Show More
| @@ -499,6 +499,7 b' def make_map(config):' | |||||
| 499 | ) |
|
499 | ) | |
| 500 |
|
500 | |||
| 501 | #LOGIN/LOGOUT/REGISTER/SIGN IN |
|
501 | #LOGIN/LOGOUT/REGISTER/SIGN IN | |
|
|
502 | rmap.connect('authentication_token', '%s/authentication_token' % ADMIN_PREFIX, controller='login', action='authentication_token') | |||
| 502 | rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login') |
|
503 | rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login') | |
| 503 | rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login', |
|
504 | rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login', | |
| 504 | action='logout') |
|
505 | action='logout') | |
| @@ -270,3 +270,11 b' class LoginController(BaseController):' | |||||
| 270 | session.delete() |
|
270 | session.delete() | |
| 271 | log.info('Logging out and deleting session for user') |
|
271 | log.info('Logging out and deleting session for user') | |
| 272 | redirect(url('home')) |
|
272 | redirect(url('home')) | |
|
|
273 | ||||
|
|
274 | def authentication_token(self): | |||
|
|
275 | """Return the CSRF protection token for the session - just like it | |||
|
|
276 | could have been screen scrabed from a page with a form. | |||
|
|
277 | Only intended for testing but might also be useful for other kinds | |||
|
|
278 | of automation. | |||
|
|
279 | """ | |||
|
|
280 | return h.authentication_token() | |||
| @@ -213,6 +213,9 b' class TestController(BaseTestCase):' | |||||
| 213 | def _get_logged_user(self): |
|
213 | def _get_logged_user(self): | |
| 214 | return User.get_by_username(self._logged_username) |
|
214 | return User.get_by_username(self._logged_username) | |
| 215 |
|
215 | |||
|
|
216 | def authentication_token(self): | |||
|
|
217 | return self.app.get(url('authentication_token')).body | |||
|
|
218 | ||||
| 216 | def checkSessionFlash(self, response, msg, skip=0): |
|
219 | def checkSessionFlash(self, response, msg, skip=0): | |
| 217 | if 'flash' not in response.session: |
|
220 | if 'flash' not in response.session: | |
| 218 | self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg)) |
|
221 | self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg)) | |
| @@ -6,7 +6,7 b' class TestAuthSettingsController(TestCon' | |||||
| 6 | def _enable_plugins(self, plugins_list): |
|
6 | def _enable_plugins(self, plugins_list): | |
| 7 | test_url = url(controller='admin/auth_settings', |
|
7 | test_url = url(controller='admin/auth_settings', | |
| 8 | action='auth_settings') |
|
8 | action='auth_settings') | |
| 9 | params={'auth_plugins': plugins_list,} |
|
9 | params={'auth_plugins': plugins_list, '_authentication_token': self.authentication_token()} | |
| 10 |
|
10 | |||
| 11 | for plugin in plugins_list.split(','): |
|
11 | for plugin in plugins_list.split(','): | |
| 12 | enable = plugin.partition('kallithea.lib.auth_modules.')[-1] |
|
12 | enable = plugin.partition('kallithea.lib.auth_modules.')[-1] | |
| @@ -32,10 +32,12 b' class TestDefaultsController(TestControl' | |||||
| 32 | 'default_repo_enable_statistics': True, |
|
32 | 'default_repo_enable_statistics': True, | |
| 33 | 'default_repo_private': True, |
|
33 | 'default_repo_private': True, | |
| 34 | 'default_repo_type': 'hg', |
|
34 | 'default_repo_type': 'hg', | |
|
|
35 | '_authentication_token': self.authentication_token(), | |||
| 35 | } |
|
36 | } | |
| 36 | response = self.app.put(url('default', id='default'), params=params) |
|
37 | response = self.app.put(url('default', id='default'), params=params) | |
| 37 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
38 | self.checkSessionFlash(response, 'Default settings updated successfully') | |
| 38 |
|
39 | |||
|
|
40 | params.pop('_authentication_token') | |||
| 39 | defs = Setting.get_default_repo_settings() |
|
41 | defs = Setting.get_default_repo_settings() | |
| 40 | self.assertEqual(params, defs) |
|
42 | self.assertEqual(params, defs) | |
| 41 |
|
43 | |||
| @@ -47,20 +49,23 b' class TestDefaultsController(TestControl' | |||||
| 47 | 'default_repo_enable_statistics': False, |
|
49 | 'default_repo_enable_statistics': False, | |
| 48 | 'default_repo_private': False, |
|
50 | 'default_repo_private': False, | |
| 49 | 'default_repo_type': 'git', |
|
51 | 'default_repo_type': 'git', | |
|
|
52 | '_authentication_token': self.authentication_token(), | |||
| 50 | } |
|
53 | } | |
| 51 | response = self.app.put(url('default', id='default'), params=params) |
|
54 | response = self.app.put(url('default', id='default'), params=params) | |
| 52 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
55 | self.checkSessionFlash(response, 'Default settings updated successfully') | |
|
|
56 | ||||
|
|
57 | params.pop('_authentication_token') | |||
| 53 | defs = Setting.get_default_repo_settings() |
|
58 | defs = Setting.get_default_repo_settings() | |
| 54 | self.assertEqual(params, defs) |
|
59 | self.assertEqual(params, defs) | |
| 55 |
|
60 | |||
| 56 | def test_update_browser_fakeout(self): |
|
61 | def test_update_browser_fakeout(self): | |
| 57 | response = self.app.post(url('default', id=1), params=dict(_method='put')) |
|
62 | response = self.app.post(url('default', id=1), params=dict(_method='put', _authentication_token=self.authentication_token())) | |
| 58 |
|
63 | |||
| 59 | def test_delete(self): |
|
64 | def test_delete(self): | |
| 60 | response = self.app.delete(url('default', id=1)) |
|
65 | response = self.app.delete(url('default', id=1)) | |
| 61 |
|
66 | |||
| 62 | def test_delete_browser_fakeout(self): |
|
67 | def test_delete_browser_fakeout(self): | |
| 63 | response = self.app.post(url('default', id=1), params=dict(_method='delete')) |
|
68 | response = self.app.post(url('default', id=1), params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
| 64 |
|
69 | |||
| 65 | def test_show(self): |
|
70 | def test_show(self): | |
| 66 | response = self.app.get(url('default', id=1)) |
|
71 | response = self.app.get(url('default', id=1)) | |
| @@ -56,7 +56,8 b' class TestGistsController(TestController' | |||||
| 56 | def test_create_missing_description(self): |
|
56 | def test_create_missing_description(self): | |
| 57 | self.log_user() |
|
57 | self.log_user() | |
| 58 | response = self.app.post(url('gists'), |
|
58 | response = self.app.post(url('gists'), | |
| 59 |
params={'lifetime': -1}, |
|
59 | params={'lifetime': -1, '_authentication_token': self.authentication_token()}, | |
|
|
60 | status=200) | |||
| 60 |
|
61 | |||
| 61 | response.mustcontain('Missing value') |
|
62 | response.mustcontain('Missing value') | |
| 62 |
|
63 | |||
| @@ -66,7 +67,8 b' class TestGistsController(TestController' | |||||
| 66 | params={'lifetime': -1, |
|
67 | params={'lifetime': -1, | |
| 67 | 'content': 'gist test', |
|
68 | 'content': 'gist test', | |
| 68 | 'filename': 'foo', |
|
69 | 'filename': 'foo', | |
| 69 |
'public': 'public' |
|
70 | 'public': 'public', | |
|
|
71 | '_authentication_token': self.authentication_token()}, | |||
| 70 | status=302) |
|
72 | status=302) | |
| 71 | response = response.follow() |
|
73 | response = response.follow() | |
| 72 | response.mustcontain('added file: foo') |
|
74 | response.mustcontain('added file: foo') | |
| @@ -79,7 +81,8 b' class TestGistsController(TestController' | |||||
| 79 | params={'lifetime': -1, |
|
81 | params={'lifetime': -1, | |
| 80 | 'content': 'gist test', |
|
82 | 'content': 'gist test', | |
| 81 | 'filename': '/home/foo', |
|
83 | 'filename': '/home/foo', | |
| 82 |
'public': 'public' |
|
84 | 'public': 'public', | |
|
|
85 | '_authentication_token': self.authentication_token()}, | |||
| 83 | status=200) |
|
86 | status=200) | |
| 84 | response.mustcontain('Filename cannot be inside a directory') |
|
87 | response.mustcontain('Filename cannot be inside a directory') | |
| 85 |
|
88 | |||
| @@ -98,7 +101,8 b' class TestGistsController(TestController' | |||||
| 98 | params={'lifetime': -1, |
|
101 | params={'lifetime': -1, | |
| 99 | 'content': 'private gist test', |
|
102 | 'content': 'private gist test', | |
| 100 | 'filename': 'private-foo', |
|
103 | 'filename': 'private-foo', | |
| 101 |
'private': 'private' |
|
104 | 'private': 'private', | |
|
|
105 | '_authentication_token': self.authentication_token()}, | |||
| 102 | status=302) |
|
106 | status=302) | |
| 103 | response = response.follow() |
|
107 | response = response.follow() | |
| 104 | response.mustcontain('added file: private-foo<') |
|
108 | response.mustcontain('added file: private-foo<') | |
| @@ -112,7 +116,8 b' class TestGistsController(TestController' | |||||
| 112 | 'content': 'gist test', |
|
116 | 'content': 'gist test', | |
