Show More
@@ -499,6 +499,7 b' def make_map(config):' | |||||
499 | ) |
|
499 | ) | |
500 |
|
500 | |||
501 | #LOGIN/LOGOUT/REGISTER/SIGN IN |
|
501 | #LOGIN/LOGOUT/REGISTER/SIGN IN | |
|
502 | rmap.connect('authentication_token', '%s/authentication_token' % ADMIN_PREFIX, controller='login', action='authentication_token') | |||
502 | rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login') |
|
503 | rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login') | |
503 | rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login', |
|
504 | rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login', | |
504 | action='logout') |
|
505 | action='logout') |
@@ -270,3 +270,11 b' class LoginController(BaseController):' | |||||
270 | session.delete() |
|
270 | session.delete() | |
271 | log.info('Logging out and deleting session for user') |
|
271 | log.info('Logging out and deleting session for user') | |
272 | redirect(url('home')) |
|
272 | redirect(url('home')) | |
|
273 | ||||
|
274 | def authentication_token(self): | |||
|
275 | """Return the CSRF protection token for the session - just like it | |||
|
276 | could have been screen scrabed from a page with a form. | |||
|
277 | Only intended for testing but might also be useful for other kinds | |||
|
278 | of automation. | |||
|
279 | """ | |||
|
280 | return h.authentication_token() |
@@ -213,6 +213,9 b' class TestController(BaseTestCase):' | |||||
213 | def _get_logged_user(self): |
|
213 | def _get_logged_user(self): | |
214 | return User.get_by_username(self._logged_username) |
|
214 | return User.get_by_username(self._logged_username) | |
215 |
|
215 | |||
|
216 | def authentication_token(self): | |||
|
217 | return self.app.get(url('authentication_token')).body | |||
|
218 | ||||
216 | def checkSessionFlash(self, response, msg, skip=0): |
|
219 | def checkSessionFlash(self, response, msg, skip=0): | |
217 | if 'flash' not in response.session: |
|
220 | if 'flash' not in response.session: | |
218 | self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg)) |
|
221 | self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg)) |
@@ -6,7 +6,7 b' class TestAuthSettingsController(TestCon' | |||||
6 | def _enable_plugins(self, plugins_list): |
|
6 | def _enable_plugins(self, plugins_list): | |
7 | test_url = url(controller='admin/auth_settings', |
|
7 | test_url = url(controller='admin/auth_settings', | |
8 | action='auth_settings') |
|
8 | action='auth_settings') | |
9 | params={'auth_plugins': plugins_list,} |
|
9 | params={'auth_plugins': plugins_list, '_authentication_token': self.authentication_token()} | |
10 |
|
10 | |||
11 | for plugin in plugins_list.split(','): |
|
11 | for plugin in plugins_list.split(','): | |
12 | enable = plugin.partition('kallithea.lib.auth_modules.')[-1] |
|
12 | enable = plugin.partition('kallithea.lib.auth_modules.')[-1] |
@@ -32,10 +32,12 b' class TestDefaultsController(TestControl' | |||||
32 | 'default_repo_enable_statistics': True, |
|
32 | 'default_repo_enable_statistics': True, | |
33 | 'default_repo_private': True, |
|
33 | 'default_repo_private': True, | |
34 | 'default_repo_type': 'hg', |
|
34 | 'default_repo_type': 'hg', | |
|
35 | '_authentication_token': self.authentication_token(), | |||
35 | } |
|
36 | } | |
36 | response = self.app.put(url('default', id='default'), params=params) |
|
37 | response = self.app.put(url('default', id='default'), params=params) | |
37 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
38 | self.checkSessionFlash(response, 'Default settings updated successfully') | |
38 |
|
39 | |||
|
40 | params.pop('_authentication_token') | |||
39 | defs = Setting.get_default_repo_settings() |
|
41 | defs = Setting.get_default_repo_settings() | |
40 | self.assertEqual(params, defs) |
|
42 | self.assertEqual(params, defs) | |
41 |
|
43 | |||
@@ -47,20 +49,23 b' class TestDefaultsController(TestControl' | |||||
47 | 'default_repo_enable_statistics': False, |
|
49 | 'default_repo_enable_statistics': False, | |
48 | 'default_repo_private': False, |
|
50 | 'default_repo_private': False, | |
49 | 'default_repo_type': 'git', |
|
51 | 'default_repo_type': 'git', | |
|
52 | '_authentication_token': self.authentication_token(), | |||
50 | } |
|
53 | } | |
51 | response = self.app.put(url('default', id='default'), params=params) |
|
54 | response = self.app.put(url('default', id='default'), params=params) | |
52 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
55 | self.checkSessionFlash(response, 'Default settings updated successfully') | |
|
56 | ||||
|
57 | params.pop('_authentication_token') | |||
53 | defs = Setting.get_default_repo_settings() |
|
58 | defs = Setting.get_default_repo_settings() | |
54 | self.assertEqual(params, defs) |
|
59 | self.assertEqual(params, defs) | |
55 |
|
60 | |||
56 | def test_update_browser_fakeout(self): |
|
61 | def test_update_browser_fakeout(self): | |
57 | response = self.app.post(url('default', id=1), params=dict(_method='put')) |
|
62 | response = self.app.post(url('default', id=1), params=dict(_method='put', _authentication_token=self.authentication_token())) | |
58 |
|
63 | |||
59 | def test_delete(self): |
|
64 | def test_delete(self): | |
60 | response = self.app.delete(url('default', id=1)) |
|
65 | response = self.app.delete(url('default', id=1)) | |
61 |
|
66 | |||
62 | def test_delete_browser_fakeout(self): |
|
67 | def test_delete_browser_fakeout(self): | |
63 | response = self.app.post(url('default', id=1), params=dict(_method='delete')) |
|
68 | response = self.app.post(url('default', id=1), params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
64 |
|
69 | |||
65 | def test_show(self): |
|
70 | def test_show(self): | |
66 | response = self.app.get(url('default', id=1)) |
|
71 | response = self.app.get(url('default', id=1)) |
@@ -56,7 +56,8 b' class TestGistsController(TestController' | |||||
56 | def test_create_missing_description(self): |
|
56 | def test_create_missing_description(self): | |
57 | self.log_user() |
|
57 | self.log_user() | |
58 | response = self.app.post(url('gists'), |
|
58 | response = self.app.post(url('gists'), | |
59 |
params={'lifetime': -1}, |
|
59 | params={'lifetime': -1, '_authentication_token': self.authentication_token()}, | |
|
60 | status=200) | |||
60 |
|
61 | |||
61 | response.mustcontain('Missing value') |
|
62 | response.mustcontain('Missing value') | |
62 |
|
63 | |||
@@ -66,7 +67,8 b' class TestGistsController(TestController' | |||||
66 | params={'lifetime': -1, |
|
67 | params={'lifetime': -1, | |
67 | 'content': 'gist test', |
|
68 | 'content': 'gist test', | |
68 | 'filename': 'foo', |
|
69 | 'filename': 'foo', | |
69 |
'public': 'public' |
|
70 | 'public': 'public', | |
|
71 | '_authentication_token': self.authentication_token()}, | |||
70 | status=302) |
|
72 | status=302) | |
71 | response = response.follow() |
|
73 | response = response.follow() | |
72 | response.mustcontain('added file: foo') |
|
74 | response.mustcontain('added file: foo') | |
@@ -79,7 +81,8 b' class TestGistsController(TestController' | |||||
79 | params={'lifetime': -1, |
|
81 | params={'lifetime': -1, | |
80 | 'content': 'gist test', |
|
82 | 'content': 'gist test', | |
81 | 'filename': '/home/foo', |
|
83 | 'filename': '/home/foo', | |
82 |
'public': 'public' |
|
84 | 'public': 'public', | |
|
85 | '_authentication_token': self.authentication_token()}, | |||
83 | status=200) |
|
86 | status=200) | |
84 | response.mustcontain('Filename cannot be inside a directory') |
