##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
gists: fixed tests after timezone change
marcink -
r1350:fd10a3df default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,359 +1,359 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import mock
21 import mock
22 import pytest
22 import pytest
23
23
24 from rhodecode.lib import helpers as h
24 from rhodecode.lib import helpers as h
25 from rhodecode.model.db import User, Gist
25 from rhodecode.model.db import User, Gist
26 from rhodecode.model.gist import GistModel
26 from rhodecode.model.gist import GistModel
27 from rhodecode.model.meta import Session
27 from rhodecode.model.meta import Session
28 from rhodecode.tests import (
28 from rhodecode.tests import (
29 TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
29 TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
30 TestController, assert_session_flash, url)
30 TestController, assert_session_flash, url)
31 from rhodecode.tests.utils import AssertResponse
31 from rhodecode.tests.utils import AssertResponse
32
32
33
33
34 class GistUtility(object):
34 class GistUtility(object):
35
35
36 def __init__(self):
36 def __init__(self):
37 self._gist_ids = []
37 self._gist_ids = []
38
38
39 def __call__(
39 def __call__(
40 self, f_name, content='some gist', lifetime=-1,
40 self, f_name, content='some gist', lifetime=-1,
41 description='gist-desc', gist_type='public',
41 description='gist-desc', gist_type='public',
42 acl_level=Gist.GIST_PUBLIC, owner=TEST_USER_ADMIN_LOGIN):
42 acl_level=Gist.GIST_PUBLIC, owner=TEST_USER_ADMIN_LOGIN):
43 gist_mapping = {
43 gist_mapping = {
44 f_name: {'content': content}
44 f_name: {'content': content}
45 }
45 }
46 user = User.get_by_username(owner)
46 user = User.get_by_username(owner)
47 gist = GistModel().create(
47 gist = GistModel().create(
48 description, owner=user, gist_mapping=gist_mapping,
48 description, owner=user, gist_mapping=gist_mapping,
49 gist_type=gist_type, lifetime=lifetime, gist_acl_level=acl_level)
49 gist_type=gist_type, lifetime=lifetime, gist_acl_level=acl_level)
50 Session().commit()
50 Session().commit()
51 self._gist_ids.append(gist.gist_id)
51 self._gist_ids.append(gist.gist_id)
52 return gist
52 return gist
53
53
54 def cleanup(self):
54 def cleanup(self):
55 for gist_id in self._gist_ids:
55 for gist_id in self._gist_ids:
56 gist = Gist.get(gist_id)
56 gist = Gist.get(gist_id)
57 if gist:
57 if gist:
58 Session().delete(gist)
58 Session().delete(gist)
59
59
60 Session().commit()
60 Session().commit()
61
61
62
62
63 @pytest.fixture
63 @pytest.fixture
64 def create_gist(request):
64 def create_gist(request):
65 gist_utility = GistUtility()
65 gist_utility = GistUtility()
66 request.addfinalizer(gist_utility.cleanup)
66 request.addfinalizer(gist_utility.cleanup)
67 return gist_utility
67 return gist_utility
68
68
69
69
70 class TestGistsController(TestController):
70 class TestGistsController(TestController):
71
71
72 def test_index_empty(self, create_gist):
72 def test_index_empty(self, create_gist):
73 self.log_user()
73 self.log_user()
74 response = self.app.get(url('gists'))
74 response = self.app.get(url('gists'))
75 response.mustcontain('data: [],')
75 response.mustcontain('data: [],')
76
76
77 def test_index(self, create_gist):
77 def test_index(self, create_gist):
78 self.log_user()
78 self.log_user()
79 g1 = create_gist('gist1')
79 g1 = create_gist('gist1')
80 g2 = create_gist('gist2', lifetime=1400)
80 g2 = create_gist('gist2', lifetime=1400)
81 g3 = create_gist('gist3', description='gist3-desc')
81 g3 = create_gist('gist3', description='gist3-desc')
82 g4 = create_gist('gist4', gist_type='private').gist_access_id
82 g4 = create_gist('gist4', gist_type='private').gist_access_id
83 response = self.app.get(url('gists'))
83 response = self.app.get(url('gists'))
84
84
85 response.mustcontain('gist: %s' % g1.gist_access_id)
85 response.mustcontain('gist: %s' % g1.gist_access_id)
86 response.mustcontain('gist: %s' % g2.gist_access_id)