| 113 | 'filename': 'foo-desc', |
|
117 | 'filename': 'foo-desc', | |
| 114 | 'description': 'gist-desc', |
|
118 | 'description': 'gist-desc', | |
| 115 |
'public': 'public' |
|
119 | 'public': 'public', | |
|
|
120 | '_authentication_token': self.authentication_token()}, | |||
| 116 | status=302) |
|
121 | status=302) | |
| 117 | response = response.follow() |
|
122 | response = response.follow() | |
| 118 | response.mustcontain('added file: foo-desc') |
|
123 | response.mustcontain('added file: foo-desc') | |
| @@ -18,7 +18,8 b' class TestAdminPermissionsController(Tes' | |||||
| 18 | self.log_user() |
|
18 | self.log_user() | |
| 19 | default_user_id = User.get_default_user().user_id |
|
19 | default_user_id = User.get_default_user().user_id | |
| 20 | response = self.app.put(url('edit_user_ips', id=default_user_id), |
|
20 | response = self.app.put(url('edit_user_ips', id=default_user_id), | |
| 21 |
params=dict(new_ip='127.0.0.0/24' |
|
21 | params=dict(new_ip='127.0.0.0/24', | |
|
|
22 | _authentication_token=self.authentication_token())) | |||
| 22 |
|
23 | |||
| 23 | response = self.app.get(url('admin_permissions_ips')) |
|
24 | response = self.app.get(url('admin_permissions_ips')) | |
| 24 | response.mustcontain('127.0.0.0/24') |
|
25 | response.mustcontain('127.0.0.0/24') | |
| @@ -31,7 +32,8 b' class TestAdminPermissionsController(Tes' | |||||
| 31 |
|
32 | |||
| 32 | response = self.app.post(url('edit_user_ips', id=default_user_id), |
|
33 | response = self.app.post(url('edit_user_ips', id=default_user_id), | |
| 33 | params=dict(_method='delete', |
|
34 | params=dict(_method='delete', | |
| 34 |
del_ip_id=del_ip_id |
|
35 | del_ip_id=del_ip_id, | |
|
|
36 | _authentication_token=self.authentication_token())) | |||
| 35 |
|
37 | |||
| 36 | response = self.app.get(url('admin_permissions_ips')) |
|
38 | response = self.app.get(url('admin_permissions_ips')) | |
| 37 | response.mustcontain('All IP addresses are allowed') |
|
39 | response.mustcontain('All IP addresses are allowed') | |
| @@ -56,7 +56,8 b' class _BaseTest(TestController):' | |||||
| 56 | fixture._get_repo_create_params(repo_private=False, |
|
56 | fixture._get_repo_create_params(repo_private=False, | |
| 57 | repo_name=repo_name, |
|
57 | repo_name=repo_name, | |
| 58 | repo_type=self.REPO_TYPE, |
|
58 | repo_type=self.REPO_TYPE, | |
| 59 |
repo_description=description |
|
59 | repo_description=description, | |
|
|
60 | _authentication_token=self.authentication_token())) | |||
| 60 | ## run the check page that triggers the flash message |
|
61 | ## run the check page that triggers the flash message | |
| 61 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
62 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
| 62 | self.assertEqual(response.json, {u'result': True}) |
|
63 | self.assertEqual(response.json, {u'result': True}) | |
| @@ -96,7 +97,8 b' class _BaseTest(TestController):' | |||||
| 96 | fixture._get_repo_create_params(repo_private=False, |
|
97 | fixture._get_repo_create_params(repo_private=False, | |
| 97 | repo_name=repo_name, |
|
98 | repo_name=repo_name, | |
| 98 | repo_type=self.REPO_TYPE, |
|
99 | repo_type=self.REPO_TYPE, | |
| 99 |
repo_description=description |
|
100 | repo_description=description, | |
|
|
101 | _authentication_token=self.authentication_token())) | |||
| 100 | ## run the check page that triggers the flash message |
|
102 | ## run the check page that triggers the flash message | |
| 101 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
103 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
| 102 | self.assertEqual(response.json, {u'result': True}) |
|
104 | self.assertEqual(response.json, {u'result': True}) | |
| @@ -139,7 +141,8 b' class _BaseTest(TestController):' | |||||
| 139 | repo_name=repo_name, |
|
141 | repo_name=repo_name, | |
| 140 | repo_type=self.REPO_TYPE, |
|
142 | repo_type=self.REPO_TYPE, | |
| 141 | repo_description=description, |
|
143 | repo_description=description, | |
| 142 |
repo_group=gr.group_id, |
|
144 | repo_group=gr.group_id, | |
|
|
145 | _authentication_token=self.authentication_token())) | |||
| 143 | ## run the check page that triggers the flash message |
|
146 | ## run the check page that triggers the flash message | |
| 144 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
147 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
| 145 | self.assertEqual(response.json, {u'result': True}) |
|
148 | self.assertEqual(response.json, {u'result': True}) | |
| @@ -177,6 +180,8 b' class _BaseTest(TestController):' | |||||
| 177 |
|
180 | |||
| 178 | def test_create_in_group_without_needed_permissions(self): |
|
181 | def test_create_in_group_without_needed_permissions(self): | |
| 179 | usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) |
|
182 | usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) | |
|
|
183 | # avoid spurious RepoGroup DetachedInstanceError ... | |||
|
|
184 | authentication_token = self.authentication_token() | |||
| 180 | # revoke |
|
185 | # revoke | |
| 181 | user_model = UserModel() |
|
186 | user_model = UserModel() | |
| 182 | # disable fork and create on default user |
|
187 | # disable fork and create on default user | |
| @@ -213,7 +218,8 b' class _BaseTest(TestController):' | |||||
| 213 | repo_name=repo_name, |
|
218 | repo_name=repo_name, | |
| 214 | repo_type=self.REPO_TYPE, |
|
219 | repo_type=self.REPO_TYPE, | |
| 215 | repo_description=description, |
|
220 | repo_description=description, | |
| 216 |
repo_group=gr.group_id, |
|
221 | repo_group=gr.group_id, | |
|
|
222 | _authentication_token=authentication_token)) | |||
| 217 |
|
223 | |||
| 218 | response.mustcontain('Invalid value') |
|
224 | response.mustcontain('Invalid value') | |
| 219 |
|
225 | |||
| @@ -226,7 +232,8 b' class _BaseTest(TestController):' | |||||
| 226 | repo_name=repo_name, |
|
232 | repo_name=repo_name, | |
| 227 | repo_type=self.REPO_TYPE, |
|
233 | repo_type=self.REPO_TYPE, | |
| 228 | repo_description=description, |
|
234 | repo_description=description, | |
| 229 |
repo_group=gr_allowed.group_id, |
|
235 | repo_group=gr_allowed.group_id, | |
|
|
236 | _authentication_token=authentication_token)) | |||
| 230 |
|
237 | |||
| 231 | ## run the check page that triggers the flash message |
|
238 | ## run the check page that triggers the flash message | |
| 232 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
239 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
| @@ -287,7 +294,8 b' class _BaseTest(TestController):' | |||||
| 287 | repo_type=self.REPO_TYPE, |
|
294 | repo_type=self.REPO_TYPE, | |
| 288 | repo_description=description, |
|
295 | repo_description=description, | |
| 289 | repo_group=gr.group_id, |
|
296 | repo_group=gr.group_id, | |
| 290 |
repo_copy_permissions=True |
|
297 | repo_copy_permissions=True, | |
|
|
298 | _authentication_token=self.authentication_token())) | |||
| 291 |
|
299 | |||
| 292 | ## run the check page that triggers the flash message |
|
300 | ## run the check page that triggers the flash message | |
| 293 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
301 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
| @@ -338,7 +346,8 b' class _BaseTest(TestController):' | |||||
| 338 | repo_name=repo_name, |
|
346 | repo_name=repo_name, | |
| 339 | repo_type=self.REPO_TYPE, |
|
347 | repo_type=self.REPO_TYPE, | |
| 340 | repo_description=description, |
|
348 | repo_description=description, | |
| 341 |
clone_uri='http://127.0.0.1/repo' |
|
349 | clone_uri='http://127.0.0.1/repo', | |
|
|
350 | _authentication_token=self.authentication_token())) | |||
| 342 | response.mustcontain('invalid clone URL') |
|
351 | response.mustcontain('invalid clone URL') | |
| 343 |
|
352 | |||
| 344 |
|
353 | |||
| @@ -351,7 +360,8 b' class _BaseTest(TestController):' | |||||
| 351 | repo_name=repo_name, |
|
360 | repo_name=repo_name, | |
| 352 | repo_type=self.REPO_TYPE, |
|
361 | repo_type=self.REPO_TYPE, | |
| 353 | repo_description=description, |
|
362 | repo_description=description, | |
| 354 |
clone_uri='svn+http://127.0.0.1/repo' |
|
363 | clone_uri='svn+http://127.0.0.1/repo', | |
|
|
364 | _authentication_token=self.authentication_token())) | |||
| 355 | response.mustcontain('invalid clone URL') |
|
365 | response.mustcontain('invalid clone URL') | |
| 356 |
|
366 | |||
| 357 |
|
367 | |||
| @@ -363,7 +373,8 b' class _BaseTest(TestController):' | |||||
| 363 | fixture._get_repo_create_params(repo_private=False, |
|
373 | fixture._get_repo_create_params(repo_private=False, | |
| 364 | repo_type=self.REPO_TYPE, |
|
374 | repo_type=self.REPO_TYPE, | |
| 365 | repo_name=repo_name, |
|