|
87 | response.mustcontain('Filename cannot be inside a directory') | |
85 |
|
88 | |||
@@ -98,7 +101,8 b' class TestGistsController(TestController' | |||||
98 | params={'lifetime': -1, |
|
101 | params={'lifetime': -1, | |
99 | 'content': 'private gist test', |
|
102 | 'content': 'private gist test', | |
100 | 'filename': 'private-foo', |
|
103 | 'filename': 'private-foo', | |
101 |
'private': 'private' |
|
104 | 'private': 'private', | |
|
105 | '_authentication_token': self.authentication_token()}, | |||
102 | status=302) |
|
106 | status=302) | |
103 | response = response.follow() |
|
107 | response = response.follow() | |
104 | response.mustcontain('added file: private-foo<') |
|
108 | response.mustcontain('added file: private-foo<') | |
@@ -112,7 +116,8 b' class TestGistsController(TestController' | |||||
112 | 'content': 'gist test', |
|
116 | 'content': 'gist test', | |
113 | 'filename': 'foo-desc', |
|
117 | 'filename': 'foo-desc', | |
114 | 'description': 'gist-desc', |
|
118 | 'description': 'gist-desc', | |
115 |
'public': 'public' |
|
119 | 'public': 'public', | |
|
120 | '_authentication_token': self.authentication_token()}, | |||
116 | status=302) |
|
121 | status=302) | |
117 | response = response.follow() |
|
122 | response = response.follow() | |
118 | response.mustcontain('added file: foo-desc') |
|
123 | response.mustcontain('added file: foo-desc') |
@@ -18,7 +18,8 b' class TestAdminPermissionsController(Tes' | |||||
18 | self.log_user() |
|
18 | self.log_user() | |
19 | default_user_id = User.get_default_user().user_id |
|
19 | default_user_id = User.get_default_user().user_id | |
20 | response = self.app.put(url('edit_user_ips', id=default_user_id), |
|
20 | response = self.app.put(url('edit_user_ips', id=default_user_id), | |
21 |
params=dict(new_ip='127.0.0.0/24' |
|
21 | params=dict(new_ip='127.0.0.0/24', | |
|
22 | _authentication_token=self.authentication_token())) | |||
22 |
|
23 | |||
23 | response = self.app.get(url('admin_permissions_ips')) |
|
24 | response = self.app.get(url('admin_permissions_ips')) | |
24 | response.mustcontain('127.0.0.0/24') |
|
25 | response.mustcontain('127.0.0.0/24') | |
@@ -31,7 +32,8 b' class TestAdminPermissionsController(Tes' | |||||
31 |
|
32 | |||
32 | response = self.app.post(url('edit_user_ips', id=default_user_id), |
|
33 | response = self.app.post(url('edit_user_ips', id=default_user_id), | |
33 | params=dict(_method='delete', |
|
34 | params=dict(_method='delete', | |
34 |
del_ip_id=del_ip_id |
|
35 | del_ip_id=del_ip_id, | |
|
36 | _authentication_token=self.authentication_token())) | |||
35 |
|
37 | |||
36 | response = self.app.get(url('admin_permissions_ips')) |
|
38 | response = self.app.get(url('admin_permissions_ips')) | |
37 | response.mustcontain('All IP addresses are allowed') |
|
39 | response.mustcontain('All IP addresses are allowed') |
@@ -56,7 +56,8 b' class _BaseTest(TestController):' | |||||
56 | fixture._get_repo_create_params(repo_private=False, |
|
56 | fixture._get_repo_create_params(repo_private=False, | |
57 | repo_name=repo_name, |
|
57 | repo_name=repo_name, | |
58 | repo_type=self.REPO_TYPE, |
|
58 | repo_type=self.REPO_TYPE, | |
59 |
repo_description=description |
|
59 | repo_description=description, | |
|
60 | _authentication_token=self.authentication_token())) | |||
60 | ## run the check page that triggers the flash message |
|
61 | ## run the check page that triggers the flash message | |
61 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
62 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
62 | self.assertEqual(response.json, {u'result': True}) |
|
63 | self.assertEqual(response.json, {u'result': True}) | |
@@ -96,7 +97,8 b' class _BaseTest(TestController):' | |||||
96 | fixture._get_repo_create_params(repo_private=False, |
|
97 | fixture._get_repo_create_params(repo_private=False, | |
97 | repo_name=repo_name, |
|
98 | repo_name=repo_name, | |
98 | repo_type=self.REPO_TYPE, |
|
99 | repo_type=self.REPO_TYPE, | |
99 |
repo_description=description |
|
100 | repo_description=description, | |
|
101 | _authentication_token=self.authentication_token())) | |||
100 | ## run the check page that triggers the flash message |
|
102 | ## run the check page that triggers the flash message | |
101 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
103 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
102 | self.assertEqual(response.json, {u'result': True}) |
|
104 | self.assertEqual(response.json, {u'result': True}) | |
@@ -139,7 +141,8 b' class _BaseTest(TestController):' | |||||
139 | repo_name=repo_name, |
|
141 | repo_name=repo_name, | |
140 | repo_type=self.REPO_TYPE, |
|
142 | repo_type=self.REPO_TYPE, | |
141 | repo_description=description, |
|
143 | repo_description=description, | |
142 |
repo_group=gr.group_id, |
|
144 | repo_group=gr.group_id, | |
|
145 | _authentication_token=self.authentication_token())) | |||
143 | ## run the check page that triggers the flash message |
|
146 | ## run the check page that triggers the flash message | |
144 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
147 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
145 | self.assertEqual(response.json, {u'result': True}) |
|
148 | self.assertEqual(response.json, {u'result': True}) | |
@@ -177,6 +180,8 b' class _BaseTest(TestController):' | |||||
177 |
|
180 | |||
178 | def test_create_in_group_without_needed_permissions(self): |
|
181 | def test_create_in_group_without_needed_permissions(self): | |
179 | usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) |
|
182 | usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) | |
|
183 | # avoid spurious RepoGroup DetachedInstanceError ... | |||
|
184 | authentication_token = self.authentication_token() | |||
180 | # revoke |
|
185 | # revoke | |
181 | user_model = UserModel() |
|
186 | user_model = UserModel() | |
182 | # disable fork and create on default user |
|
187 | # disable fork and create on default user | |
@@ -213,7 +218,8 b' class _BaseTest(TestController):' | |||||
213 | repo_name=repo_name, |
|
218 | repo_name=repo_name, | |
214 | repo_type=self.REPO_TYPE, |
|
219 | repo_type=self.REPO_TYPE, | |
215 | repo_description=description, |
|
220 | repo_description=description, | |
216 |
repo_group=gr.group_id, |
|
221 | repo_group=gr.group_id, | |
|
222 | _authentication_token=authentication_token)) | |||
217 |
|
223 | |||
218 | response.mustcontain('Invalid value') |
|
224 | response.mustcontain('Invalid value') | |
219 |
|
225 | |||
@@ -226,7 +232,8 b' class _BaseTest(TestController):' | |||||
226 | repo_name=repo_name, |
|
232 | repo_name=repo_name, | |
227 | repo_type=self.REPO_TYPE, |
|
233 | repo_type=self.REPO_TYPE, | |
228 | repo_description=description, |
|
234 | repo_description=description, | |
229 |
repo_group=gr_allowed.group_id, |
|
235 | repo_group=gr_allowed.group_id, | |
|
236 | _authentication_token=authentication_token)) | |||
230 |
|
237 | |||
231 | ## run the check page that triggers the flash message |
|
238 | ## run the check page that triggers the flash message | |
232 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
239 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
@@ -287,7 +294,8 b' class _BaseTest(TestController):' | |||||
287 | repo_type=self.REPO_TYPE, |
|
294 | repo_type=self.REPO_TYPE, | |
288 | repo_description=description, |
|
295 | repo_description=description, | |
289 | repo_group=gr.group_id, |
|
