fix csrf for some integration tests

author: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 15:56:57 +0100
committer: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 15:56:57 +0100
commit: f0880aff32bbb30c6a8a0d4e078e563d24b97909 (patch)
tree: 76e92c88e1ef5a9f63e49eb5489ec18fb1c35823 /service
parent: 875249af34fc5a53b727fe8b8296a5d4206c11c7 (diff)
6 files changed, 39 insertions, 30 deletions
diff --git a/service/test/integration/test_delete_mail.py b/service/test/integration/test_delete_mail.py
index 6cb9ceb6..34ea5048 100644
--- a/service/test/integration/test_delete_mail.py
+++ b/service/test/integration/test_delete_mail.py
@@ -29,8 +29,7 @@ class DeleteMailTest(SoledadTestBase):
         self.assertEquals(1, len(inbox_mails))
 
         response, first_request = yield self.app_test_client.get('/', as_json=False)
-        csrftoken = IPixelatedSession(first_request.getSession()).get_csrf_token()
-        yield self.app_test_client.delete_mail(mail.mail_id, csrf=csrftoken)
+        yield self.app_test_client.delete_mail(mail.mail_id, session=first_request.getSession())
 
         inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(0, len(inbox_mails))
@@ -40,7 +39,8 @@ class DeleteMailTest(SoledadTestBase):
     @defer.inlineCallbacks
     def test_delete_mail_when_trashing_mail_from_trash_mailbox(self):
         mails = yield self.app_test_client.add_multiple_to_mailbox(1, 'trash')
-        yield self.app_test_client.delete_mails([mails[0].ident])
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        yield self.app_test_client.delete_mails([mails[0].ident], session=first_request.getSession())
 
         trash_mails = yield self.app_test_client.get_mails_by_tag('trash')
 
@@ -52,7 +52,8 @@ class DeleteMailTest(SoledadTestBase):
         mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'inbox')
         mail_idents = [m.ident for m in mails]
 
-        yield self.app_test_client.delete_mails(mail_idents)
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession())
 
         inbox = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(0, len(inbox))
@@ -62,7 +63,8 @@ class DeleteMailTest(SoledadTestBase):
         mails = yield self.app_test_client.add_multiple_to_mailbox(5, 'trash')
         mail_idents = [m.ident for m in mails]
 
-        yield self.app_test_client.delete_mails(mail_idents)
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        yield self.app_test_client.delete_mails(mail_idents, session=first_request.getSession())
 
         trash = yield self.app_test_client.get_mails_by_tag('trash')
         self.assertEquals(0, len(trash))
diff --git a/service/test/integration/test_logout.py b/service/test/integration/test_logout.py
index b4f8ebf3..92c2afe5 100644
--- a/service/test/integration/test_logout.py
+++ b/service/test/integration/test_logout.py
@@ -30,7 +30,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
     @defer.inlineCallbacks
     def test_logout_deletes_services_stop_background_reactor_tasks_and_closes_soledad(self):
         response, first_request = yield self.app_test_client.get('/login', as_json=False)
-        response, login_request = yield self.app_test_client.login(from_request=first_request)
+        response, login_request = yield self.app_test_client.login(session=first_request.getSession())
         yield response
 
         yield self.wait_for_session_user_id_to_finish()
@@ -39,7 +39,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
             "/logout",
             json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
             ajax=False,
-            from_request=login_request,
+            session=login_request.getSession(),
             as_json=False)
         yield response
 
diff --git a/service/test/integration/test_multi_user_login.py b/service/test/integration/test_multi_user_login.py
index af2a81ac..e1f58202 100644
--- a/service/test/integration/test_multi_user_login.py
+++ b/service/test/integration/test_multi_user_login.py
@@ -33,13 +33,14 @@ class MultiUserLoginTest(MultiUserSoledadTestBase):
 
     @defer.inlineCallbacks
     def test_logged_in_users_sees_resources(self):
-        response, login_request = yield self.app_test_client.login()
+        response, first_request = yield self.app_test_client.get('/login', as_json=False)
+        response, login_request = yield self.app_test_client.login(session=first_request.getSession())
         yield response
 
         mail = load_mail_from_file('mbox00000000')
         mail_id = yield self._create_mail_in_soledad(mail)
         expected_mail_dict = {'body': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'header': {u'date': u'Tue, 21 Apr 2015 08:43:27 +0000 (UTC)', u'to': [u'carmel@murazikortiz.name'], u'x-tw-pixelated-tags': u'nite, macro, trash', u'from': u'darby.senger@zemlak.biz', u'subject': u'Itaque consequatur repellendus provident sunt quia.'}, 'ident': mail_id, 'status': [], 'tags': [], 'textPlainBody': u'Dignissimos ducimus veritatis. Est tenetur consequatur quia occaecati. Vel sit sit voluptas.\n\nEarum distinctio eos. Accusantium qui sint ut quia assumenda. Facere dignissimos inventore autem sit amet. Pariatur voluptatem sint est.\n\nUt recusandae praesentium aspernatur. Exercitationem amet placeat deserunt quae consequatur eum. Unde doloremque suscipit quia.\n\n', 'mailbox': u'inbox', 'attachments': [], 'security_casing': {'imprints': [{'state': 'no_signature_information'}], 'locks': []}}
-        response, request = self.app_test_client.get("/mail/%s" % mail_id, from_request=login_request)
+        response, request = self.app_test_client.get("/mail/%s" % mail_id, session=login_request.getSession())
         response = yield response
 
         self.assertEqual(200, request.code)
@@ -48,7 +49,8 @@ class MultiUserLoginTest(MultiUserSoledadTestBase):
 