86 response.mustcontain('gist: %s' % g2.gist_access_id)
87 response.mustcontain('gist: %s' % g3.gist_access_id)
87 response.mustcontain('gist: %s' % g3.gist_access_id)
88 response.mustcontain('gist3-desc')
88 response.mustcontain('gist3-desc')
89 response.mustcontain(no=['gist: %s' % g4])
89 response.mustcontain(no=['gist: %s' % g4])
90
90
91 # Expiration information should be visible
91 # Expiration information should be visible
92 expires_tag = '%s' % h.age_component(
92 expires_tag = '%s' % h.age_component(
93 h.time_to_datetime(g2.gist_expires))
93 h.time_to_utcdatetime(g2.gist_expires))
94 response.mustcontain(expires_tag.replace('"', '\\"'))
94 response.mustcontain(expires_tag.replace('"', '\\"'))
95
95
96 def test_index_private_gists(self, create_gist):
96 def test_index_private_gists(self, create_gist):
97 self.log_user()
97 self.log_user()
98 gist = create_gist('gist5', gist_type='private')
98 gist = create_gist('gist5', gist_type='private')
99 response = self.app.get(url('gists', private=1))
99 response = self.app.get(url('gists', private=1))
100
100
101 # and privates
101 # and privates
102 response.mustcontain('gist: %s' % gist.gist_access_id)
102 response.mustcontain('gist: %s' % gist.gist_access_id)
103
103
104 def test_index_show_all(self, create_gist):
104 def test_index_show_all(self, create_gist):
105 self.log_user()
105 self.log_user()
106 create_gist('gist1')
106 create_gist('gist1')
107 create_gist('gist2', lifetime=1400)
107 create_gist('gist2', lifetime=1400)
108 create_gist('gist3', description='gist3-desc')
108 create_gist('gist3', description='gist3-desc')
109 create_gist('gist4', gist_type='private')
109 create_gist('gist4', gist_type='private')
110
110
111 response = self.app.get(url('gists', all=1))
111 response = self.app.get(url('gists', all=1))
112
112
113 assert len(GistModel.get_all()) == 4
113 assert len(GistModel.get_all()) == 4
114 # and privates
114 # and privates
115 for gist in GistModel.get_all():
115 for gist in GistModel.get_all():
116 response.mustcontain('gist: %s' % gist.gist_access_id)
116 response.mustcontain('gist: %s' % gist.gist_access_id)
117
117
118 def test_index_show_all_hidden_from_regular(self, create_gist):
118 def test_index_show_all_hidden_from_regular(self, create_gist):
119 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
119 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
120 create_gist('gist2', gist_type='private')
120 create_gist('gist2', gist_type='private')
121 create_gist('gist3', gist_type='private')
121 create_gist('gist3', gist_type='private')
122 create_gist('gist4', gist_type='private')
122 create_gist('gist4', gist_type='private')
123
123
124 response = self.app.get(url('gists', all=1))
124 response = self.app.get(url('gists', all=1))
125
125
126 assert len(GistModel.get_all()) == 3
126 assert len(GistModel.get_all()) == 3
127 # since we don't have access to private in this view, we
127 # since we don't have access to private in this view, we
128 # should see nothing
128 # should see nothing
129 for gist in GistModel.get_all():
129 for gist in GistModel.get_all():
130 response.mustcontain(no=['gist: %s' % gist.gist_access_id])
130 response.mustcontain(no=['gist: %s' % gist.gist_access_id])
131
131
132 def test_create(self):
132 def test_create(self):
133 self.log_user()
133 self.log_user()
134 response = self.app.post(
134 response = self.app.post(
135 url('gists'),
135 url('gists'),
136 params={'lifetime': -1,
136 params={'lifetime': -1,
137 'content': 'gist test',
137 'content': 'gist test',
138 'filename': 'foo',
138 'filename': 'foo',
139 'public': 'public',
139 'public': 'public',
140 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
140 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
141 'csrf_token': self.csrf_token},
141 'csrf_token': self.csrf_token},
142 status=302)
142 status=302)
143 response = response.follow()
143 response = response.follow()
144 response.mustcontain('added file: foo')
144 response.mustcontain('added file: foo')