375 | repo_name=repo_name, | |
| 366 |
repo_description=description |
|
376 | repo_description=description, | |
|
|
377 | _authentication_token=self.authentication_token())) | |||
| 367 | ## run the check page that triggers the flash message |
|
378 | ## run the check page that triggers the flash message | |
| 368 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
379 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
| 369 | self.checkSessionFlash(response, |
|
380 | self.checkSessionFlash(response, | |
| @@ -413,7 +424,8 b' class _BaseTest(TestController):' | |||||
| 413 | fixture._get_repo_create_params(repo_private=False, |
|
424 | fixture._get_repo_create_params(repo_private=False, | |
| 414 | repo_name=repo_name, |
|
425 | repo_name=repo_name, | |
| 415 | repo_type=self.REPO_TYPE, |
|
426 | repo_type=self.REPO_TYPE, | |
| 416 |
repo_description=description |
|
427 | repo_description=description, | |
|
|
428 | _authentication_token=self.authentication_token())) | |||
| 417 | ## run the check page that triggers the flash message |
|
429 | ## run the check page that triggers the flash message | |
| 418 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
430 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
| 419 | self.assertEqual(response.json, {u'result': True}) |
|
431 | self.assertEqual(response.json, {u'result': True}) | |
| @@ -457,7 +469,7 b' class _BaseTest(TestController):' | |||||
| 457 |
|
469 | |||
| 458 | def test_delete_browser_fakeout(self): |
|
470 | def test_delete_browser_fakeout(self): | |
| 459 | response = self.app.post(url('repo', repo_name=self.REPO), |
|
471 | response = self.app.post(url('repo', repo_name=self.REPO), | |
| 460 | params=dict(_method='delete')) |
|
472 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
| 461 |
|
473 | |||
| 462 | def test_show(self): |
|
474 | def test_show(self): | |
| 463 | self.log_user() |
|
475 | self.log_user() | |
| @@ -478,7 +490,8 b' class _BaseTest(TestController):' | |||||
| 478 | fixture._get_repo_create_params(repo_private=1, |
|
490 | fixture._get_repo_create_params(repo_private=1, | |
| 479 | repo_name=self.REPO, |
|
491 | repo_name=self.REPO, | |
| 480 | repo_type=self.REPO_TYPE, |
|
492 | repo_type=self.REPO_TYPE, | |
| 481 |
user=TEST_USER_ADMIN_LOGIN |
|
493 | user=TEST_USER_ADMIN_LOGIN, | |
|
|
494 | _authentication_token=self.authentication_token())) | |||
| 482 | self.checkSessionFlash(response, |
|
495 | self.checkSessionFlash(response, | |
| 483 | msg='Repository %s updated successfully' % (self.REPO)) |
|
496 | msg='Repository %s updated successfully' % (self.REPO)) | |
| 484 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) |
|
497 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) | |
| @@ -492,7 +505,8 b' class _BaseTest(TestController):' | |||||
| 492 | fixture._get_repo_create_params(repo_private=False, |
|
505 | fixture._get_repo_create_params(repo_private=False, | |
| 493 | repo_name=self.REPO, |
|
506 | repo_name=self.REPO, | |
| 494 | repo_type=self.REPO_TYPE, |
|
507 | repo_type=self.REPO_TYPE, | |
| 495 |
user=TEST_USER_ADMIN_LOGIN |
|
508 | user=TEST_USER_ADMIN_LOGIN, | |
|
|
509 | _authentication_token=self.authentication_token())) | |||
| 496 | self.checkSessionFlash(response, |
|
510 | self.checkSessionFlash(response, | |
| 497 | msg='Repository %s updated successfully' % (self.REPO)) |
|
511 | msg='Repository %s updated successfully' % (self.REPO)) | |
| 498 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) |
|
512 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) | |
| @@ -521,7 +535,7 b' class _BaseTest(TestController):' | |||||
| 521 | repo = Repository.get_by_repo_name(self.REPO) |
|
535 | repo = Repository.get_by_repo_name(self.REPO) | |
| 522 | repo2 = Repository.get_by_repo_name(other_repo) |
|
536 | repo2 = Repository.get_by_repo_name(other_repo) | |
| 523 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
537 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
| 524 | params=dict(id_fork_of=repo2.repo_id)) |
|
538 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
| 525 | repo = Repository.get_by_repo_name(self.REPO) |
|
539 | repo = Repository.get_by_repo_name(self.REPO) | |
| 526 | repo2 = Repository.get_by_repo_name(other_repo) |
|
540 | repo2 = Repository.get_by_repo_name(other_repo) | |
| 527 | self.checkSessionFlash(response, |
|
541 | self.checkSessionFlash(response, | |
| @@ -542,7 +556,7 b' class _BaseTest(TestController):' | |||||
| 542 | repo = Repository.get_by_repo_name(self.REPO) |
|
556 | repo = Repository.get_by_repo_name(self.REPO) | |
| 543 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
557 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
| 544 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
558 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
| 545 | params=dict(id_fork_of=repo2.repo_id)) |
|
559 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
| 546 | repo = Repository.get_by_repo_name(self.REPO) |
|
560 | repo = Repository.get_by_repo_name(self.REPO) | |
| 547 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
561 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
| 548 | self.checkSessionFlash(response, |
|
562 | self.checkSessionFlash(response, | |
| @@ -552,7 +566,7 b' class _BaseTest(TestController):' | |||||
| 552 | self.log_user() |
|
566 | self.log_user() | |
| 553 | ## mark it as None |
|
567 | ## mark it as None | |
| 554 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
568 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
| 555 | params=dict(id_fork_of=None)) |
|
569 | params=dict(id_fork_of=None, _authentication_token=self.authentication_token())) | |
| 556 | repo = Repository.get_by_repo_name(self.REPO) |
|
570 | repo = Repository.get_by_repo_name(self.REPO) | |
| 557 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
571 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
| 558 | self.checkSessionFlash(response, |
|
572 | self.checkSessionFlash(response, | |
| @@ -564,7 +578,7 b' class _BaseTest(TestController):' | |||||
| 564 | self.log_user() |
|
578 | self.log_user() | |
| 565 | repo = Repository.get_by_repo_name(self.REPO) |
|
579 | repo = Repository.get_by_repo_name(self.REPO) | |
| 566 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
580 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
| 567 | params=dict(id_fork_of=repo.repo_id)) |
|
581 | params=dict(id_fork_of=repo.repo_id, _authentication_token=self.authentication_token())) | |
| 568 | self.checkSessionFlash(response, |
|
582 | self.checkSessionFlash(response, | |
| 569 | 'An error occurred during this operation') |
|
583 | 'An error occurred during this operation') | |
| 570 |
|
584 | |||
| @@ -594,7 +608,8 b' class _BaseTest(TestController):' | |||||
| 594 | fixture._get_repo_create_params(repo_private=False, |
|
608 | fixture._get_repo_create_params(repo_private=False, | |
| 595 | repo_name=repo_name, |
|
609 | repo_name=repo_name, | |
| 596 | repo_type=self.REPO_TYPE, |
|
610 | repo_type=self.REPO_TYPE, | |
| 597 |
repo_description=description |
|
611 | repo_description=description, | |
|
|
612 | _authentication_token=self.authentication_token())) | |||
| 598 |
|
613 | |||
| 599 | response.mustcontain('no permission to create repository in root location') |
|
614 | response.mustcontain('no permission to create repository in root location') | |
| 600 |
|
615 | |||
| @@ -611,7 +626,8 b' class _BaseTest(TestController):' | |||||
| 611 | fixture._get_repo_create_params(repo_private=False, |
|
626 | fixture._get_repo_create_params(repo_private=False, | |
| 612 | repo_name=repo_name, |
|
627 | repo_name=repo_name, | |
| 613 | repo_type=self.REPO_TYPE, |
|
628 | repo_type=self.REPO_TYPE, | |
| 614 |
repo_description=description |
|
629 | repo_description=description, | |
|
|
630 | _authentication_token=self.authentication_token())) | |||
| 615 |
|
631 | |||
| 616 | self.checkSessionFlash(response, |
|
632 | self.checkSessionFlash(response, | |
| 617 | 'Error creating repository %s' % repo_name) |
|
633 | 'Error creating repository %s' % repo_name) | |
| @@ -37,7 +37,8 b' class TestAdminSettingsController(TestCo' | |||||
| 37 | self.log_user() |
|
37 | self.log_user() | |
| 38 | response = self.app.post(url('admin_settings_hooks'), |
|
38 | response = self.app.post(url('admin_settings_hooks'), | |
| 39 | params=dict(new_hook_ui_key='test_hooks_1', |
|
39 | params=dict(new_hook_ui_key='test_hooks_1', | |
| 40 |
new_hook_ui_value='cd /tmp' |
|
40 | new_hook_ui_value='cd /tmp', | |
|
|
41 | _authentication_token=self.authentication_token())) | |||
| 41 |
|
42 | |||
| 42 | response = response.follow() |