     @defer.inlineCallbacks
     def test_wrong_credentials_cannot_access_resources(self):
-        response, login_request = self.app_test_client.login('username', 'wrong_password')
+        response, first_request = yield self.app_test_client.get('/login', as_json=False)
+        response, login_request = self.app_test_client.login('username', 'wrong_password', session=first_request.getSession())
         response_str = yield response
         self.assertEqual(401, login_request.responseCode)
         self.assertIn('Invalid credentials', login_request.written)
diff --git a/service/test/integration/test_users_count.py b/service/test/integration/test_users_count.py
index a03adacf..a9813b2c 100644
--- a/service/test/integration/test_users_count.py
+++ b/service/test/integration/test_users_count.py
@@ -31,7 +31,8 @@ class UsersResourceTest(MultiUserSoledadTestBase):
     @defer.inlineCallbacks
     def test_online_users_count_uses_leap_auth_privileges(self):
 
-        response, login_request = yield self.app_test_client.login()
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        response, login_request = yield self.app_test_client.login(session=first_request.getSession())
         yield response
 
         yield self.wait_for_session_user_id_to_finish()
@@ -40,7 +41,7 @@ class UsersResourceTest(MultiUserSoledadTestBase):
         response, request = self.app_test_client.get(
             "/users",
             json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
-            from_request=login_request,
+            session=login_request.getSession(),
             as_json=False)
         yield response
 
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index ee5a1df2..9ab74261 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -49,6 +49,7 @@ from pixelated.adapter.search import SearchEngine
 from pixelated.adapter.services.draft_service import DraftService
 from pixelated.adapter.services.mail_service import MailService
 from pixelated.resources.root_resource import RootResource
+from pixelated.resources.session import IPixelatedSession
 from test.support.integration.model import MailBuilder
 from test.support.test_helper import request_mock
 from test.support.integration.model import ResponseMail
@@ -278,17 +279,21 @@ class AppTestClient(object):
         request.args = get_args
         return self._render(request, as_json)
 
-    def post(self, path, body='', headers=None, ajax=True, csrf='token'):
+    def post(self, path, body='', headers=None, ajax=True, csrf='token', session=None):
         headers = headers or {'Content-Type': 'application/json'}
         request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
+        if session:
+            request.session = session
         return self._render(request)
 
     def put(self, path, body, ajax=True, csrf='token'):
         request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf)
         return self._render(request)
 
-    def delete(self, path, body="", ajax=True, csrf='token'):
+    def delete(self, path, body="", ajax=True, csrf='token', session=None):
         request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE", ajax=ajax, csrf=csrf)
+        if session:
+            request.session = session
         return self._render(request)
 
     @defer.inlineCallbacks
@@ -387,12 +392,14 @@ class AppTestClient(object):
         return res
 
     # TODO: remove
-    def delete_mail(self, mail_ident, csrf='token'):
-        res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf)
+    def delete_mail(self, mail_ident, session):
+        csrf = IPixelatedSession(session).get_csrf_token()
+        res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf, session=session)
         return res
 
-    def delete_mails(self, idents):
-        res, req = self.post("/mails/delete", json.dumps({'idents': idents}))
+    def delete_mails(self, idents, session):
+        csrf = IPixelatedSession(session).get_csrf_token()
+        res, req = self.post("/mails/delete", json.dumps({'idents': idents}), csrf=csrf, session=session)
         return res
 
     def mark_many_as_unread(self, idents):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index fe8595fb..4b9b2864 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -58,44 +58,41 @@ class MultiUserClient(AppTestClient):
         else:
             when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError)
 
-    def login(self, username='username', password='password', from_request=None):
-        session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
+    def login(self, username='username', password='password', session=None):
+        auth_session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
         leap_session = self._test_account.leap_session
-        leap_session.user_auth = session
+        leap_session.user_auth = auth_session
         config = mock()
         config.leap_home = 'some_folder'
         leap_session.config = config
         leap_session.fresh_account = False
         self.leap_session = leap_session
         self.services = self._test_account.services
-        self.user_auth = session
+        self.user_auth = auth_session
 
         self._mock_bonafide_auth(username, password)
 
-        when(LeapSessionFactory).create(username, password, session).thenReturn(leap_session)
+        when(LeapSessionFactory).create(username, password, auth_session).thenReturn(leap_session)
         with patch('mockito.invocation.AnswerSelector', AnswerSelector):
             when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None))
         when(pixelated.config.services).Services(ANY()).thenReturn(self.services)
 
-        session = from_request.getSession()
         csrftoken = IPixelatedSession(session).get_csrf_token()
         request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False)
         request.session = session
         return self._render(request, as_json=False)
 
-    def get(self, path, get_args='', as_json=True, from_request=None):
+    def get(self, path, get_args='', as_json=True, session=None):
         request = request_mock(path)
         request.args = get_args
-        if from_request:
-            session = from_request.getSession()
+        if session:
             request.session = session
         return self._render(request, as_json)
 
-    def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, from_request=None):
+    def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, session=None):
         headers = headers or {'Content-Type': 'application/json'}
         request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf)
 
-        if from_request:
-            session = from_request.getSession()
+        if session:
             request.session = session
         return self._render(request, as_json)
author	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 15:56:57 +0100
committer	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 15:56:57 +0100
commit	f0880aff32bbb30c6a8a0d4e078e563d24b97909 (patch)
tree	76e92c88e1ef5a9f63e49eb5489ec18fb1c35823 /service
parent	875249af34fc5a53b727fe8b8296a5d4206c11c7 (diff)