145 response.mustcontain('gist test')
145 response.mustcontain('gist test')
146
146
147 def test_create_with_path_with_dirs(self):
147 def test_create_with_path_with_dirs(self):
148 self.log_user()
148 self.log_user()
149 response = self.app.post(
149 response = self.app.post(
150 url('gists'),
150 url('gists'),
151 params={'lifetime': -1,
151 params={'lifetime': -1,
152 'content': 'gist test',
152 'content': 'gist test',
153 'filename': '/home/foo',
153 'filename': '/home/foo',
154 'public': 'public',
154 'public': 'public',
155 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
155 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
156 'csrf_token': self.csrf_token},
156 'csrf_token': self.csrf_token},
157 status=200)
157 status=200)
158 response.mustcontain('Filename /home/foo cannot be inside a directory')
158 response.mustcontain('Filename /home/foo cannot be inside a directory')
159
159
160 def test_access_expired_gist(self, create_gist):
160 def test_access_expired_gist(self, create_gist):
161 self.log_user()
161 self.log_user()
162 gist = create_gist('never-see-me')
162 gist = create_gist('never-see-me')
163 gist.gist_expires = 0 # 1970
163 gist.gist_expires = 0 # 1970
164 Session().add(gist)
164 Session().add(gist)
165 Session().commit()
165 Session().commit()
166
166
167 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
167 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
168
168
169 def test_create_private(self):
169 def test_create_private(self):
170 self.log_user()
170 self.log_user()
171 response = self.app.post(
171 response = self.app.post(
172 url('gists'),
172 url('gists'),
173 params={'lifetime': -1,
173 params={'lifetime': -1,
174 'content': 'private gist test',
174 'content': 'private gist test',
175 'filename': 'private-foo',
175 'filename': 'private-foo',
176 'private': 'private',
176 'private': 'private',
177 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
177 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
178 'csrf_token': self.csrf_token},
178 'csrf_token': self.csrf_token},
179 status=302)
179 status=302)
180 response = response.follow()
180 response = response.follow()
181 response.mustcontain('added file: private-foo<')
181 response.mustcontain('added file: private-foo<')
182 response.mustcontain('private gist test')
182 response.mustcontain('private gist test')
183 response.mustcontain('Private Gist')
183 response.mustcontain('Private Gist')
184 # Make sure private gists are not indexed by robots
184 # Make sure private gists are not indexed by robots
185 response.mustcontain(
185 response.mustcontain(
186 '<meta name="robots" content="noindex, nofollow">')
186 '<meta name="robots" content="noindex, nofollow">')
187
187
188 def test_create_private_acl_private(self):
188 def test_create_private_acl_private(self):
189 self.log_user()
189 self.log_user()
190 response = self.app.post(
190 response = self.app.post(
191 url('gists'),
191 url('gists'),
192 params={'lifetime': -1,
192 params={'lifetime': -1,
193 'content': 'private gist test',
193 'content': 'private gist test',
194 'filename': 'private-foo',
194 'filename': 'private-foo',
195 'private': 'private',
195 'private': 'private',
196 'gist_acl_level': Gist.ACL_LEVEL_PRIVATE,
196 'gist_acl_level': Gist.ACL_LEVEL_PRIVATE,
197 'csrf_token': self.csrf_token},
197 'csrf_token': self.csrf_token},
198 status=302)
198 status=302)
199 response = response.follow()
199 response = response.follow()
200 response.mustcontain('added file: private-foo<')
200 response.mustcontain('added file: private-foo<')
201 response.mustcontain('private gist test')
201 response.mustcontain('private gist test')
202 response.mustcontain('Private Gist')
202 response.mustcontain('Private Gist')
203 # Make sure private gists are not indexed by robots
203 # Make sure private gists are not indexed by robots
204 response.mustcontain(
204 response.mustcontain(
205 '<meta name="robots" content="noindex, nofollow">')
205 '<meta name="robots" content="noindex, nofollow">')