|
43 | response = response.follow() | |
| 43 | response.mustcontain('test_hooks_1') |
|
44 | response.mustcontain('test_hooks_1') | |
| @@ -47,7 +48,8 b' class TestAdminSettingsController(TestCo' | |||||
| 47 | self.log_user() |
|
48 | self.log_user() | |
| 48 | response = self.app.post(url('admin_settings_hooks'), |
|
49 | response = self.app.post(url('admin_settings_hooks'), | |
| 49 | params=dict(new_hook_ui_key='test_hooks_2', |
|
50 | params=dict(new_hook_ui_key='test_hooks_2', | |
| 50 |
new_hook_ui_value='cd /tmp2' |
|
51 | new_hook_ui_value='cd /tmp2', | |
|
|
52 | _authentication_token=self.authentication_token())) | |||
| 51 |
|
53 | |||
| 52 | response = response.follow() |
|
54 | response = response.follow() | |
| 53 | response.mustcontain('test_hooks_2') |
|
55 | response.mustcontain('test_hooks_2') | |
| @@ -56,7 +58,7 b' class TestAdminSettingsController(TestCo' | |||||
| 56 | hook_id = Ui.get_by_key('test_hooks_2').ui_id |
|
58 | hook_id = Ui.get_by_key('test_hooks_2').ui_id | |
| 57 | ## delete |
|
59 | ## delete | |
| 58 | self.app.post(url('admin_settings_hooks'), |
|
60 | self.app.post(url('admin_settings_hooks'), | |
| 59 | params=dict(hook_id=hook_id)) |
|
61 | params=dict(hook_id=hook_id, _authentication_token=self.authentication_token())) | |
| 60 | response = self.app.get(url('admin_settings_hooks')) |
|
62 | response = self.app.get(url('admin_settings_hooks')) | |
| 61 | response.mustcontain(no=['test_hooks_2']) |
|
63 | response.mustcontain(no=['test_hooks_2']) | |
| 62 | response.mustcontain(no=['cd /tmp2']) |
|
64 | response.mustcontain(no=['cd /tmp2']) | |
| @@ -80,6 +82,7 b' class TestAdminSettingsController(TestCo' | |||||
| 80 | ga_code=new_ga_code, |
|
82 | ga_code=new_ga_code, | |
| 81 | captcha_private_key='', |
|
83 | captcha_private_key='', | |
| 82 | captcha_public_key='', |
|
84 | captcha_public_key='', | |
|
|
85 | _authentication_token=self.authentication_token(), | |||
| 83 | )) |
|
86 | )) | |
| 84 |
|
87 | |||
| 85 | self.checkSessionFlash(response, 'Updated application settings') |
|
88 | self.checkSessionFlash(response, 'Updated application settings') | |
| @@ -101,6 +104,7 b' class TestAdminSettingsController(TestCo' | |||||
| 101 | ga_code=new_ga_code, |
|
104 | ga_code=new_ga_code, | |
| 102 | captcha_private_key='', |
|
105 | captcha_private_key='', | |
| 103 | captcha_public_key='', |
|
106 | captcha_public_key='', | |
|
|
107 | _authentication_token=self.authentication_token(), | |||
| 104 | )) |
|
108 | )) | |
| 105 |
|
109 | |||
| 106 | self.checkSessionFlash(response, 'Updated application settings') |
|
110 | self.checkSessionFlash(response, 'Updated application settings') | |
| @@ -121,6 +125,7 b' class TestAdminSettingsController(TestCo' | |||||
| 121 | ga_code=new_ga_code, |
|
125 | ga_code=new_ga_code, | |
| 122 | captcha_private_key='1234567890', |
|
126 | captcha_private_key='1234567890', | |
| 123 | captcha_public_key='1234567890', |
|
127 | captcha_public_key='1234567890', | |
|
|
128 | _authentication_token=self.authentication_token(), | |||
| 124 | )) |
|
129 | )) | |
| 125 |
|
130 | |||
| 126 | self.checkSessionFlash(response, 'Updated application settings') |
|
131 | self.checkSessionFlash(response, 'Updated application settings') | |
| @@ -141,6 +146,7 b' class TestAdminSettingsController(TestCo' | |||||
| 141 | ga_code=new_ga_code, |
|
146 | ga_code=new_ga_code, | |
| 142 | captcha_private_key='', |
|
147 | captcha_private_key='', | |
| 143 | captcha_public_key='1234567890', |
|
148 | captcha_public_key='1234567890', | |
|
|
149 | _authentication_token=self.authentication_token(), | |||
| 144 | )) |
|
150 | )) | |
| 145 |
|
151 | |||
| 146 | self.checkSessionFlash(response, 'Updated application settings') |
|
152 | self.checkSessionFlash(response, 'Updated application settings') | |
| @@ -163,6 +169,7 b' class TestAdminSettingsController(TestCo' | |||||
| 163 | ga_code='', |
|
169 | ga_code='', | |
| 164 | captcha_private_key='', |
|
170 | captcha_private_key='', | |
| 165 | captcha_public_key='', |
|
171 | captcha_public_key='', | |
|
|
172 | _authentication_token=self.authentication_token(), | |||
| 166 | )) |
|
173 | )) | |
| 167 |
|
174 | |||
| 168 | self.checkSessionFlash(response, 'Updated application settings') |
|
175 | self.checkSessionFlash(response, 'Updated application settings') | |
| @@ -19,7 +19,8 b' class TestAdminUsersGroupsController(Tes' | |||||
| 19 | response = self.app.post(url('users_groups'), |
|
19 | response = self.app.post(url('users_groups'), | |
| 20 | {'users_group_name': users_group_name, |
|
20 | {'users_group_name': users_group_name, | |
| 21 | 'user_group_description': 'DESC', |
|
21 | 'user_group_description': 'DESC', | |
| 22 |
'active': True |
|
22 | 'active': True, | |
|
|
23 | '_authentication_token': self.authentication_token()}) | |||
| 23 | response.follow() |
|
24 | response.follow() | |
| 24 |
|
25 | |||
| 25 | self.checkSessionFlash(response, |
|
26 | self.checkSessionFlash(response, | |
| @@ -35,7 +36,7 b' class TestAdminUsersGroupsController(Tes' | |||||
| 35 |
|
36 | |||
| 36 | def test_update_browser_fakeout(self): |
|
37 | def test_update_browser_fakeout(self): | |
| 37 | response = self.app.post(url('users_group', id=1), |
|
38 | response = self.app.post(url('users_group', id=1), | |
| 38 | params=dict(_method='put')) |
|
39 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
| 39 |
|
40 | |||
| 40 | def test_delete(self): |
|
41 | def test_delete(self): | |
| 41 | self.log_user() |
|
42 | self.log_user() | |
| @@ -43,7 +44,8 b' class TestAdminUsersGroupsController(Tes' | |||||
| 43 | response = self.app.post(url('users_groups'), |
|
44 | response = self.app.post(url('users_groups'), | |
| 44 | {'users_group_name':users_group_name, |
|
45 | {'users_group_name':users_group_name, | |
| 45 | 'user_group_description': 'DESC', |
|
46 | 'user_group_description': 'DESC', | |
| 46 |
'active': True |
|
47 | 'active': True, | |
|
|
48 | '_authentication_token': self.authentication_token()}) | |||
| 47 | response.follow() |
|
49 | response.follow() | |
| 48 |
|
50 | |||
| 49 | self.checkSessionFlash(response, |
|
51 | self.checkSessionFlash(response, | |
| @@ -65,7 +67,8 b' class TestAdminUsersGroupsController(Tes' | |||||
| 65 | response = self.app.post(url('users_groups'), |
|
67 | response = self.app.post(url('users_groups'), | |
| 66 | {'users_group_name': users_group_name, |
|
68 | {'users_group_name': users_group_name, | |
| 67 | 'user_group_description': 'DESC', |
|
69 | 'user_group_description': 'DESC', | |
| 68 |
'active': True |
|
70 | 'active': True, | |
|
|
71 | '_authentication_token': self.authentication_token()}) | |||
| 69 | response.follow() |
|
72 | response.follow() | |
| 70 |
|
73 | |||
| 71 | ug = UserGroup.get_by_group_name(users_group_name) |
|
74 | ug = UserGroup.get_by_group_name(users_group_name) | |
| @@ -74,8 +77,8 b' class TestAdminUsersGroupsController(Tes' | |||||
| 74 | ## ENABLE REPO CREATE ON A GROUP |
|
77 | ## ENABLE REPO CREATE ON A GROUP | |
| 75 | response = self.app.put(url('edit_user_group_default_perms', |
|
78 | response = self.app.put(url('edit_user_group_default_perms', | |
| 76 | id=ug.users_group_id), |
|
79 | id=ug.users_group_id), | |
| 77 |
{'create_repo_perm': True |
|
80 | {'create_repo_perm': True, | |
| 78 |
|
81 | '_authentication_token': self.authentication_token()}) | ||
| 79 | response.follow() |
|
82 | response.follow() | |
| 80 | ug = UserGroup.get_by_group_name(users_group_name) |
|
83 | ug = UserGroup.get_by_group_name(users_group_name) | |
| 81 | p = Permission.get_by_key('hg.create.repository') |
|
84 | p = Permission.get_by_key('hg.create.repository') | |
| @@ -135,7 +138,8 b' class TestAdminUsersGroupsController(Tes' | |||||
| 135 | response = self.app.post(url('users_groups'), |
|
138 | response = self.app.post(url('users_groups'), | |
| 136 | {'users_group_name': users_group_name, |
|
139 | {'users_group_name': users_group_name, | |
| 137 | 'user_group_description': 'DESC', |
|
140 | 'user_group_description': 'DESC', | |
| 138 |
'active': True |
|
141 | 'active': True, | |
|
|
142 | '_authentication_token': self.authentication_token()}) | |||
| 139 | response.follow() |
|
143 | response.follow() | |
| 140 |
|
144 | |||
| 141 | ug = UserGroup.get_by_group_name(users_group_name) |
|
145 | ug = UserGroup.get_by_group_name(users_group_name) | |
| @@ -144,7 +148,7 b' class TestAdminUsersGroupsController(Tes' | |||||
| 144 | ## ENABLE REPO CREATE ON A GROUP |
|
148 | ## ENABLE REPO CREATE ON A GROUP | |
| 145 | response = self.app.put(url('edit_user_group_default_perms', |
|