296 | repo_group=gr.group_id, | |
290 |
repo_copy_permissions=True |
|
297 | repo_copy_permissions=True, | |
|
298 | _authentication_token=self.authentication_token())) | |||
291 |
|
299 | |||
292 | ## run the check page that triggers the flash message |
|
300 | ## run the check page that triggers the flash message | |
293 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
301 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) | |
@@ -338,7 +346,8 b' class _BaseTest(TestController):' | |||||
338 | repo_name=repo_name, |
|
346 | repo_name=repo_name, | |
339 | repo_type=self.REPO_TYPE, |
|
347 | repo_type=self.REPO_TYPE, | |
340 | repo_description=description, |
|
348 | repo_description=description, | |
341 |
clone_uri='http://127.0.0.1/repo' |
|
349 | clone_uri='http://127.0.0.1/repo', | |
|
350 | _authentication_token=self.authentication_token())) | |||
342 | response.mustcontain('invalid clone URL') |
|
351 | response.mustcontain('invalid clone URL') | |
343 |
|
352 | |||
344 |
|
353 | |||
@@ -351,7 +360,8 b' class _BaseTest(TestController):' | |||||
351 | repo_name=repo_name, |
|
360 | repo_name=repo_name, | |
352 | repo_type=self.REPO_TYPE, |
|
361 | repo_type=self.REPO_TYPE, | |
353 | repo_description=description, |
|
362 | repo_description=description, | |
354 |
clone_uri='svn+http://127.0.0.1/repo' |
|
363 | clone_uri='svn+http://127.0.0.1/repo', | |
|
364 | _authentication_token=self.authentication_token())) | |||
355 | response.mustcontain('invalid clone URL') |
|
365 | response.mustcontain('invalid clone URL') | |
356 |
|
366 | |||
357 |
|
367 | |||
@@ -363,7 +373,8 b' class _BaseTest(TestController):' | |||||
363 | fixture._get_repo_create_params(repo_private=False, |
|
373 | fixture._get_repo_create_params(repo_private=False, | |
364 | repo_type=self.REPO_TYPE, |
|
374 | repo_type=self.REPO_TYPE, | |
365 | repo_name=repo_name, |
|
375 | repo_name=repo_name, | |
366 |
repo_description=description |
|
376 | repo_description=description, | |
|
377 | _authentication_token=self.authentication_token())) | |||
367 | ## run the check page that triggers the flash message |
|
378 | ## run the check page that triggers the flash message | |
368 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
379 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
369 | self.checkSessionFlash(response, |
|
380 | self.checkSessionFlash(response, | |
@@ -413,7 +424,8 b' class _BaseTest(TestController):' | |||||
413 | fixture._get_repo_create_params(repo_private=False, |
|
424 | fixture._get_repo_create_params(repo_private=False, | |
414 | repo_name=repo_name, |
|
425 | repo_name=repo_name, | |
415 | repo_type=self.REPO_TYPE, |
|
426 | repo_type=self.REPO_TYPE, | |
416 |
repo_description=description |
|
427 | repo_description=description, | |
|
428 | _authentication_token=self.authentication_token())) | |||
417 | ## run the check page that triggers the flash message |
|
429 | ## run the check page that triggers the flash message | |
418 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
430 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) | |
419 | self.assertEqual(response.json, {u'result': True}) |
|
431 | self.assertEqual(response.json, {u'result': True}) | |
@@ -457,7 +469,7 b' class _BaseTest(TestController):' | |||||
457 |
|
469 | |||
458 | def test_delete_browser_fakeout(self): |
|
470 | def test_delete_browser_fakeout(self): | |
459 | response = self.app.post(url('repo', repo_name=self.REPO), |
|
471 | response = self.app.post(url('repo', repo_name=self.REPO), | |
460 | params=dict(_method='delete')) |
|
472 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
461 |
|
473 | |||
462 | def test_show(self): |
|
474 | def test_show(self): | |
463 | self.log_user() |
|
475 | self.log_user() | |
@@ -478,7 +490,8 b' class _BaseTest(TestController):' | |||||
478 | fixture._get_repo_create_params(repo_private=1, |
|
490 | fixture._get_repo_create_params(repo_private=1, | |
479 | repo_name=self.REPO, |
|
491 | repo_name=self.REPO, | |
480 | repo_type=self.REPO_TYPE, |
|
492 | repo_type=self.REPO_TYPE, | |
481 |
user=TEST_USER_ADMIN_LOGIN |
|
493 | user=TEST_USER_ADMIN_LOGIN, | |
|
494 | _authentication_token=self.authentication_token())) | |||
482 | self.checkSessionFlash(response, |
|
495 | self.checkSessionFlash(response, | |
483 | msg='Repository %s updated successfully' % (self.REPO)) |
|
496 | msg='Repository %s updated successfully' % (self.REPO)) | |
484 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) |
|
497 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) | |
@@ -492,7 +505,8 b' class _BaseTest(TestController):' | |||||
492 | fixture._get_repo_create_params(repo_private=False, |
|
505 | fixture._get_repo_create_params(repo_private=False, | |
493 | repo_name=self.REPO, |
|
506 | repo_name=self.REPO, | |
494 | repo_type=self.REPO_TYPE, |
|
507 | repo_type=self.REPO_TYPE, | |
495 |
user=TEST_USER_ADMIN_LOGIN |
|
508 | user=TEST_USER_ADMIN_LOGIN, | |
|
509 | _authentication_token=self.authentication_token())) | |||
496 | self.checkSessionFlash(response, |
|
510 | self.checkSessionFlash(response, | |
497 | msg='Repository %s updated successfully' % (self.REPO)) |
|
511 | msg='Repository %s updated successfully' % (self.REPO)) | |
498 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) |
|
512 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) | |
@@ -521,7 +535,7 b' class _BaseTest(TestController):' | |||||
521 | repo = Repository.get_by_repo_name(self.REPO) |
|
535 | repo = Repository.get_by_repo_name(self.REPO) | |
522 | repo2 = Repository.get_by_repo_name(other_repo) |
|
536 | repo2 = Repository.get_by_repo_name(other_repo) | |
523 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
537 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
524 | params=dict(id_fork_of=repo2.repo_id)) |
|
538 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
525 | repo = Repository.get_by_repo_name(self.REPO) |
|
539 | repo = Repository.get_by_repo_name(self.REPO) | |
526 | repo2 = Repository.get_by_repo_name(other_repo) |
|
540 | repo2 = Repository.get_by_repo_name(other_repo) | |
527 | self.checkSessionFlash(response, |
|
541 | self.checkSessionFlash(response, | |
@@ -542,7 +556,7 b' class _BaseTest(TestController):' | |||||
542 | repo = Repository.get_by_repo_name(self.REPO) |
|
556 | repo = Repository.get_by_repo_name(self.REPO) | |
543 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
557 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
544 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
558 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
545 | params=dict(id_fork_of=repo2.repo_id)) |
|
559 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
546 | repo = Repository.get_by_repo_name(self.REPO) |
|
560 | repo = Repository.get_by_repo_name(self.REPO) | |
547 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
561 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
548 | self.checkSessionFlash(response, |
|
562 | self.checkSessionFlash(response, | |
@@ -552,7 +566,7 b' class _BaseTest(TestController):' | |||||
552 | self.log_user() |
|
566 | self.log_user() | |
553 | ## mark it as None |
|
567 | ## mark it as None | |
554 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
568 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
555 | params=dict(id_fork_of=None)) |
|
569 | params=dict(id_fork_of=None, _authentication_token=self.authentication_token())) | |
556 | repo = Repository.get_by_repo_name(self.REPO) |