206
206
207 def test_create_with_description(self):
207 def test_create_with_description(self):
208 self.log_user()
208 self.log_user()
209 response = self.app.post(
209 response = self.app.post(
210 url('gists'),
210 url('gists'),
211 params={'lifetime': -1,
211 params={'lifetime': -1,
212 'content': 'gist test',
212 'content': 'gist test',
213 'filename': 'foo-desc',
213 'filename': 'foo-desc',
214 'description': 'gist-desc',
214 'description': 'gist-desc',
215 'public': 'public',
215 'public': 'public',
216 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
216 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
217 'csrf_token': self.csrf_token},
217 'csrf_token': self.csrf_token},
218 status=302)
218 status=302)
219 response = response.follow()
219 response = response.follow()
220 response.mustcontain('added file: foo-desc')
220 response.mustcontain('added file: foo-desc')
221 response.mustcontain('gist test')
221 response.mustcontain('gist test')
222 response.mustcontain('gist-desc')
222 response.mustcontain('gist-desc')
223
223
224 def test_create_public_with_anonymous_access(self):
224 def test_create_public_with_anonymous_access(self):
225 self.log_user()
225 self.log_user()
226 params = {
226 params = {
227 'lifetime': -1,
227 'lifetime': -1,
228 'content': 'gist test',
228 'content': 'gist test',
229 'filename': 'foo-desc',
229 'filename': 'foo-desc',
230 'description': 'gist-desc',
230 'description': 'gist-desc',
231 'public': 'public',
231 'public': 'public',
232 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
232 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
233 'csrf_token': self.csrf_token
233 'csrf_token': self.csrf_token
234 }
234 }
235 response = self.app.post(url('gists'), params=params, status=302)
235 response = self.app.post(url('gists'), params=params, status=302)
236 self.logout_user()
236 self.logout_user()
237 response = response.follow()
237 response = response.follow()
238 response.mustcontain('added file: foo-desc')
238 response.mustcontain('added file: foo-desc')
239 response.mustcontain('gist test')
239 response.mustcontain('gist test')
240 response.mustcontain('gist-desc')
240 response.mustcontain('gist-desc')
241
241
242 def test_new(self):
242 def test_new(self):
243 self.log_user()
243 self.log_user()
244 self.app.get(url('new_gist'))
244 self.app.get(url('new_gist'))
245
245
246 def test_delete(self, create_gist):
246 def test_delete(self, create_gist):
247 self.log_user()
247 self.log_user()
248 gist = create_gist('delete-me')
248 gist = create_gist('delete-me')
249 response = self.app.post(
249 response = self.app.post(
250 url('gist', gist_id=gist.gist_id),
250 url('gist', gist_id=gist.gist_id),
251 params={'_method': 'delete', 'csrf_token': self.csrf_token})
251 params={'_method': 'delete', 'csrf_token': self.csrf_token})
252 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
252 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
253
253
254 def test_delete_normal_user_his_gist(self, create_gist):
254 def test_delete_normal_user_his_gist(self, create_gist):
255 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
255 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
256 gist = create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
256 gist = create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
257 response = self.app.post(
257 response = self.app.post(
258 url('gist', gist_id=gist.gist_id),
258 url('gist', gist_id=gist.gist_id),
259 params={'_method': 'delete', 'csrf_token': self.csrf_token})
259 params={'_method': 'delete', 'csrf_token': self.csrf_token})
260 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
260 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
261
261
262 def test_delete_normal_user_not_his_own_gist(self, create_gist):
262 def test_delete_normal_user_not_his_own_gist(self, create_gist):
263 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
263 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