149 | response = self.app.put(url('edit_user_group_default_perms', | |
| 146 | id=ug.users_group_id), |
|
150 | id=ug.users_group_id), | |
| 147 | {'fork_repo_perm': True}) |
|
151 | {'fork_repo_perm': True, '_authentication_token': self.authentication_token()}) | |
| 148 |
|
152 | |||
| 149 | response.follow() |
|
153 | response.follow() | |
| 150 | ug = UserGroup.get_by_group_name(users_group_name) |
|
154 | ug = UserGroup.get_by_group_name(users_group_name) | |
| @@ -204,7 +208,7 b' class TestAdminUsersGroupsController(Tes' | |||||
| 204 |
|
208 | |||
| 205 | def test_delete_browser_fakeout(self): |
|
209 | def test_delete_browser_fakeout(self): | |
| 206 | response = self.app.post(url('users_group', id=1), |
|
210 | response = self.app.post(url('users_group', id=1), | |
| 207 | params=dict(_method='delete')) |
|
211 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
| 208 |
|
212 | |||
| 209 | def test_show(self): |
|
213 | def test_show(self): | |
| 210 | response = self.app.get(url('users_group', id=1)) |
|
214 | response = self.app.get(url('users_group', id=1)) | |
| @@ -58,7 +58,8 b' class TestAdminUsersController(TestContr' | |||||
| 58 | 'lastname': lastname, |
|
58 | 'lastname': lastname, | |
| 59 | 'extern_name': 'internal', |
|
59 | 'extern_name': 'internal', | |
| 60 | 'extern_type': 'internal', |
|
60 | 'extern_type': 'internal', | |
| 61 |
'email': email |
|
61 | 'email': email, | |
|
|
62 | '_authentication_token': self.authentication_token()}) | |||
| 62 |
|
63 | |||
| 63 | self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''') |
|
64 | self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''') | |
| 64 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) |
|
65 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) | |
| @@ -89,7 +90,8 b' class TestAdminUsersController(TestContr' | |||||
| 89 | 'name': name, |
|
90 | 'name': name, | |
| 90 | 'active': False, |
|
91 | 'active': False, | |
| 91 | 'lastname': lastname, |
|
92 | 'lastname': lastname, | |
| 92 |
'email': email |
|
93 | 'email': email, | |
|
|
94 | '_authentication_token': self.authentication_token()}) | |||
| 93 |
|
95 | |||
| 94 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] |
|
96 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] | |
| 95 | msg = h.html_escape(msg % {'username': 'new_user'}) |
|
97 | msg = h.html_escape(msg % {'username': 'new_user'}) | |
| @@ -145,8 +147,10 b' class TestAdminUsersController(TestContr' | |||||
| 145 | # logged in yet his data is not filled |
|
147 | # logged in yet his data is not filled | |
| 146 | # so we use creation data |
|
148 | # so we use creation data | |
| 147 |
|
149 | |||
|
|
150 | params.update({'_authentication_token': self.authentication_token()}) | |||
| 148 | response = self.app.put(url('user', id=usr.user_id), params) |
|
151 | response = self.app.put(url('user', id=usr.user_id), params) | |
| 149 | self.checkSessionFlash(response, 'User updated successfully') |
|
152 | self.checkSessionFlash(response, 'User updated successfully') | |
|
|
153 | params.pop('_authentication_token') | |||
| 150 |
|
154 | |||
| 151 | updated_user = User.get_by_username(self.test_user_1) |
|
155 | updated_user = User.get_by_username(self.test_user_1) | |
| 152 | updated_params = updated_user.get_api_data(True) |
|
156 | updated_params = updated_user.get_api_data(True) | |
| @@ -266,7 +270,8 b' class TestAdminUsersController(TestContr' | |||||
| 266 |
|
270 | |||
| 267 | response = self.app.post(url('edit_user_perms', id=uid), |
|
271 | response = self.app.post(url('edit_user_perms', id=uid), | |
| 268 | params=dict(_method='put', |
|
272 | params=dict(_method='put', | |
| 269 |
create_repo_perm=True |
|
273 | create_repo_perm=True, | |
|
|
274 | _authentication_token=self.authentication_token())) | |||
| 270 |
|
275 | |||
| 271 | perm_none = Permission.get_by_key('hg.create.none') |
|
276 | perm_none = Permission.get_by_key('hg.create.none') | |
| 272 | perm_create = Permission.get_by_key('hg.create.repository') |
|
277 | perm_create = Permission.get_by_key('hg.create.repository') | |
| @@ -295,7 +300,7 b' class TestAdminUsersController(TestContr' | |||||
| 295 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
300 | self.assertEqual(UserModel().has_perm(user, perm_create), False) | |
| 296 |
|
301 | |||
| 297 | response = self.app.post(url('edit_user_perms', id=uid), |
|
302 | response = self.app.post(url('edit_user_perms', id=uid), | |
| 298 | params=dict(_method='put')) |
|
303 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
| 299 |
|
304 | |||
| 300 | perm_none = Permission.get_by_key('hg.create.none') |
|
305 | perm_none = Permission.get_by_key('hg.create.none') | |
| 301 | perm_create = Permission.get_by_key('hg.create.repository') |
|
306 | perm_create = Permission.get_by_key('hg.create.repository') | |
| @@ -325,7 +330,8 b' class TestAdminUsersController(TestContr' | |||||
| 325 |
|
330 | |||
| 326 | response = self.app.post(url('edit_user_perms', id=uid), |
|
331 | response = self.app.post(url('edit_user_perms', id=uid), | |
| 327 | params=dict(_method='put', |
|
332 | params=dict(_method='put', | |
| 328 |
create_repo_perm=True |
|
333 | create_repo_perm=True, | |
|
|
334 | _authentication_token=self.authentication_token())) | |||
| 329 |
|
335 | |||
| 330 | perm_none = Permission.get_by_key('hg.create.none') |
|
336 | perm_none = Permission.get_by_key('hg.create.none') | |
| 331 | perm_create = Permission.get_by_key('hg.create.repository') |
|
337 | perm_create = Permission.get_by_key('hg.create.repository') | |
| @@ -354,7 +360,7 b' class TestAdminUsersController(TestContr' | |||||
| 354 | self.assertEqual(UserModel().has_perm(user, perm_fork), False) |
|
360 | self.assertEqual(UserModel().has_perm(user, perm_fork), False) | |
| 355 |
|
361 | |||
| 356 | response = self.app.post(url('edit_user_perms', id=uid), |
|
362 | response = self.app.post(url('edit_user_perms', id=uid), | |
| 357 | params=dict(_method='put')) |
|
363 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
| 358 |
|
364 | |||
| 359 | perm_none = Permission.get_by_key('hg.create.none') |
|
365 | perm_none = Permission.get_by_key('hg.create.none') | |
| 360 | perm_create = Permission.get_by_key('hg.create.repository') |
|
366 | perm_create = Permission.get_by_key('hg.create.repository') | |
| @@ -386,7 +392,7 b' class TestAdminUsersController(TestContr' | |||||
| 386 | user_id = user.user_id |
|
392 | user_id = user.user_id | |
| 387 |
|
393 | |||
| 388 | response = self.app.put(url('edit_user_ips', id=user_id), |
|
394 | response = self.app.put(url('edit_user_ips', id=user_id), | |
| 389 | params=dict(new_ip=ip)) |
|
395 | params=dict(new_ip=ip, _authentication_token=self.authentication_token())) | |
| 390 |
|
396 | |||
| 391 | if failure: |
|
397 | if failure: | |
| 392 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address') |
|
398 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address') | |
| @@ -419,7 +425,7 b' class TestAdminUsersController(TestContr' | |||||
| 419 | response.mustcontain(ip_range) |
|
425 | response.mustcontain(ip_range) | |
| 420 |
|
426 | |||
| 421 | self.app.post(url('edit_user_ips', id=user_id), |
|
427 | self.app.post(url('edit_user_ips', id=user_id), | |
| 422 | params=dict(_method='delete', del_ip_id=new_ip_id)) |
|
428 | params=dict(_method='delete', del_ip_id=new_ip_id, _authentication_token=self.authentication_token())) | |
| 423 |
|
429 | |||
| 424 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
430 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
| 425 | response.mustcontain('All IP addresses are allowed') |
|
431 | response.mustcontain('All IP addresses are allowed') | |
| @@ -445,7 +451,7 b' class TestAdminUsersController(TestContr' | |||||
| 445 | user_id = user.user_id |
|
451 | user_id = user.user_id | |
| 446 |
|
452 | |||
| 447 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
453 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
| 448 | {'_method': 'put', 'description': desc, 'lifetime': lifetime}) |
|
454 | {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
| 449 | self.checkSessionFlash(response, 'Api key successfully created') |
|
455 | self.checkSessionFlash(response, 'Api key successfully created') | |
| 450 | try: |
|
456 | try: | |
| 451 | response = response.follow() |
|
457 | response = response.follow() | |
| @@ -463,7 +469,7 b' class TestAdminUsersController(TestContr' | |||||
| 463 | user_id = user.user_id |
|
469 | user_id = user.user_id | |
| 464 |
|
470 | |||
| 465 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
471 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
