From 770b439c8495c3a0b16550c2f04740f31646d66b Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 1 Dec 2016 10:36:29 +0100
Subject: WIP: add csrf token to every request

---
 service/test/integration/test_delete_mail.py | 5 ++++-
 service/test/integration/test_logout.py      | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'service/test/integration')

diff --git a/service/test/integration/test_delete_mail.py b/service/test/integration/test_delete_mail.py
index a912f9f0..6cb9ceb6 100644
--- a/service/test/integration/test_delete_mail.py
+++ b/service/test/integration/test_delete_mail.py
@@ -15,6 +15,7 @@
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 from twisted.internet import defer
 from test.support.integration import SoledadTestBase, MailBuilder
+from pixelated.resources import IPixelatedSession
 
 
 class DeleteMailTest(SoledadTestBase):
@@ -27,7 +28,9 @@ class DeleteMailTest(SoledadTestBase):
         inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(1, len(inbox_mails))
 
-        yield self.app_test_client.delete_mail(mail.mail_id)
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        csrftoken = IPixelatedSession(first_request.getSession()).get_csrf_token()
+        yield self.app_test_client.delete_mail(mail.mail_id, csrf=csrftoken)
 
         inbox_mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals(0, len(inbox_mails))
diff --git a/service/test/integration/test_logout.py b/service/test/integration/test_logout.py
index c9d39d17..b4f8ebf3 100644
--- a/service/test/integration/test_logout.py
+++ b/service/test/integration/test_logout.py
@@ -29,7 +29,8 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
 
     @defer.inlineCallbacks
     def test_logout_deletes_services_stop_background_reactor_tasks_and_closes_soledad(self):
-        response, login_request = yield self.app_test_client.login()
+        response, first_request = yield self.app_test_client.get('/login', as_json=False)
+        response, login_request = yield self.app_test_client.login(from_request=first_request)
         yield response
 
         yield self.wait_for_session_user_id_to_finish()
@@ -37,6 +38,7 @@ class MultiUserLogoutTest(MultiUserSoledadTestBase):
         response, request = self.app_test_client.post(
             "/logout",
             json.dumps({'csrftoken': [login_request.getCookie('XSRF-TOKEN')]}),
+            ajax=False,
             from_request=login_request,
             as_json=False)
         yield response
-- 
cgit v1.2.3