From f0880aff32bbb30c6a8a0d4e078e563d24b97909 Mon Sep 17 00:00:00 2001 From: Roald de Vries Date: Thu, 1 Dec 2016 15:56:57 +0100 Subject: fix csrf for some integration tests --- service/test/support/integration/app_test_client.py | 19 +++++++++++++------ .../test/support/integration/multi_user_client.py | 21 +++++++++------------ 2 files changed, 22 insertions(+), 18 deletions(-) (limited to 'service/test/support') diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index ee5a1df2..9ab74261 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -49,6 +49,7 @@ from pixelated.adapter.search import SearchEngine from pixelated.adapter.services.draft_service import DraftService from pixelated.adapter.services.mail_service import MailService from pixelated.resources.root_resource import RootResource +from pixelated.resources.session import IPixelatedSession from test.support.integration.model import MailBuilder from test.support.test_helper import request_mock from test.support.integration.model import ResponseMail @@ -278,17 +279,21 @@ class AppTestClient(object): request.args = get_args return self._render(request, as_json) - def post(self, path, body='', headers=None, ajax=True, csrf='token'): + def post(self, path, body='', headers=None, ajax=True, csrf='token', session=None): headers = headers or {'Content-Type': 'application/json'} request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf) + if session: + request.session = session return self._render(request) def put(self, path, body, ajax=True, csrf='token'): request = request_mock(path=path, method="PUT", body=body, headers={'Content-Type': ['application/json']}, ajax=ajax, csrf=csrf) return self._render(request) - def delete(self, path, body="", ajax=True, csrf='token'): + def delete(self, path, body="", ajax=True, csrf='token', session=None): request = request_mock(path=path, body=body, headers={'Content-Type': ['application/json']}, method="DELETE", ajax=ajax, csrf=csrf) + if session: + request.session = session return self._render(request) @defer.inlineCallbacks @@ -387,12 +392,14 @@ class AppTestClient(object): return res # TODO: remove - def delete_mail(self, mail_ident, csrf='token'): - res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf) + def delete_mail(self, mail_ident, session): + csrf = IPixelatedSession(session).get_csrf_token() + res, req = self.delete("/mail/%s" % mail_ident, csrf=csrf, session=session) return res - def delete_mails(self, idents): - res, req = self.post("/mails/delete", json.dumps({'idents': idents})) + def delete_mails(self, idents, session): + csrf = IPixelatedSession(session).get_csrf_token() + res, req = self.post("/mails/delete", json.dumps({'idents': idents}), csrf=csrf, session=session) return res def mark_many_as_unread(self, idents): diff --git a/service/test/support/integration/multi_user_client.py b/service/test/support/integration/multi_user_client.py index fe8595fb..4b9b2864 100644 --- a/service/test/support/integration/multi_user_client.py +++ b/service/test/support/integration/multi_user_client.py @@ -58,44 +58,41 @@ class MultiUserClient(AppTestClient): else: when(Authenticator)._bonafide_auth(username, password).thenRaise(SRPAuthError) - def login(self, username='username', password='password', from_request=None): - session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False}) + def login(self, username='username', password='password', session=None): + auth_session = Authentication(username, 'some_user_token', 'some_user_uuid', 'session_id', {'is_admin': False}) leap_session = self._test_account.leap_session - leap_session.user_auth = session + leap_session.user_auth = auth_session config = mock() config.leap_home = 'some_folder' leap_session.config = config leap_session.fresh_account = False self.leap_session = leap_session self.services = self._test_account.services - self.user_auth = session + self.user_auth = auth_session self._mock_bonafide_auth(username, password) - when(LeapSessionFactory).create(username, password, session).thenReturn(leap_session) + when(LeapSessionFactory).create(username, password, auth_session).thenReturn(leap_session) with patch('mockito.invocation.AnswerSelector', AnswerSelector): when(leap_session).initial_sync().thenAnswer(lambda: defer.succeed(None)) when(pixelated.config.services).Services(ANY()).thenReturn(self.services) - session = from_request.getSession() csrftoken = IPixelatedSession(session).get_csrf_token() request = request_mock(path='/login', method="POST", body={'username': username, 'password': password, 'csrftoken': csrftoken}, ajax=False) request.session = session return self._render(request, as_json=False) - def get(self, path, get_args='', as_json=True, from_request=None): + def get(self, path, get_args='', as_json=True, session=None): request = request_mock(path) request.args = get_args - if from_request: - session = from_request.getSession() + if session: request.session = session return self._render(request, as_json) - def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, from_request=None): + def post(self, path, body='', headers=None, ajax=True, csrf='token', as_json=True, session=None): headers = headers or {'Content-Type': 'application/json'} request = request_mock(path=path, method="POST", body=body, headers=headers, ajax=ajax, csrf=csrf) - if from_request: - session = from_request.getSession() + if session: request.session = session return self._render(request, as_json) -- cgit v1.2.3