| 466 | {'_method': 'put', 'description': 'desc', 'lifetime': -1}) |
|
472 | {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
| 467 | self.checkSessionFlash(response, 'Api key successfully created') |
|
473 | self.checkSessionFlash(response, 'Api key successfully created') | |
| 468 | response = response.follow() |
|
474 | response = response.follow() | |
| 469 |
|
475 | |||
| @@ -472,7 +478,7 b' class TestAdminUsersController(TestContr' | |||||
| 472 | self.assertEqual(1, len(keys)) |
|
478 | self.assertEqual(1, len(keys)) | |
| 473 |
|
479 | |||
| 474 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
480 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
| 475 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) |
|
481 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
| 476 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
482 | self.checkSessionFlash(response, 'Api key successfully deleted') | |
| 477 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() |
|
483 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() | |
| 478 | self.assertEqual(0, len(keys)) |
|
484 | self.assertEqual(0, len(keys)) | |
| @@ -487,7 +493,7 b' class TestAdminUsersController(TestContr' | |||||
| 487 | response.mustcontain('expires: never') |
|
493 | response.mustcontain('expires: never') | |
| 488 |
|
494 | |||
| 489 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
495 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
| 490 | {'_method': 'delete', 'del_api_key_builtin': api_key}) |
|
496 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
| 491 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
497 | self.checkSessionFlash(response, 'Api key successfully reset') | |
| 492 | response = response.follow() |
|
498 | response = response.follow() | |
| 493 | response.mustcontain(no=[api_key]) |
|
499 | response.mustcontain(no=[api_key]) | |
| @@ -29,7 +29,7 b' class TestChangeSetCommentsController(Te' | |||||
| 29 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
29 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
| 30 | text = u'CommentOnRevision' |
|
30 | text = u'CommentOnRevision' | |
| 31 |
|
31 | |||
| 32 | params = {'text': text} |
|
32 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
| 33 | response = self.app.post(url(controller='changeset', action='comment', |
|
33 | response = self.app.post(url(controller='changeset', action='comment', | |
| 34 | repo_name=HG_REPO, revision=rev), |
|
34 | repo_name=HG_REPO, revision=rev), | |
| 35 | params=params) |
|
35 | params=params) | |
| @@ -66,7 +66,7 b' class TestChangeSetCommentsController(Te' | |||||
| 66 | f_path = 'vcs/web/simplevcs/views/repository.py' |
|
66 | f_path = 'vcs/web/simplevcs/views/repository.py' | |
| 67 | line = 'n1' |
|
67 | line = 'n1' | |
| 68 |
|
68 | |||
| 69 | params = {'text': text, 'f_path': f_path, 'line': line} |
|
69 | params = {'text': text, 'f_path': f_path, 'line': line, '_authentication_token': self.authentication_token()} | |
| 70 | response = self.app.post(url(controller='changeset', action='comment', |
|
70 | response = self.app.post(url(controller='changeset', action='comment', | |
| 71 | repo_name=HG_REPO, revision=rev), |
|
71 | repo_name=HG_REPO, revision=rev), | |
| 72 | params=params) |
|
72 | params=params) | |
| @@ -106,7 +106,7 b' class TestChangeSetCommentsController(Te' | |||||
| 106 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
106 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
| 107 | text = u'@test_regular check CommentOnRevision' |
|
107 | text = u'@test_regular check CommentOnRevision' | |
| 108 |
|
108 | |||
| 109 | params = {'text':text} |
|
109 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
| 110 | response = self.app.post(url(controller='changeset', action='comment', |
|
110 | response = self.app.post(url(controller='changeset', action='comment', | |
| 111 | repo_name=HG_REPO, revision=rev), |
|
111 | repo_name=HG_REPO, revision=rev), | |
| 112 | params=params) |
|
112 | params=params) | |
| @@ -134,7 +134,7 b' class TestChangeSetCommentsController(Te' | |||||
| 134 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
134 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
| 135 | text = u'CommentOnRevision' |
|
135 | text = u'CommentOnRevision' | |
| 136 |
|
136 | |||
| 137 | params = {'text': text} |
|
137 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
| 138 | response = self.app.post(url(controller='changeset', action='comment', |
|
138 | response = self.app.post(url(controller='changeset', action='comment', | |
| 139 | repo_name=HG_REPO, revision=rev), |
|
139 | repo_name=HG_REPO, revision=rev), | |
| 140 | params=params) |
|
140 | params=params) | |
| @@ -328,7 +328,8 b' removed extra unicode conversion in diff' | |||||
| 328 | repo_name=HG_REPO, |
|
328 | repo_name=HG_REPO, | |
| 329 | revision='tip', f_path='/'), |
|
329 | revision='tip', f_path='/'), | |
| 330 | params={ |
|
330 | params={ | |
| 331 | 'content': '' |
|
331 | 'content': '', | |
|
|
332 | '_authentication_token': self.authentication_token(), | |||
| 332 | }, |
|
333 | }, | |
| 333 | status=302) |
|
334 | status=302) | |
| 334 |
|
335 | |||
| @@ -340,7 +341,8 b' removed extra unicode conversion in diff' | |||||
| 340 | repo_name=HG_REPO, |
|
341 | repo_name=HG_REPO, | |
| 341 | revision='tip', f_path='/'), |
|
342 | revision='tip', f_path='/'), | |
| 342 | params={ |
|
343 | params={ | |
| 343 | 'content': "foo" |
|
344 | 'content': "foo", | |
|
|
345 | '_authentication_token': self.authentication_token(), | |||
| 344 | }, |
|
346 | }, | |
| 345 | status=302) |
|
347 | status=302) | |
| 346 |
|
348 | |||
| @@ -359,7 +361,8 b' removed extra unicode conversion in diff' | |||||
| 359 | params={ |
|
361 | params={ | |
| 360 | 'content': "foo", |
|
362 | 'content': "foo", | |
| 361 | 'filename': filename, |
|
363 | 'filename': filename, | |
| 362 | 'location': location |
|
364 | 'location': location, | |
|
|
365 | '_authentication_token': self.authentication_token(), | |||
| 363 | }, |
|
366 | }, | |
| 364 | status=302) |
|
367 | status=302) | |
| 365 |
|
368 | |||
| @@ -379,7 +382,8 b' removed extra unicode conversion in diff' | |||||
| 379 | params={ |
|
382 | params={ | |
| 380 | 'content': "foo", |
|
383 | 'content': "foo", | |
| 381 | 'filename': filename, |
|
384 | 'filename': filename, | |
| 382 | 'location': location |
|
385 | 'location': location, | |
|
|
386 | '_authentication_token': self.authentication_token(), | |||
| 383 | }, |
|
387 | }, | |
| 384 | status=302) |
|
388 | status=302) | |
| 385 | try: |
|
389 | try: | |
| @@ -401,7 +405,8 b' removed extra unicode conversion in diff' | |||||
| 401 | repo_name=GIT_REPO, |
|
405 | repo_name=GIT_REPO, | |
| 402 | revision='tip', f_path='/'), |
|
406 | revision='tip', f_path='/'), | |
| 403 | params={ |
|
407 | params={ | |
| 404 | 'content': '' |
|
408 | 'content': '', | |
|
|
409 | '_authentication_token': self.authentication_token(), | |||
| 405 | }, |
|
410 | }, | |
| 406 | status=302) |
|
411 | status=302) | |
| 407 | self.checkSessionFlash(response, 'No content') |
|
412 | self.checkSessionFlash(response, 'No content') | |
| @@ -412,7 +417,8 b' removed extra unicode conversion in diff' | |||||
| 412 | repo_name=GIT_REPO, |
|
417 | repo_name=GIT_REPO, | |
| 413 | revision='tip', f_path='/'), |
|
418 | revision='tip', f_path='/'), | |
| 414 | params={ |
|
419 | params={ | |
| 415 | 'content': "foo" |
|
420 | 'content': "foo", | |
|
|
421 | '_authentication_token': self.authentication_token(), | |||
| 416 | }, |
|
422 | }, | |
| 417 | status=302) |
|
423 | status=302) | |
| 418 |
|
424 | |||
| @@ -431,7 +437,8 b' removed extra unicode conversion in diff' | |||||
| 431 | params={ |
|
437 | params={ | |
| 432 | 'content': "foo", |
|
438 | 'content': "foo", | |
| 433 | 'filename': filename, |
|
439 | 'filename': filename, | |
| 434 | 'location': location |
|
440 | 'location': location, | |
|
|
441 | '_authentication_token': self.authentication_token(), | |||
| 435 | }, |
|
442 | }, | |
| 436 | status=302) |
|
443 | status=302) | |
| 437 |
|
444 | |||
| @@ -451,7 +458,8 b' removed extra unicode conversion in diff' | |||||
| 451 | params={ |
|
458 | params={ | |
| 452 | 'content': "foo", |
|
459 | 'content': "foo", | |
| 453 | 'filename': filename, |
|
460 | 'filename': filename, | |
| 454 | 'location': location |
|
461 | 'location': location, | |
|
|
462 | '_authentication_token': self.authentication_token(), | |||
| 455 | }, |
|
463 | }, | |
| 456 | status=302) |
|
464 | status=302) | |
| 457 | try: |
|
465 | try: | |
| @@ -480,7 +488,8 b' removed extra unicode conversion in diff' | |||||
| 480 | params={ |