264 gist = create_gist('delete-me')
264 gist = create_gist('delete-me')
265 self.app.post(
265 self.app.post(
266 url('gist', gist_id=gist.gist_id),
266 url('gist', gist_id=gist.gist_id),
267 params={'_method': 'delete', 'csrf_token': self.csrf_token},
267 params={'_method': 'delete', 'csrf_token': self.csrf_token},
268 status=403)
268 status=403)
269
269
270 def test_show(self, create_gist):
270 def test_show(self, create_gist):
271 gist = create_gist('gist-show-me')
271 gist = create_gist('gist-show-me')
272 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
272 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
273
273
274 response.mustcontain('added file: gist-show-me<')
274 response.mustcontain('added file: gist-show-me<')
275
275
276 assert_response = AssertResponse(response)
276 assert_response = AssertResponse(response)
277 assert_response.element_equals_to(
277 assert_response.element_equals_to(
278 'div.rc-user span.user',
278 'div.rc-user span.user',
279 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
279 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
280
280
281 response.mustcontain('gist-desc')
281 response.mustcontain('gist-desc')
282
282
283 def test_show_without_hg(self, create_gist):
283 def test_show_without_hg(self, create_gist):
284 with mock.patch(
284 with mock.patch(
285 'rhodecode.lib.vcs.settings.ALIASES', ['git']):
285 'rhodecode.lib.vcs.settings.ALIASES', ['git']):
286 gist = create_gist('gist-show-me-again')
286 gist = create_gist('gist-show-me-again')
287 self.app.get(url('gist', gist_id=gist.gist_access_id), status=200)
287 self.app.get(url('gist', gist_id=gist.gist_access_id), status=200)
288
288
289 def test_show_acl_private(self, create_gist):
289 def test_show_acl_private(self, create_gist):
290 gist = create_gist('gist-show-me-only-when-im-logged-in',
290 gist = create_gist('gist-show-me-only-when-im-logged-in',
291 acl_level=Gist.ACL_LEVEL_PRIVATE)
291 acl_level=Gist.ACL_LEVEL_PRIVATE)
292 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
292 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
293
293
294 # now we log-in we should see thi gist
294 # now we log-in we should see thi gist
295 self.log_user()
295 self.log_user()
296 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
296 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
297 response.mustcontain('added file: gist-show-me-only-when-im-logged-in')
297 response.mustcontain('added file: gist-show-me-only-when-im-logged-in')
298
298
299 assert_response = AssertResponse(response)
299 assert_response = AssertResponse(response)
300 assert_response.element_equals_to(
300 assert_response.element_equals_to(
301 'div.rc-user span.user',
301 'div.rc-user span.user',
302 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
302 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
303 response.mustcontain('gist-desc')
303 response.mustcontain('gist-desc')
304
304
305 def test_show_as_raw(self, create_gist):
305 def test_show_as_raw(self, create_gist):
306 gist = create_gist('gist-show-me', content='GIST CONTENT')
306 gist = create_gist('gist-show-me', content='GIST CONTENT')
307 response = self.app.get(url('formatted_gist',
307 response = self.app.get(url('formatted_gist',
308 gist_id=gist.gist_access_id, format='raw'))
308 gist_id=gist.gist_access_id, format='raw'))
309 assert response.body == 'GIST CONTENT'
309 assert response.body == 'GIST CONTENT'
310
310
311 def test_show_as_raw_individual_file(self, create_gist):
311 def test_show_as_raw_individual_file(self, create_gist):
312 gist = create_gist('gist-show-me-raw', content='GIST BODY')
312 gist = create_gist('gist-show-me-raw', content='GIST BODY')
313 response = self.app.get(url('formatted_gist_file',
313 response = self.app.get(url('formatted_gist_file',
314 gist_id=gist.gist_access_id, format='raw',
314 gist_id=gist.gist_access_id, format='raw',
315 revision='tip', f_path='gist-show-me-raw'))
315 revision='tip', f_path='gist-show-me-raw'))
