session=None):
+ auth_session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
leap_session = self._test_account.leap_session
- leap_session.user_auth = session
+ leap_session.user_auth = auth_session
config = mock()
config.leap_home = 'some_folder'
leap_session.config = config
leap_session.fresh_account = False
self.leap_session = leap_session
self.services = self._test_account.services
- self.user_auth = session
+ self.user_auth = auth_session
self._mock_bonafide_auth(username, password)
- when(LeapSessionFactory).create(username, password, session).thenReturn(leap_session)
+ when(LeapSessionFactory).create(username, password, auth_session).thenReturn(leap_session)
with patch('mockito.invocation.AnswerSelector', AnswerSelector):
when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None))
when(pixelated.config.services).Services(ANY()).thenReturn(self.services)
- session = from_request.getSession()
csrftoken = IPixelatedSession(session).get_csrf_token()
request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False)
request.session = session
return self._render(request, as_json=False)
- def get(self, path, get_args='', as_json=True, from_request=None):
+ def get(self, path, get_args='', as_json=True, session=None):
request = request_mock(path)
request.args = get_args
- if from_request:
- session = from_request.getSession()
+ if session:
request.session = session
return self._render(request, as_json)
- def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, from_request=None):
+ def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, session=None):
headers = headers or {'Content-Type': 'application/json'}
request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
- if from_request:
- session = from_request.getSession()
+ if session:
request.session = session
return self._render(request, as_json)