|
488 | params={ | |
| 481 | 'content': "def py():\n print 'hello'\n", |
|
489 | 'content': "def py():\n print 'hello'\n", | |
| 482 | 'filename': filename, |
|
490 | 'filename': filename, | |
| 483 | 'location': location |
|
491 | 'location': location, | |
|
|
492 | '_authentication_token': self.authentication_token(), | |||
| 484 | }, |
|
493 | }, | |
| 485 | status=302) |
|
494 | status=302) | |
| 486 | response.follow() |
|
495 | response.follow() | |
| @@ -510,7 +519,8 b' removed extra unicode conversion in diff' | |||||
| 510 | params={ |
|
519 | params={ | |
| 511 | 'content': "def py():\n print 'hello'\n", |
|
520 | 'content': "def py():\n print 'hello'\n", | |
| 512 | 'filename': filename, |
|
521 | 'filename': filename, | |
| 513 | 'location': location |
|
522 | 'location': location, | |
|
|
523 | '_authentication_token': self.authentication_token(), | |||
| 514 | }, |
|
524 | }, | |
| 515 | status=302) |
|
525 | status=302) | |
| 516 | response.follow() |
|
526 | response.follow() | |
| @@ -524,6 +534,7 b' removed extra unicode conversion in diff' | |||||
| 524 | params={ |
|
534 | params={ | |
| 525 | 'content': "def py():\n print 'hello world'\n", |
|
535 | 'content': "def py():\n print 'hello world'\n", | |
| 526 | 'message': 'i commited', |
|
536 | 'message': 'i commited', | |
|
|
537 | '_authentication_token': self.authentication_token(), | |||
| 527 | }, |
|
538 | }, | |
| 528 | status=302) |
|
539 | status=302) | |
| 529 | self.checkSessionFlash(response, |
|
540 | self.checkSessionFlash(response, | |
| @@ -551,7 +562,8 b' removed extra unicode conversion in diff' | |||||
| 551 | params={ |
|
562 | params={ | |
| 552 | 'content': "def py():\n print 'hello'\n", |
|
563 | 'content': "def py():\n print 'hello'\n", | |
| 553 | 'filename': filename, |
|
564 | 'filename': filename, | |
| 554 | 'location': location |
|
565 | 'location': location, | |
|
|
566 | '_authentication_token': self.authentication_token(), | |||
| 555 | }, |
|
567 | }, | |
| 556 | status=302) |
|
568 | status=302) | |
| 557 | response.follow() |
|
569 | response.follow() | |
| @@ -581,7 +593,8 b' removed extra unicode conversion in diff' | |||||
| 581 | params={ |
|
593 | params={ | |
| 582 | 'content': "def py():\n print 'hello'\n", |
|
594 | 'content': "def py():\n print 'hello'\n", | |
| 583 | 'filename': filename, |
|
595 | 'filename': filename, | |
| 584 | 'location': location |
|
596 | 'location': location, | |
|
|
597 | '_authentication_token': self.authentication_token(), | |||
| 585 | }, |
|
598 | }, | |
| 586 | status=302) |
|
599 | status=302) | |
| 587 | response.follow() |
|
600 | response.follow() | |
| @@ -595,6 +608,7 b' removed extra unicode conversion in diff' | |||||
| 595 | params={ |
|
608 | params={ | |
| 596 | 'content': "def py():\n print 'hello world'\n", |
|
609 | 'content': "def py():\n print 'hello world'\n", | |
| 597 | 'message': 'i commited', |
|
610 | 'message': 'i commited', | |
|
|
611 | '_authentication_token': self.authentication_token(), | |||
| 598 | }, |
|
612 | }, | |
| 599 | status=302) |
|
613 | status=302) | |
| 600 | self.checkSessionFlash(response, |
|
614 | self.checkSessionFlash(response, | |
| @@ -622,7 +636,8 b' removed extra unicode conversion in diff' | |||||
| 622 | params={ |
|
636 | params={ | |
| 623 | 'content': "def py():\n print 'hello'\n", |
|
637 | 'content': "def py():\n print 'hello'\n", | |
| 624 | 'filename': filename, |
|
638 | 'filename': filename, | |
| 625 | 'location': location |
|
639 | 'location': location, | |
|
|
640 | '_authentication_token': self.authentication_token(), | |||
| 626 | }, |
|
641 | }, | |
| 627 | status=302) |
|
642 | status=302) | |
| 628 | response.follow() |
|
643 | response.follow() | |
| @@ -652,7 +667,8 b' removed extra unicode conversion in diff' | |||||
| 652 | params={ |
|
667 | params={ | |
| 653 | 'content': "def py():\n print 'hello'\n", |
|
668 | 'content': "def py():\n print 'hello'\n", | |
| 654 | 'filename': filename, |
|
669 | 'filename': filename, | |
| 655 | 'location': location |
|
670 | 'location': location, | |
|
|
671 | '_authentication_token': self.authentication_token(), | |||
| 656 | }, |
|
672 | }, | |
| 657 | status=302) |
|
673 | status=302) | |
| 658 | response.follow() |
|
674 | response.follow() | |
| @@ -665,6 +681,7 b' removed extra unicode conversion in diff' | |||||
| 665 | f_path='vcs/nodes.py'), |
|
681 | f_path='vcs/nodes.py'), | |
| 666 | params={ |
|
682 | params={ | |
| 667 | 'message': 'i commited', |
|
683 | 'message': 'i commited', | |
|
|
684 | '_authentication_token': self.authentication_token(), | |||
| 668 | }, |
|
685 | }, | |
| 669 | status=302) |
|
686 | status=302) | |
| 670 | self.checkSessionFlash(response, |
|
687 | self.checkSessionFlash(response, | |
| @@ -692,7 +709,8 b' removed extra unicode conversion in diff' | |||||
| 692 | params={ |
|
709 | params={ | |
| 693 | 'content': "def py():\n print 'hello'\n", |
|
710 | 'content': "def py():\n print 'hello'\n", | |
| 694 | 'filename': filename, |
|
711 | 'filename': filename, | |
| 695 | 'location': location |
|
712 | 'location': location, | |
|
|
713 | '_authentication_token': self.authentication_token(), | |||
| 696 | }, |
|
714 | }, | |
| 697 | status=302) |
|
715 | status=302) | |
| 698 | response.follow() |
|
716 | response.follow() | |
| @@ -722,7 +740,8 b' removed extra unicode conversion in diff' | |||||
| 722 | params={ |
|
740 | params={ | |
| 723 | 'content': "def py():\n print 'hello'\n", |
|
741 | 'content': "def py():\n print 'hello'\n", | |
| 724 | 'filename': filename, |
|
742 | 'filename': filename, | |
| 725 | 'location': location |
|
743 | 'location': location, | |
|
|
744 | '_authentication_token': self.authentication_token(), | |||
| 726 | }, |
|
745 | }, | |
| 727 | status=302) |
|
746 | status=302) | |
| 728 | response.follow() |
|
747 | response.follow() | |
| @@ -735,6 +754,7 b' removed extra unicode conversion in diff' | |||||
| 735 | f_path='vcs/nodes.py'), |
|
754 | f_path='vcs/nodes.py'), | |
| 736 | params={ |
|
755 | params={ | |
| 737 | 'message': 'i commited', |
|
756 | 'message': 'i commited', | |
|
|
757 | '_authentication_token': self.authentication_token(), | |||
| 738 | }, |
|
758 | }, | |
| 739 | status=302) |
|
759 | status=302) | |
| 740 | self.checkSessionFlash(response, |
|
760 | self.checkSessionFlash(response, | |
| @@ -60,7 +60,7 b' class _BaseTest(TestController):' | |||||
| 60 | # try create a fork |
|
60 | # try create a fork | |
| 61 | repo_name = self.REPO |
|
61 | repo_name = self.REPO | |
| 62 | self.app.post(url(controller='forks', action='fork_create', |
|
62 | self.app.post(url(controller='forks', action='fork_create', | |
| 63 | repo_name=repo_name), {}, status=403) |
|
63 | repo_name=repo_name), {'_authentication_token': self.authentication_token()}, status=403) | |
| 64 |
|
64 | |||
| 65 | def test_index_with_fork(self): |
|
65 | def test_index_with_fork(self): | |
| 66 | self.log_user() |
|
66 | self.log_user() | |
| @@ -77,7 +77,8 b' class _BaseTest(TestController):' | |||||
| 77 | 'repo_type': self.REPO_TYPE, |
|
77 | 'repo_type': self.REPO_TYPE, | |
| 78 | 'description': description, |
|
78 | 'description': description, | |
| 79 | 'private': 'False', |
|
79 | 'private': 'False', | |
| 80 |
'landing_rev': 'rev:tip' |
|
80 | 'landing_rev': 'rev:tip', | |
|
|
81 | '_authentication_token': self.authentication_token()} | |||
| 81 |
|
82 | |||
| 82 | self.app.post(url(controller='forks', action='fork_create', |
|
83 | self.app.post(url(controller='forks', action='fork_create', | |
| 83 | repo_name=repo_name), creation_args) |
|
84 | repo_name=repo_name), creation_args) | |
| @@ -108,7 +109,8 b' class _BaseTest(TestController):' | |||||
| 108 | 'repo_type': self.REPO_TYPE, |
|
109 | 'repo_type': self.REPO_TYPE, | |
| 109 | 'description': description, |
|
110 | 'description': description, | |
| 110 | 'private': 'False', |
|
111 | 'private': 'False', | |
| 111 |
'landing_rev': 'rev:tip' |
|
112 | 'landing_rev': 'rev:tip', | |
|
|
113 | '_authentication_token': self.authentication_token()} | |||
| 112 | self.app.post(url(controller='forks', action='fork_create', |
|
114 | self.app.post(url(controller='forks', action='fork_create', | |
| 113 | repo_name=repo_name), creation_args) |
|
115 | repo_name=repo_name), creation_args) | |
| 114 | repo = Repository.get_by_repo_name(fork_name_full) |
|
116 | repo = Repository.get_by_repo_name(fork_name_full) | |
| @@ -150,7 +152,8 b' class _BaseTest(TestController):' | |||||
| 150 | 'repo_type': self.REPO_TYPE, |
|
152 | 'repo_type': self.REPO_TYPE, | |
| 151 | 'description': description, |
|