|
570 | repo = Repository.get_by_repo_name(self.REPO) | |
557 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
571 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) | |
558 | self.checkSessionFlash(response, |
|
572 | self.checkSessionFlash(response, | |
@@ -564,7 +578,7 b' class _BaseTest(TestController):' | |||||
564 | self.log_user() |
|
578 | self.log_user() | |
565 | repo = Repository.get_by_repo_name(self.REPO) |
|
579 | repo = Repository.get_by_repo_name(self.REPO) | |
566 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
580 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), | |
567 | params=dict(id_fork_of=repo.repo_id)) |
|
581 | params=dict(id_fork_of=repo.repo_id, _authentication_token=self.authentication_token())) | |
568 | self.checkSessionFlash(response, |
|
582 | self.checkSessionFlash(response, | |
569 | 'An error occurred during this operation') |
|
583 | 'An error occurred during this operation') | |
570 |
|
584 | |||
@@ -594,7 +608,8 b' class _BaseTest(TestController):' | |||||
594 | fixture._get_repo_create_params(repo_private=False, |
|
608 | fixture._get_repo_create_params(repo_private=False, | |
595 | repo_name=repo_name, |
|
609 | repo_name=repo_name, | |
596 | repo_type=self.REPO_TYPE, |
|
610 | repo_type=self.REPO_TYPE, | |
597 |
repo_description=description |
|
611 | repo_description=description, | |
|
612 | _authentication_token=self.authentication_token())) | |||
598 |
|
613 | |||
599 | response.mustcontain('no permission to create repository in root location') |
|
614 | response.mustcontain('no permission to create repository in root location') | |
600 |
|
615 | |||
@@ -611,7 +626,8 b' class _BaseTest(TestController):' | |||||
611 | fixture._get_repo_create_params(repo_private=False, |
|
626 | fixture._get_repo_create_params(repo_private=False, | |
612 | repo_name=repo_name, |
|
627 | repo_name=repo_name, | |
613 | repo_type=self.REPO_TYPE, |
|
628 | repo_type=self.REPO_TYPE, | |
614 |
repo_description=description |
|
629 | repo_description=description, | |
|
630 | _authentication_token=self.authentication_token())) | |||
615 |
|
631 | |||
616 | self.checkSessionFlash(response, |
|
632 | self.checkSessionFlash(response, | |
617 | 'Error creating repository %s' % repo_name) |
|
633 | 'Error creating repository %s' % repo_name) |
@@ -37,7 +37,8 b' class TestAdminSettingsController(TestCo' | |||||
37 | self.log_user() |
|
37 | self.log_user() | |
38 | response = self.app.post(url('admin_settings_hooks'), |
|
38 | response = self.app.post(url('admin_settings_hooks'), | |
39 | params=dict(new_hook_ui_key='test_hooks_1', |
|
39 | params=dict(new_hook_ui_key='test_hooks_1', | |
40 |
new_hook_ui_value='cd /tmp' |
|
40 | new_hook_ui_value='cd /tmp', | |
|
41 | _authentication_token=self.authentication_token())) | |||
41 |
|
42 | |||
42 | response = response.follow() |
|
43 | response = response.follow() | |
43 | response.mustcontain('test_hooks_1') |
|
44 | response.mustcontain('test_hooks_1') | |
@@ -47,7 +48,8 b' class TestAdminSettingsController(TestCo' | |||||
47 | self.log_user() |
|
48 | self.log_user() | |
48 | response = self.app.post(url('admin_settings_hooks'), |
|
49 | response = self.app.post(url('admin_settings_hooks'), | |
49 | params=dict(new_hook_ui_key='test_hooks_2', |
|
50 | params=dict(new_hook_ui_key='test_hooks_2', | |
50 |
new_hook_ui_value='cd /tmp2' |
|
51 | new_hook_ui_value='cd /tmp2', | |
|
52 | _authentication_token=self.authentication_token())) | |||
51 |
|
53 | |||
52 | response = response.follow() |
|
54 | response = response.follow() | |
53 | response.mustcontain('test_hooks_2') |
|
55 | response.mustcontain('test_hooks_2') | |
@@ -56,7 +58,7 b' class TestAdminSettingsController(TestCo' | |||||
56 | hook_id = Ui.get_by_key('test_hooks_2').ui_id |
|
58 | hook_id = Ui.get_by_key('test_hooks_2').ui_id | |
57 | ## delete |
|
59 | ## delete | |
58 | self.app.post(url('admin_settings_hooks'), |
|
60 | self.app.post(url('admin_settings_hooks'), | |
59 | params=dict(hook_id=hook_id)) |
|
61 | params=dict(hook_id=hook_id, _authentication_token=self.authentication_token())) | |
60 | response = self.app.get(url('admin_settings_hooks')) |
|
62 | response = self.app.get(url('admin_settings_hooks')) | |
61 | response.mustcontain(no=['test_hooks_2']) |
|
63 | response.mustcontain(no=['test_hooks_2']) | |
62 | response.mustcontain(no=['cd /tmp2']) |
|
64 | response.mustcontain(no=['cd /tmp2']) | |
@@ -80,6 +82,7 b' class TestAdminSettingsController(TestCo' | |||||
80 | ga_code=new_ga_code, |
|
82 | ga_code=new_ga_code, | |
81 | captcha_private_key='', |
|
83 | captcha_private_key='', | |
82 | captcha_public_key='', |
|
84 | captcha_public_key='', | |
|
85 | _authentication_token=self.authentication_token(), | |||
83 | )) |
|
86 | )) | |
84 |
|
87 | |||
85 | self.checkSessionFlash(response, 'Updated application settings') |
|
88 | self.checkSessionFlash(response, 'Updated application settings') | |
@@ -101,6 +104,7 b' class TestAdminSettingsController(TestCo' | |||||
101 | ga_code=new_ga_code, |
|
104 | ga_code=new_ga_code, | |
102 | captcha_private_key='', |
|
105 | captcha_private_key='', | |
103 | captcha_public_key='', |
|
106 | captcha_public_key='', | |
|
107 | _authentication_token=self.authentication_token(), | |||
104 | )) |
|
108 | )) | |
105 |
|
109 | |||
106 | self.checkSessionFlash(response, 'Updated application settings') |
|
110 | self.checkSessionFlash(response, 'Updated application settings') | |
@@ -121,6 +125,7 b' class TestAdminSettingsController(TestCo' | |||||
121 | ga_code=new_ga_code, |
|
125 | ga_code=new_ga_code, | |
122 | captcha_private_key='1234567890', |
|
126 | captcha_private_key='1234567890', | |
123 | captcha_public_key='1234567890', |
|
127 | captcha_public_key='1234567890', | |
|
128 | _authentication_token=self.authentication_token(), | |||
124 | )) |
|
129 | )) | |
125 |
|
130 | |||
126 | self.checkSessionFlash(response, 'Updated application settings') |
|
131 | self.checkSessionFlash(response, 'Updated application settings') | |
@@ -141,6 +146,7 b' class TestAdminSettingsController(TestCo' | |||||
141 | ga_code=new_ga_code, |
|
146 | ga_code=new_ga_code, | |
142 | captcha_private_key='', |
|
147 | captcha_private_key='', | |
143 | captcha_public_key='1234567890', |
|
148 | captcha_public_key='1234567890', | |
|
149 | _authentication_token=self.authentication_token(), | |||
144 | )) |
|
150 | )) | |
145 |
|
151 | |||
146 | self.checkSessionFlash(response, 'Updated application settings') |
|
152 | self.checkSessionFlash(response, 'Updated application settings') | |
@@ -163,6 +169,7 b' class TestAdminSettingsController(TestCo' | |||||
163 | ga_code='', |
|
169 | ga_code='', | |
164 | captcha_private_key='', |
|
170 | captcha_private_key='', | |
165 | captcha_public_key='', |
|
171 | captcha_public_key='', | |
|
172 | _authentication_token=self.authentication_token(), | |||
166 | )) |
|
173 | )) | |
167 |
|
174 | |||
168 | self.checkSessionFlash(response, 'Updated application settings') |
|
175 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -19,7 +19,8 b' class TestAdminUsersGroupsController(Tes' | |||||
19 | response = self.app.post(url('users_groups'), |
|
19 | response = self.app.post(url('users_groups'), | |
20 | {'users_group_name': users_group_name, |
|
20 | {'users_group_name': users_group_name, | |
21 | 'user_group_description': 'DESC', |
|
21 | 'user_group_description': 'DESC', | |
22 |
'active': True |
|
