From 688a8b42e8ab7c6d4529b6dda66f40eead07ad02 Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 1 Dec 2016 18:30:25 +0100
Subject: fix csrf in tags tests

---
 service/test/integration/test_tags.py              | 23 ++++++++++++++++------
 .../test/support/integration/app_test_client.py    |  5 +++--
 2 files changed, 20 insertions(+), 8 deletions(-)

(limited to 'service')

diff --git a/service/test/integration/test_tags.py b/service/test/integration/test_tags.py
index 555a7382..d107e320 100644
--- a/service/test/integration/test_tags.py
+++ b/service/test/integration/test_tags.py
@@ -31,7 +31,9 @@ class TagsTest(SoledadTestBase):
         input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         mail = yield self.app_test_client.add_mail_to_inbox(input_mail)
 
-        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['IMPORTANT']))
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        session = first_request.getSession()
+        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['IMPORTANT']), session)
 
         mails = yield self.app_test_client.get_mails_by_tag('inbox')
         self.assertEquals({'IMPORTANT'}, set(mails[0].tags))
@@ -41,15 +43,18 @@ class TagsTest(SoledadTestBase):
 
     @defer.inlineCallbacks
     def test_use_old_casing_when_same_tag_with_different_casing_is_posted(self):
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        session = first_request.getSession()
+
         input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         mail = yield self.app_test_client.add_mail_to_inbox(input_mail)
-        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['ImPoRtAnT']))
+        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['ImPoRtAnT']), session)
         mails = yield self.app_test_client.get_mails_by_tag('ImPoRtAnT')
         self.assertEquals({'ImPoRtAnT'}, set(mails[0].tags))
 
         another_input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         another_mail = yield self.app_test_client.add_mail_to_inbox(another_input_mail)
-        yield self.app_test_client.post_tags(another_mail.ident, self._tags_json(['IMPORTANT']))
+        yield self.app_test_client.post_tags(another_mail.ident, self._tags_json(['IMPORTANT']), session)
         mails = yield self.app_test_client.get_mails_by_tag('IMPORTANT')
         self.assertEquals(0, len(mails))
         mails = yield self.app_test_client.get_mails_by_tag('ImPoRtAnT')
@@ -62,7 +67,9 @@ class TagsTest(SoledadTestBase):
         input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         mail = yield self.app_test_client.add_mail_to_inbox(input_mail)
 
-        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['ImPoRtAnT']))
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        session = first_request.getSession()
+        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['ImPoRtAnT']), session)
 
         mails = yield self.app_test_client.get_mails_by_tag('important')
         self.assertEquals(0, len(mails))
@@ -78,7 +85,9 @@ class TagsTest(SoledadTestBase):
         input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         mail = yield self.app_test_client.add_mail_to_inbox(input_mail)
 
-        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['tag1', '   ']))
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        session = first_request.getSession()
+        yield self.app_test_client.post_tags(mail.ident, self._tags_json(['tag1', '   ']), session)
 
         mail = yield self.app_test_client.get_mail(mail.ident)
 
@@ -89,8 +98,10 @@ class TagsTest(SoledadTestBase):
         input_mail = MailBuilder().with_subject('Mail with tags').build_input_mail()
         mail = yield self.app_test_client.add_mail_to_inbox(input_mail)
 
+        response, first_request = yield self.app_test_client.get('/', as_json=False)
+        session = first_request.getSession()
         for tag in SPECIAL_TAGS:
-            response = yield self.app_test_client.post_tags(mail.ident, self._tags_json([tag.name.upper()]))
+            response = yield self.app_test_client.post_tags(mail.ident, self._tags_json([tag.name.upper()]), session)
             self.assertEquals("None of the following words can be used as tags: %s" % tag.name, response)
 
         mail = yield self.app_test_client.mail_store.get_mail(mail.ident)
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index 0bc2eacb..4e3758c5 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -383,8 +383,9 @@ class AppTestClient(object):
         res, req = self.put('/mails', data, csrf=csrf, session=session)
         return res, req
 
-    def post_tags(self, mail_ident, tags_json):
-        res, req = self.post("/mail/%s/tags" % mail_ident, tags_json)
+    def post_tags(self, mail_ident, tags_json, session):
+        csrf = IPixelatedSession(session).get_csrf_token()
+        res, req = self.post("/mail/%s/tags" % mail_ident, tags_json, csrf=csrf, session=session)
         return res
 
     def get_tags(self, **kwargs):
-- 
cgit v1.2.3