From 770b439c8495c3a0b16550c2f04740f31646d66b Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 1 Dec 2016 10:36:29 +0100
Subject: WIP: add csrf token to every request

---
 service/test/support/integration/app_test_client.py   | 4 ++--
 service/test/support/integration/multi_user_client.py | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'service/test/support')

diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index d52c85c0..ee5a1df2 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -387,8 +387,8 @@ class AppTestClient(object):
         return res
 
     # TODO: remove
-    def delete_mail(self, mail_ident):
-        res, req = self.delete("/mail/%s" % mail_ident)
+    def delete_mail(self, mail_ident, csrf='token'):
+        res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf)
         return res
 
     def delete_mails(self, idents):
diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py
index 82acb210..fe8595fb 100644
--- a/service/test/support/integration/multi_user_client.py
+++ b/service/test/support/integration/multi_user_client.py
@@ -24,6 +24,7 @@ from pixelated.config.services import ServicesFactory
 
 from pixelated.config.sessions import LeapSessionFactory
 import pixelated.config.services
+from pixelated.resources import IPixelatedSession
 from pixelated.resources.root_resource import RootResource
 from test.support.integration import AppTestClient
 from test.support.integration.app_test_client import AppTestAccount, StubSRPChecker
@@ -57,7 +58,7 @@ class MultiUserClient(AppTestClient):
         else:
             when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError)
 
-    def login(self, username='username', password='password'):
+    def login(self, username='username', password='password', from_request=None):
         session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False})
         leap_session = self._test_account.leap_session
         leap_session.user_auth = session
@@ -76,7 +77,10 @@ class MultiUserClient(AppTestClient):
             when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None))
         when(pixelated.config.services).Services(ANY()).thenReturn(self.services)
 
-        request = request_mock(path='/login', method="POST", body={'username': username, 'password': password})
+        session = from_request.getSession()
+        csrftoken = IPixelatedSession(session).get_csrf_token()
+        request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False)
+        request.session = session
         return self._render(request, as_json=False)
 
     def get(self, path, get_args='', as_json=True, from_request=None):
-- 
cgit v1.2.3