22 | 'active': True, | |
|
23 | '_authentication_token': self.authentication_token()}) | |||
23 | response.follow() |
|
24 | response.follow() | |
24 |
|
25 | |||
25 | self.checkSessionFlash(response, |
|
26 | self.checkSessionFlash(response, | |
@@ -35,7 +36,7 b' class TestAdminUsersGroupsController(Tes' | |||||
35 |
|
36 | |||
36 | def test_update_browser_fakeout(self): |
|
37 | def test_update_browser_fakeout(self): | |
37 | response = self.app.post(url('users_group', id=1), |
|
38 | response = self.app.post(url('users_group', id=1), | |
38 | params=dict(_method='put')) |
|
39 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
39 |
|
40 | |||
40 | def test_delete(self): |
|
41 | def test_delete(self): | |
41 | self.log_user() |
|
42 | self.log_user() | |
@@ -43,7 +44,8 b' class TestAdminUsersGroupsController(Tes' | |||||
43 | response = self.app.post(url('users_groups'), |
|
44 | response = self.app.post(url('users_groups'), | |
44 | {'users_group_name':users_group_name, |
|
45 | {'users_group_name':users_group_name, | |
45 | 'user_group_description': 'DESC', |
|
46 | 'user_group_description': 'DESC', | |
46 |
'active': True |
|
47 | 'active': True, | |
|
48 | '_authentication_token': self.authentication_token()}) | |||
47 | response.follow() |
|
49 | response.follow() | |
48 |
|
50 | |||
49 | self.checkSessionFlash(response, |
|
51 | self.checkSessionFlash(response, | |
@@ -65,7 +67,8 b' class TestAdminUsersGroupsController(Tes' | |||||
65 | response = self.app.post(url('users_groups'), |
|
67 | response = self.app.post(url('users_groups'), | |
66 | {'users_group_name': users_group_name, |
|
68 | {'users_group_name': users_group_name, | |
67 | 'user_group_description': 'DESC', |
|
69 | 'user_group_description': 'DESC', | |
68 |
'active': True |
|
70 | 'active': True, | |
|
71 | '_authentication_token': self.authentication_token()}) | |||
69 | response.follow() |
|
72 | response.follow() | |
70 |
|
73 | |||
71 | ug = UserGroup.get_by_group_name(users_group_name) |
|
74 | ug = UserGroup.get_by_group_name(users_group_name) | |
@@ -74,8 +77,8 b' class TestAdminUsersGroupsController(Tes' | |||||
74 | ## ENABLE REPO CREATE ON A GROUP |
|
77 | ## ENABLE REPO CREATE ON A GROUP | |
75 | response = self.app.put(url('edit_user_group_default_perms', |
|
78 | response = self.app.put(url('edit_user_group_default_perms', | |
76 | id=ug.users_group_id), |
|
79 | id=ug.users_group_id), | |
77 |
{'create_repo_perm': True |
|
80 | {'create_repo_perm': True, | |
78 |
|
81 | '_authentication_token': self.authentication_token()}) | ||
79 | response.follow() |
|
82 | response.follow() | |
80 | ug = UserGroup.get_by_group_name(users_group_name) |
|
83 | ug = UserGroup.get_by_group_name(users_group_name) | |
81 | p = Permission.get_by_key('hg.create.repository') |
|
84 | p = Permission.get_by_key('hg.create.repository') | |
@@ -135,7 +138,8 b' class TestAdminUsersGroupsController(Tes' | |||||
135 | response = self.app.post(url('users_groups'), |
|
138 | response = self.app.post(url('users_groups'), | |
136 | {'users_group_name': users_group_name, |
|
139 | {'users_group_name': users_group_name, | |
137 | 'user_group_description': 'DESC', |
|
140 | 'user_group_description': 'DESC', | |
138 |
'active': True |
|
141 | 'active': True, | |
|
142 | '_authentication_token': self.authentication_token()}) | |||
139 | response.follow() |
|
143 | response.follow() | |
140 |
|
144 | |||
141 | ug = UserGroup.get_by_group_name(users_group_name) |
|
145 | ug = UserGroup.get_by_group_name(users_group_name) | |
@@ -144,7 +148,7 b' class TestAdminUsersGroupsController(Tes' | |||||
144 | ## ENABLE REPO CREATE ON A GROUP |
|
148 | ## ENABLE REPO CREATE ON A GROUP | |
145 | response = self.app.put(url('edit_user_group_default_perms', |
|
149 | response = self.app.put(url('edit_user_group_default_perms', | |
146 | id=ug.users_group_id), |
|
150 | id=ug.users_group_id), | |
147 | {'fork_repo_perm': True}) |
|
151 | {'fork_repo_perm': True, '_authentication_token': self.authentication_token()}) | |
148 |
|
152 | |||
149 | response.follow() |
|
153 | response.follow() | |
150 | ug = UserGroup.get_by_group_name(users_group_name) |
|
154 | ug = UserGroup.get_by_group_name(users_group_name) | |
@@ -204,7 +208,7 b' class TestAdminUsersGroupsController(Tes' | |||||
204 |
|
208 | |||
205 | def test_delete_browser_fakeout(self): |
|
209 | def test_delete_browser_fakeout(self): | |
206 | response = self.app.post(url('users_group', id=1), |
|
210 | response = self.app.post(url('users_group', id=1), | |
207 | params=dict(_method='delete')) |
|
211 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
208 |
|
212 | |||
209 | def test_show(self): |
|
213 | def test_show(self): | |
210 | response = self.app.get(url('users_group', id=1)) |
|
214 | response = self.app.get(url('users_group', id=1)) |
@@ -58,7 +58,8 b' class TestAdminUsersController(TestContr' | |||||
58 | 'lastname': lastname, |
|
58 | 'lastname': lastname, | |
59 | 'extern_name': 'internal', |
|
59 | 'extern_name': 'internal', | |
60 | 'extern_type': 'internal', |
|
60 | 'extern_type': 'internal', | |
61 |
'email': email |
|
61 | 'email': email, | |
|
62 | '_authentication_token': self.authentication_token()}) | |||
62 |
|
63 | |||
63 | self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''') |
|
64 | self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''') | |
64 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) |
|
65 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) | |
@@ -89,7 +90,8 b' class TestAdminUsersController(TestContr' | |||||
89 | 'name': name, |
|
90 | 'name': name, | |
90 | 'active': False, |
|
91 | 'active': False, | |
91 | 'lastname': lastname, |
|
92 | 'lastname': lastname, | |
92 |
'email': email |
|
93 | 'email': email, | |
|
94 | '_authentication_token': self.authentication_token()}) | |||
93 |
|
95 | |||
94 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] |
|
96 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] | |
95 | msg = h.html_escape(msg % {'username': 'new_user'}) |
|
97 | msg = h.html_escape(msg % {'username': 'new_user'}) | |
@@ -145,8 +147,10 b' class TestAdminUsersController(TestContr' | |||||
145 | # logged in yet his data is not filled |
|
147 | # logged in yet his data is not filled | |
146 | # so we use creation data |
|
148 | # so we use creation data | |
147 |
|
149 | |||
|
150 | params.update({'_authentication_token': self.authentication_token()}) | |||
148 | response = self.app.put(url('user', id=usr.user_id), params) |
|
151 | response = self.app.put(url('user', id=usr.user_id), params) | |
149 | self.checkSessionFlash(response, 'User updated successfully') |
|
152 | self.checkSessionFlash(response, 'User updated successfully') | |
|
153 | params.pop('_authentication_token') | |||
150 |
|
154 | |||
151 | updated_user = User.get_by_username(self.test_user_1) |
|
155 | updated_user = User.get_by_username(self.test_user_1) | |
152 | updated_params = updated_user.get_api_data(True) |
|
156 | updated_params = updated_user.get_api_data(True) | |
@@ -266,7 +270,8 b' class TestAdminUsersController(TestContr' | |||||
266 |
|
270 | |||
267 | response = self.app.post(url('edit_user_perms', id=uid), |
|
271 | response = self.app.post(url('edit_user_perms', id=uid), | |
268 | params=dict(_method='put', |
|
272 | params=dict(_method='put', | |
269 |
create_repo_perm=True |
|
273 | create_repo_perm=True, | |
|
274 | _authentication_token=self.authentication_token())) | |||