316 assert response.body == 'GIST BODY'
316 assert response.body == 'GIST BODY'
317
317
318 def test_edit_page(self, create_gist):
318 def test_edit_page(self, create_gist):
319 self.log_user()
319 self.log_user()
320 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
320 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
321 response = self.app.get(url('edit_gist', gist_id=gist.gist_access_id))
321 response = self.app.get(url('edit_gist', gist_id=gist.gist_access_id))
322 response.mustcontain('GIST EDIT BODY')
322 response.mustcontain('GIST EDIT BODY')
323
323
324 def test_edit_page_non_logged_user(self, create_gist):
324 def test_edit_page_non_logged_user(self, create_gist):
325 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
325 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
326 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=302)
326 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=302)
327
327
328 def test_edit_normal_user_his_gist(self, create_gist):
328 def test_edit_normal_user_his_gist(self, create_gist):
329 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
329 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
330 gist = create_gist('gist-for-edit', owner=TEST_USER_REGULAR_LOGIN)
330 gist = create_gist('gist-for-edit', owner=TEST_USER_REGULAR_LOGIN)
331 self.app.get(url('edit_gist', gist_id=gist.gist_access_id, status=200))
331 self.app.get(url('edit_gist', gist_id=gist.gist_access_id, status=200))
332
332
333 def test_edit_normal_user_not_his_own_gist(self, create_gist):
333 def test_edit_normal_user_not_his_own_gist(self, create_gist):
334 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
334 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
335 gist = create_gist('delete-me')
335 gist = create_gist('delete-me')
336 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=403)
336 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=403)
337
337
338 def test_user_first_name_is_escaped(self, user_util, create_gist):
338 def test_user_first_name_is_escaped(self, user_util, create_gist):
339 xss_atack_string = '"><script>alert(\'First Name\')</script>'
339 xss_atack_string = '"><script>alert(\'First Name\')</script>'
340 xss_escaped_string = (
340 xss_escaped_string = (
341 '&#34;&gt;&lt;script&gt;alert(&#39;First Name&#39;)&lt;/script'
341 '&#34;&gt;&lt;script&gt;alert(&#39;First Name&#39;)&lt;/script'
342 '&gt;')
342 '&gt;')
343 password = 'test'
343 password = 'test'
344 user = user_util.create_user(
344 user = user_util.create_user(
345 firstname=xss_atack_string, password=password)
345 firstname=xss_atack_string, password=password)
346 create_gist('gist', gist_type='public', owner=user.username)
346 create_gist('gist', gist_type='public', owner=user.username)
347 response = self.app.get(url('gists'))
347 response = self.app.get(url('gists'))
348 response.mustcontain(xss_escaped_string)
348 response.mustcontain(xss_escaped_string)
349
349
350 def test_user_last_name_is_escaped(self, user_util, create_gist):
350 def test_user_last_name_is_escaped(self, user_util, create_gist):
351 xss_atack_string = '"><script>alert(\'Last Name\')</script>'
351 xss_atack_string = '"><script>alert(\'Last Name\')</script>'
352 xss_escaped_string = (
352 xss_escaped_string = (
353 '&#34;&gt;&lt;script&gt;alert(&#39;Last Name&#39;)&lt;/script&gt;')
353 '&#34;&gt;&lt;script&gt;alert(&#39;Last Name&#39;)&lt;/script&gt;')
354 password = 'test'
354 password = 'test'
355 user = user_util.create_user(
355 user = user_util.create_user(
356 lastname=xss_atack_string, password=password)
356 lastname=xss_atack_string, password=password)
357 create_gist('gist', gist_type='public', owner=user.username)
357 create_gist('gist', gist_type='public', owner=user.username)
358 response = self.app.get(url('gists'))
358 response = self.app.get(url('gists'))
359 response.mustcontain(xss_escaped_string)
359 response.mustcontain(xss_escaped_string)
General Comments 0
You need to be logged in to leave comments. Login now