153 | 'description': description, | |
| 152 | 'private': 'False', |
|
154 | 'private': 'False', | |
| 153 |
'landing_rev': 'rev:tip' |
|
155 | 'landing_rev': 'rev:tip', | |
|
|
156 | '_authentication_token': self.authentication_token()} | |||
| 154 | self.app.post(url(controller='forks', action='fork_create', |
|
157 | self.app.post(url(controller='forks', action='fork_create', | |
| 155 | repo_name=repo_name), creation_args) |
|
158 | repo_name=repo_name), creation_args) | |
| 156 | repo = Repository.get_by_repo_name(self.REPO_FORK) |
|
159 | repo = Repository.get_by_repo_name(self.REPO_FORK) | |
| @@ -50,7 +50,7 b' class TestMyAccountController(TestContro' | |||||
| 50 | response = self.app.get(url('my_account_emails')) |
|
50 | response = self.app.get(url('my_account_emails')) | |
| 51 | response.mustcontain('No additional emails specified') |
|
51 | response.mustcontain('No additional emails specified') | |
| 52 | response = self.app.post(url('my_account_emails'), |
|
52 | response = self.app.post(url('my_account_emails'), | |
| 53 | {'new_email': TEST_USER_REGULAR_EMAIL}) |
|
53 | {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()}) | |
| 54 | self.checkSessionFlash(response, 'This e-mail address is already taken') |
|
54 | self.checkSessionFlash(response, 'This e-mail address is already taken') | |
| 55 |
|
55 | |||
| 56 | def test_my_account_my_emails_add_mising_email_in_form(self): |
|
56 | def test_my_account_my_emails_add_mising_email_in_form(self): | |
| @@ -66,7 +66,7 b' class TestMyAccountController(TestContro' | |||||
| 66 | response.mustcontain('No additional emails specified') |
|
66 | response.mustcontain('No additional emails specified') | |
| 67 |
|
67 | |||
| 68 | response = self.app.post(url('my_account_emails'), |
|
68 | response = self.app.post(url('my_account_emails'), | |
| 69 | {'new_email': 'foo@barz.com'}) |
|
69 | {'new_email': 'foo@barz.com', '_authentication_token': self.authentication_token()}) | |
| 70 |
|
70 | |||
| 71 | response = self.app.get(url('my_account_emails')) |
|
71 | response = self.app.get(url('my_account_emails')) | |
| 72 |
|
72 | |||
| @@ -79,7 +79,7 b' class TestMyAccountController(TestContro' | |||||
| 79 | response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) |
|
79 | response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) | |
| 80 |
|
80 | |||
| 81 | response = self.app.post(url('my_account_emails'), |
|
81 | response = self.app.post(url('my_account_emails'), | |
| 82 | {'del_email_id': email_id, '_method': 'delete'}) |
|
82 | {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()}) | |
| 83 | self.checkSessionFlash(response, 'Removed email from user') |
|
83 | self.checkSessionFlash(response, 'Removed email from user') | |
| 84 | response = self.app.get(url('my_account_emails')) |
|
84 | response = self.app.get(url('my_account_emails')) | |
| 85 | response.mustcontain('No additional emails specified') |
|
85 | response.mustcontain('No additional emails specified') | |
| @@ -114,6 +114,7 b' class TestMyAccountController(TestContro' | |||||
| 114 | params.update({'new_password': ''}) |
|
114 | params.update({'new_password': ''}) | |
| 115 | params.update({'extern_type': 'internal'}) |
|
115 | params.update({'extern_type': 'internal'}) | |
| 116 | params.update({'extern_name': self.test_user_1}) |
|
116 | params.update({'extern_name': self.test_user_1}) | |
|
|
117 | params.update({'_authentication_token': self.authentication_token()}) | |||
| 117 |
|
118 | |||
| 118 | params.update(attrs) |
|
119 | params.update(attrs) | |
| 119 | response = self.app.post(url('my_account'), params) |
|
120 | response = self.app.post(url('my_account'), params) | |
| @@ -142,6 +143,7 b' class TestMyAccountController(TestContro' | |||||
| 142 | #my account cannot make you an admin ! |
|
143 | #my account cannot make you an admin ! | |
| 143 | params['admin'] = False |
|
144 | params['admin'] = False | |
| 144 |
|
145 | |||
|
|
146 | params.pop('_authentication_token') | |||
| 145 | self.assertEqual(params, updated_params) |
|
147 | self.assertEqual(params, updated_params) | |
| 146 |
|
148 | |||
| 147 | def test_my_account_update_err_email_exists(self): |
|
149 | def test_my_account_update_err_email_exists(self): | |
| @@ -155,7 +157,8 b' class TestMyAccountController(TestContro' | |||||
| 155 | password_confirmation='test122', |
|
157 | password_confirmation='test122', | |
| 156 | firstname='NewName', |
|
158 | firstname='NewName', | |
| 157 | lastname='NewLastname', |
|
159 | lastname='NewLastname', | |
| 158 |
email=new_email, |
|
160 | email=new_email, | |
|
|
161 | _authentication_token=self.authentication_token()) | |||
| 159 | ) |
|
162 | ) | |
| 160 |
|
163 | |||
| 161 | response.mustcontain('This e-mail address is already taken') |
|
164 | response.mustcontain('This e-mail address is already taken') | |
| @@ -171,7 +174,8 b' class TestMyAccountController(TestContro' | |||||
| 171 | password_confirmation='test122', |
|
174 | password_confirmation='test122', | |
| 172 | firstname='NewName', |
|
175 | firstname='NewName', | |
| 173 | lastname='NewLastname', |
|
176 | lastname='NewLastname', | |
| 174 |
email=new_email, |
|
177 | email=new_email, | |
|
|
178 | _authentication_token=self.authentication_token())) | |||
| 175 |
|
179 | |||
| 176 | response.mustcontain('An email address must contain a single @') |
|
180 | response.mustcontain('An email address must contain a single @') | |
| 177 | from kallithea.model import validators |
|
181 | from kallithea.model import validators | |
| @@ -196,7 +200,7 b' class TestMyAccountController(TestContro' | |||||
| 196 | usr = self.log_user('test_regular2', 'test12') |
|
200 | usr = self.log_user('test_regular2', 'test12') | |
| 197 | user = User.get(usr['user_id']) |
|
201 | user = User.get(usr['user_id']) | |
| 198 | response = self.app.post(url('my_account_api_keys'), |
|
202 | response = self.app.post(url('my_account_api_keys'), | |
| 199 | {'description': desc, 'lifetime': lifetime}) |
|
203 | {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
| 200 | self.checkSessionFlash(response, 'Api key successfully created') |
|
204 | self.checkSessionFlash(response, 'Api key successfully created') | |
| 201 | try: |
|
205 | try: | |
| 202 | response = response.follow() |
|
206 | response = response.follow() | |
| @@ -212,7 +216,7 b' class TestMyAccountController(TestContro' | |||||
| 212 | usr = self.log_user('test_regular2', 'test12') |
|
216 | usr = self.log_user('test_regular2', 'test12') | |
| 213 | user = User.get(usr['user_id']) |
|
217 | user = User.get(usr['user_id']) | |
| 214 | response = self.app.post(url('my_account_api_keys'), |
|
218 | response = self.app.post(url('my_account_api_keys'), | |
| 215 | {'description': 'desc', 'lifetime': -1}) |
|
219 | {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
| 216 | self.checkSessionFlash(response, 'Api key successfully created') |
|
220 | self.checkSessionFlash(response, 'Api key successfully created') | |
| 217 | response = response.follow() |
|
221 | response = response.follow() | |
| 218 |
|
222 | |||
| @@ -221,7 +225,7 b' class TestMyAccountController(TestContro' | |||||
| 221 | self.assertEqual(1, len(keys)) |
|
225 | self.assertEqual(1, len(keys)) | |
| 222 |
|
226 | |||
| 223 | response = self.app.post(url('my_account_api_keys'), |
|
227 | response = self.app.post(url('my_account_api_keys'), | |
| 224 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) |
|
228 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
| 225 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
229 | self.checkSessionFlash(response, 'Api key successfully deleted') | |
| 226 | keys = UserApiKeys.query().all() |
|
230 | keys = UserApiKeys.query().all() | |
| 227 | self.assertEqual(0, len(keys)) |
|
231 | self.assertEqual(0, len(keys)) | |
| @@ -236,7 +240,7 b' class TestMyAccountController(TestContro' | |||||
| 236 | response.mustcontain('expires: never') |
|
240 | response.mustcontain('expires: never') | |
| 237 |
|
241 | |||
| 238 | response = self.app.post(url('my_account_api_keys'), |
|
242 | response = self.app.post(url('my_account_api_keys'), | |
| 239 | {'_method': 'delete', 'del_api_key_builtin': api_key}) |
|
243 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
| 240 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
244 | self.checkSessionFlash(response, 'Api key successfully reset') | |
| 241 | response = response.follow() |
|
245 | response = response.follow() | |
| 242 | response.mustcontain(no=[api_key]) |
|
246 | response.mustcontain(no=[api_key]) | |
General Comments 0
You need to be logged in to leave comments.
Login now