270 |
|
275 | |||
271 | perm_none = Permission.get_by_key('hg.create.none') |
|
276 | perm_none = Permission.get_by_key('hg.create.none') | |
272 | perm_create = Permission.get_by_key('hg.create.repository') |
|
277 | perm_create = Permission.get_by_key('hg.create.repository') | |
@@ -295,7 +300,7 b' class TestAdminUsersController(TestContr' | |||||
295 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
300 | self.assertEqual(UserModel().has_perm(user, perm_create), False) | |
296 |
|
301 | |||
297 | response = self.app.post(url('edit_user_perms', id=uid), |
|
302 | response = self.app.post(url('edit_user_perms', id=uid), | |
298 | params=dict(_method='put')) |
|
303 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
299 |
|
304 | |||
300 | perm_none = Permission.get_by_key('hg.create.none') |
|
305 | perm_none = Permission.get_by_key('hg.create.none') | |
301 | perm_create = Permission.get_by_key('hg.create.repository') |
|
306 | perm_create = Permission.get_by_key('hg.create.repository') | |
@@ -325,7 +330,8 b' class TestAdminUsersController(TestContr' | |||||
325 |
|
330 | |||
326 | response = self.app.post(url('edit_user_perms', id=uid), |
|
331 | response = self.app.post(url('edit_user_perms', id=uid), | |
327 | params=dict(_method='put', |
|
332 | params=dict(_method='put', | |
328 |
create_repo_perm=True |
|
333 | create_repo_perm=True, | |
|
334 | _authentication_token=self.authentication_token())) | |||
329 |
|
335 | |||
330 | perm_none = Permission.get_by_key('hg.create.none') |
|
336 | perm_none = Permission.get_by_key('hg.create.none') | |
331 | perm_create = Permission.get_by_key('hg.create.repository') |
|
337 | perm_create = Permission.get_by_key('hg.create.repository') | |
@@ -354,7 +360,7 b' class TestAdminUsersController(TestContr' | |||||
354 | self.assertEqual(UserModel().has_perm(user, perm_fork), False) |
|
360 | self.assertEqual(UserModel().has_perm(user, perm_fork), False) | |
355 |
|
361 | |||
356 | response = self.app.post(url('edit_user_perms', id=uid), |
|
362 | response = self.app.post(url('edit_user_perms', id=uid), | |
357 | params=dict(_method='put')) |
|
363 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
358 |
|
364 | |||
359 | perm_none = Permission.get_by_key('hg.create.none') |
|
365 | perm_none = Permission.get_by_key('hg.create.none') | |
360 | perm_create = Permission.get_by_key('hg.create.repository') |
|
366 | perm_create = Permission.get_by_key('hg.create.repository') | |
@@ -386,7 +392,7 b' class TestAdminUsersController(TestContr' | |||||
386 | user_id = user.user_id |
|
392 | user_id = user.user_id | |
387 |
|
393 | |||
388 | response = self.app.put(url('edit_user_ips', id=user_id), |
|
394 | response = self.app.put(url('edit_user_ips', id=user_id), | |
389 | params=dict(new_ip=ip)) |
|
395 | params=dict(new_ip=ip, _authentication_token=self.authentication_token())) | |
390 |
|
396 | |||
391 | if failure: |
|
397 | if failure: | |
392 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address') |
|
398 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address') | |
@@ -419,7 +425,7 b' class TestAdminUsersController(TestContr' | |||||
419 | response.mustcontain(ip_range) |
|
425 | response.mustcontain(ip_range) | |
420 |
|
426 | |||
421 | self.app.post(url('edit_user_ips', id=user_id), |
|
427 | self.app.post(url('edit_user_ips', id=user_id), | |
422 | params=dict(_method='delete', del_ip_id=new_ip_id)) |
|
428 | params=dict(_method='delete', del_ip_id=new_ip_id, _authentication_token=self.authentication_token())) | |
423 |
|
429 | |||
424 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
430 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
425 | response.mustcontain('All IP addresses are allowed') |
|
431 | response.mustcontain('All IP addresses are allowed') | |
@@ -445,7 +451,7 b' class TestAdminUsersController(TestContr' | |||||
445 | user_id = user.user_id |
|
451 | user_id = user.user_id | |
446 |
|
452 | |||
447 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
453 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
448 | {'_method': 'put', 'description': desc, 'lifetime': lifetime}) |
|
454 | {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
449 | self.checkSessionFlash(response, 'Api key successfully created') |
|
455 | self.checkSessionFlash(response, 'Api key successfully created') | |
450 | try: |
|
456 | try: | |
451 | response = response.follow() |
|
457 | response = response.follow() | |
@@ -463,7 +469,7 b' class TestAdminUsersController(TestContr' | |||||
463 | user_id = user.user_id |
|
469 | user_id = user.user_id | |
464 |
|
470 | |||
465 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
471 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
466 | {'_method': 'put', 'description': 'desc', 'lifetime': -1}) |
|
472 | {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
467 | self.checkSessionFlash(response, 'Api key successfully created') |
|
473 | self.checkSessionFlash(response, 'Api key successfully created') | |
468 | response = response.follow() |
|
474 | response = response.follow() | |
469 |
|
475 | |||
@@ -472,7 +478,7 b' class TestAdminUsersController(TestContr' | |||||
472 | self.assertEqual(1, len(keys)) |
|
478 | self.assertEqual(1, len(keys)) | |
473 |
|
479 | |||
474 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
480 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
475 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) |
|
481 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
476 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
482 | self.checkSessionFlash(response, 'Api key successfully deleted') | |
477 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() |
|
483 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() | |
478 | self.assertEqual(0, len(keys)) |
|
484 | self.assertEqual(0, len(keys)) | |
@@ -487,7 +493,7 b' class TestAdminUsersController(TestContr' | |||||
487 | response.mustcontain('expires: never') |
|
493 | response.mustcontain('expires: never') | |
488 |
|
494 | |||
489 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
495 | response = self.app.post(url('edit_user_api_keys', id=user_id), | |
490 | {'_method': 'delete', 'del_api_key_builtin': api_key}) |
|
496 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
491 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
497 | self.checkSessionFlash(response, 'Api key successfully reset') | |
492 | response = response.follow() |
|
498 | response = response.follow() | |
493 | response.mustcontain(no=[api_key]) |
|
499 | response.mustcontain(no=[api_key]) |
@@ -29,7 +29,7 b' class TestChangeSetCommentsController(Te' | |||||
29 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
29 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
30 | text = u'CommentOnRevision' |
|
30 | text = u'CommentOnRevision' | |
31 |
|
31 | |||
32 | params = {'text': text} |
|
32 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
33 | response = self.app.post(url(controller='changeset', action='comment', |
|
33 | response = self.app.post(url(controller='changeset', action='comment', | |
34 | repo_name=HG_REPO, revision=rev), |
|
34 | repo_name=HG_REPO, revision=rev), | |
35 | params=params) |
|
35 | params=params) | |
@@ -66,7 +66,7 b' class TestChangeSetCommentsController(Te' | |||||
66 | f_path = 'vcs/web/simplevcs/views/repository.py' |
|
66 | f_path = 'vcs/web/simplevcs/views/repository.py' | |
67 | line = 'n1' |
|
67 | line = 'n1' | |
68 |
|
68 | |||
69 | params = {'text': text, 'f_path': f_path, 'line': line} |
|
69 | params = {'text': text, 'f_path': f_path, 'line': line, '_authentication_token': self.authentication_token()} | |
70 | response = self.app.post(url(controller='changeset', action='comment', |
|
70 | response = self.app.post(url(controller='changeset', action='comment', | |
71 | repo_name=HG_REPO, revision=rev), |
|
71 | repo_name=HG_REPO, revision=rev), | |
72 | params=params) |
|
72 | params=params) | |
@@ -106,7 +106,7 b' class TestChangeSetCommentsController(Te' | |||||
106 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
106 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
107 | text = u'@test_regular check CommentOnRevision' |
|
107 | text = u'@test_regular check CommentOnRevision' | |
108 |
|
108 | |||
109 | params = {'text':text} |
|
109 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
110 | response = self.app.post(url(controller='changeset', action='comment', |
|
110 | response = self.app.post(url(controller='changeset', action='comment', | |
111 | repo_name=HG_REPO, revision=rev), |
|
111 | repo_name=HG_REPO, revision=rev), | |
112 | params=params) |
|
112 | params=params) | |
@@ -134,7 +134,7 b' class TestChangeSetCommentsController(Te' | |||||
134 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
134 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' | |
135 | text = u'CommentOnRevision' |
|
135 | text = u'CommentOnRevision' | |
136 |
|
136 | |||
137 | params = {'text': text} |
|
137 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
138 | response = self.app.post(url(controller='changeset', action='comment', |
|
138 | response = self.app.post(url(controller='changeset', action='comment', | |
139 | repo_name=HG_REPO, revision=rev), |
|
139 | repo_name=HG_REPO, revision=rev), | |
140 | params=params) |
|
140 | params=params) |
@@ -328,7 +328,8 b' removed extra unicode conversion in diff' | |||||
328 | repo_name=HG_REPO, |
|
328 | repo_name=HG_REPO, | |
329 | revision='tip', f_path='/'), |
|
329 | revision='tip', f_path='/'), | |
330 | params={ |
|
330 | params={ | |
331 | 'content': '' |
|
331 | 'content': '', | |
|
332 | '_authentication_token': self.authentication_token(), | |||
332 | }, |
|
333 | }, | |
333 | status=302) |
|
334 | status=302) | |
334 |
|
335 | |||
@@ -340,7 +341,8 b' removed extra unicode conversion in diff' | |||||
340 | repo_name=HG_REPO, |
|
341 | repo_name=HG_REPO, | |
341 | revision='tip', f_path='/'), |
|
342 | revision='tip', f_path='/'), | |
342 | params={ |
|
343 | params={ | |
343 | 'content': "foo" |
|
344 | 'content': "foo", | |
|
345 | '_authentication_token': self.authentication_token(), | |||
344 | }, |
|
346 | }, | |
345 | status=302) |
|
347 | status=302) | |
346 |
|
348 | |||
@@ -359,7 +361,8 b' removed extra unicode conversion in diff' | |||||
359 | params={ |
|
361 | params={ | |
360 | 'content': "foo", |
|
362 | 'content': "foo", | |
361 | 'filename': filename, |
|
363 | 'filename': filename, | |
362 | 'location': location |
|
364 | 'location': location, | |
|
365 | '_authentication_token': self.authentication_token(), | |||
363 | }, |
|
366 | }, | |
364 | status=302) |
|
367 | status=302) | |
365 |
|
368 | |||
@@ -379,7 +382,8 b' removed extra unicode conversion in diff' | |||||
379 | params={ |
|
382 | params={ | |
380 | 'content': "foo", |
|
383 | 'content': "foo", | |
381 | 'filename': filename, |
|
384 | 'filename': filename, | |
382 | 'location': location |
|
385 | 'location': location, | |
|
386 | '_authentication_token': self.authentication_token(), | |||
383 | }, |
|
387 | }, | |
384 | status=302) |
|
388 | status=302) | |
385 | try: |
|
389 | try: | |
@@ -401,7 +405,8 b' removed extra unicode conversion in diff' | |||||
401 | repo_name=GIT_REPO, |
|
405 | repo_name=GIT_REPO, | |
402 | revision='tip', f_path='/'), |
|
406 | revision='tip', f_path='/'), | |
403 | params={ |
|
407 | params={ | |
404 | 'content': '' |
|
408 | 'content': '', | |
|
409 | '_authentication_token': self.authentication_token(), | |||
405 | }, |
|
410 | }, | |
406 | status=302) |
|
411 | status=302) | |
407 | self.checkSessionFlash(response, 'No content') |
|
412 | self.checkSessionFlash(response, 'No content') | |
@@ -412,7 +417,8 b' removed extra unicode conversion in diff' | |||||
412 | repo_name=GIT_REPO, |
|
417 | repo_name=GIT_REPO, | |
413 | revision='tip', f_path='/'), |
|
418 | revision='tip', f_path='/'), | |
414 | params={ |
|
419 | params={ | |
415 | 'content': "foo" |
|
420 | 'content': "foo", | |
|
421 | '_authentication_token': self.authentication_token(), | |||
416 | }, |
|
422 | }, | |
417 | status=302) |
|
423 | status=302) | |
418 |
|
424 | |||
@@ -431,7 +437,8 b' removed extra unicode conversion in diff' | |||||
431 | params={ |
|
437 | params={ | |
432 | 'content': "foo", |
|
438 | 'content': "foo", | |
433 | 'filename': filename, |
|
439 | 'filename': filename, | |
434 | 'location': location |
|
440 | 'location': location, | |
|
441 | '_authentication_token': self.authentication_token(), | |||
435 | }, |
|
442 | }, | |
436 | status=302) |
|
443 | status=302) | |
437 |
|
444 | |||
@@ -451,7 +458,8 b' removed extra unicode conversion in diff' | |||||
451 | params={ |
|
458 | params={ | |
452 | 'content': "foo", |
|
459 | 'content': "foo", | |
453 | 'filename': filename, |
|
460 | 'filename': filename, | |
454 | 'location': location |
|
461 | 'location': location, | |
|
462 | '_authentication_token': self.authentication_token(), | |||
455 | }, |
|
463 | }, | |
456 | status=302) |
|
464 | status=302) | |
457 | try: |
|
465 | try: | |
@@ -480,7 +488,8 b' removed extra unicode conversion in diff' | |||||
480 | params={ |
|
488 | params={ | |
481 | 'content': "def py():\n print 'hello'\n", |
|
489 | 'content': "def py():\n print 'hello'\n", | |
482 | 'filename': filename, |
|
490 | 'filename': filename, | |
483 | 'location': location |
|
491 | 'location': location, | |
|
492 | '_authentication_token': self.authentication_token(), | |||
484 | }, |
|
493 | }, | |
485 | status=302) |
|
494 | status=302) | |
486 | response.follow() |
|
495 | response.follow() | |
@@ -510,7 +519,8 b' removed extra unicode conversion in diff' | |||||
510 | params={ |
|
519 | params={ | |
511 | 'content': "def py():\n print 'hello'\n", |
|
520 | 'content': "def py():\n print 'hello'\n", | |
512 | 'filename': filename, |
|
521 | 'filename': filename, | |
513 | 'location': location |
|
522 | 'location': location, | |
|
523 | '_authentication_token': self.authentication_token(), | |||
514 | }, |
|
524 | }, | |
515 | status=302) |
|
525 | status=302) | |
516 | response.follow() |
|
526 | response.follow() | |
@@ -524,6 +534,7 b' removed extra unicode conversion in diff' | |||||
524 | params={ |
|
534 | params={ | |
525 | 'content': "def py():\n print 'hello world'\n", |
|
535 | 'content': "def py():\n print 'hello world'\n", | |
526 | 'message': 'i commited', |
|
536 | 'message': 'i commited', | |
|
537 | '_authentication_token': self.authentication_token(), | |||
527 | }, |
|
538 | }, | |
528 | status=302) |
|
539 | status=302) | |
529 | self.checkSessionFlash(response, |
|
540 | self.checkSessionFlash(response, | |
@@ -551,7 +562,8 b' removed extra unicode conversion in diff' | |||||
551 | params={ |
|
562 | params={ | |
552 | 'content': "def py():\n print 'hello'\n", |
|
563 | 'content': "def py():\n print 'hello'\n", | |
553 | 'filename': filename, |
|
564 | 'filename': filename, | |
554 | 'location': location |
|
565 | 'location': location, | |
|
566 | '_authentication_token': self.authentication_token(), | |||
555 | }, |
|
567 | }, | |
556 | status=302) |
|
568 | status=302) | |
557 | response.follow() |
|
569 | response.follow() | |
@@ -581,7 +593,8 b' removed extra unicode conversion in diff' | |||||
581 | params={ |
|
593 | params={ | |
582 | 'content': "def py():\n print 'hello'\n", |
|
594 | 'content': "def py():\n print 'hello'\n", | |
583 | 'filename': filename, |
|
595 | 'filename': filename, | |
584 | 'location': location |
|
596 | 'location': location, | |
|
597 | '_authentication_token': self.authentication_token(), | |||
585 | }, |
|
598 | }, | |
586 | status=302) |
|
599 | status=302) | |
587 | response.follow() |
|
600 | response.follow() | |
@@ -595,6 +608,7 b' removed extra unicode conversion in diff' | |||||
595 | params={ |
|
608 | params={ | |
596 | 'content': "def py():\n print 'hello world'\n", |
|
609 | 'content': "def py():\n print 'hello world'\n", | |
597 | 'message': 'i commited', |
|
610 | 'message': 'i commited', | |
|
611 | '_authentication_token': self.authentication_token(), | |||
598 | }, |
|
612 | }, | |
599 | status=302) |
|
613 | status=302) | |
600 | self.checkSessionFlash(response, |
|
614 | self.checkSessionFlash(response, | |
@@ -622,7 +636,8 b' removed extra unicode conversion in diff' | |||||
622 | params={ |
|
636 | params={ | |
623 | 'content': "def py():\n print 'hello'\n", |
|
637 | 'content': "def py():\n print 'hello'\n", | |
624 | 'filename': filename, |
|
638 | 'filename': filename, | |
625 | 'location': location |
|
639 | 'location': location, | |
|
640 | '_authentication_token': self.authentication_token(), | |||
626 | }, |
|
641 | }, | |
627 | status=302) |
|
642 | status=302) | |
628 | response.follow() |
|
643 | response.follow() | |
@@ -652,7 +667,8 b' removed extra unicode conversion in diff' | |||||
652 | params={ |
|
667 | params={ | |
653 | 'content': "def py():\n print 'hello'\n", |
|
668 | 'content': "def py():\n print 'hello'\n", | |
654 | 'filename': filename, |
|
669 | 'filename': filename, | |
655 | 'location': location |
|
670 | 'location': location, | |
|
671 | '_authentication_token': self.authentication_token(), | |||
656 | }, |
|
672 | }, | |
657 | status=302) |
|
673 | status=302) | |
658 | response.follow() |
|
674 | response.follow() | |
@@ -665,6 +681,7 b' removed extra unicode conversion in diff' | |||||
665 | f_path='vcs/nodes.py'), |
|
681 | f_path='vcs/nodes.py'), | |
666 | params={ |
|
682 | params={ | |
667 | 'message': 'i commited', |
|
683 | 'message': 'i commited', | |
|
684 | '_authentication_token': self.authentication_token(), | |||
668 | }, |
|
685 | }, | |
669 | status=302) |
|
686 | status=302) | |
670 | self.checkSessionFlash(response, |
|
687 | self.checkSessionFlash(response, | |
@@ -692,7 +709,8 b' removed extra unicode conversion in diff' | |||||
692 | params={ |
|
709 | params={ | |
693 | 'content': "def py():\n print 'hello'\n", |
|
710 | 'content': "def py():\n print 'hello'\n", | |
694 | 'filename': filename, |
|
711 | 'filename': filename, | |
695 | 'location': location |
|
712 | 'location': location, | |
|
713 | '_authentication_token': self.authentication_token(), | |||
696 | }, |
|
714 | }, | |
697 | status=302) |
|
715 | status=302) | |
698 | response.follow() |
|
716 | response.follow() | |
@@ -722,7 +740,8 b' removed extra unicode conversion in diff' | |||||
722 | params={ |
|
740 | params={ | |
723 | 'content': "def py():\n print 'hello'\n", |
|
741 | 'content': "def py():\n print 'hello'\n", | |
724 | 'filename': filename, |
|
742 | 'filename': filename, | |
725 | 'location': location |
|
743 | 'location': location, | |
|
744 | '_authentication_token': self.authentication_token(), | |||
726 | }, |
|
745 | }, | |
727 | status=302) |
|
746 | status=302) | |
728 | response.follow() |
|
747 | response.follow() | |
@@ -735,6 +754,7 b' removed extra unicode conversion in diff' | |||||
735 | f_path='vcs/nodes.py'), |
|
754 | f_path='vcs/nodes.py'), | |
736 | params={ |
|
755 | params={ | |
737 | 'message': 'i commited', |
|
756 | 'message': 'i commited', | |
|
757 | '_authentication_token': self.authentication_token(), | |||
738 | }, |
|
758 | }, | |
739 | status=302) |
|
759 | status=302) | |
740 | self.checkSessionFlash(response, |
|
760 | self.checkSessionFlash(response, |
@@ -60,7 +60,7 b' class _BaseTest(TestController):' | |||||
60 | # try create a fork |
|
60 | # try create a fork | |
61 | repo_name = self.REPO |
|
61 | repo_name = self.REPO | |
62 | self.app.post(url(controller='forks', action='fork_create', |
|
62 | self.app.post(url(controller='forks', action='fork_create', | |
63 | repo_name=repo_name), {}, status=403) |
|
63 | repo_name=repo_name), {'_authentication_token': self.authentication_token()}, status=403) | |
64 |
|
64 | |||
65 | def test_index_with_fork(self): |
|
65 | def test_index_with_fork(self): | |
66 | self.log_user() |
|
66 | self.log_user() | |
@@ -77,7 +77,8 b' class _BaseTest(TestController):' | |||||
77 | 'repo_type': self.REPO_TYPE, |
|
77 | 'repo_type': self.REPO_TYPE, | |
78 | 'description': description, |
|
78 | 'description': description, | |
79 | 'private': 'False', |
|
79 | 'private': 'False', | |
80 |
'landing_rev': 'rev:tip' |
|
80 | 'landing_rev': 'rev:tip', | |
|
81 | '_authentication_token': self.authentication_token()} | |||
81 |
|
82 | |||
82 | self.app.post(url(controller='forks', action='fork_create', |
|
83 | self.app.post(url(controller='forks', action='fork_create', | |
83 | repo_name=repo_name), creation_args) |
|
84 | repo_name=repo_name), creation_args) | |
@@ -108,7 +109,8 b' class _BaseTest(TestController):' | |||||
108 | 'repo_type': self.REPO_TYPE, |
|
109 | 'repo_type': self.REPO_TYPE, | |
109 | 'description': description, |
|
110 | 'description': description, | |
110 | 'private': 'False', |
|
111 | 'private': 'False', | |
111 |
'landing_rev': 'rev:tip' |
|
112 | 'landing_rev': 'rev:tip', | |
|
113 | '_authentication_token': self.authentication_token()} | |||
112 | self.app.post(url(controller='forks', action='fork_create', |
|
114 | self.app.post(url(controller='forks', action='fork_create', | |
113 | repo_name=repo_name), creation_args) |
|
115 | repo_name=repo_name), creation_args) | |
114 | repo = Repository.get_by_repo_name(fork_name_full) |
|
116 | repo = Repository.get_by_repo_name(fork_name_full) | |
@@ -150,7 +152,8 b' class _BaseTest(TestController):' | |||||
150 | 'repo_type': self.REPO_TYPE, |
|
152 | 'repo_type': self.REPO_TYPE, | |
151 | 'description': description, |
|
153 | 'description': description, | |
152 | 'private': 'False', |
|
154 | 'private': 'False', | |
153 |
'landing_rev': 'rev:tip' |
|
155 | 'landing_rev': 'rev:tip', | |
|
156 | '_authentication_token': self.authentication_token()} | |||
154 | self.app.post(url(controller='forks', action='fork_create', |
|
157 | self.app.post(url(controller='forks', action='fork_create', | |
155 | repo_name=repo_name), creation_args) |
|
158 | repo_name=repo_name), creation_args) | |
156 | repo = Repository.get_by_repo_name(self.REPO_FORK) |
|
159 | repo = Repository.get_by_repo_name(self.REPO_FORK) |
@@ -50,7 +50,7 b' class TestMyAccountController(TestContro' | |||||
50 | response = self.app.get(url('my_account_emails')) |
|
50 | response = self.app.get(url('my_account_emails')) | |
51 | response.mustcontain('No additional emails specified') |
|
51 | response.mustcontain('No additional emails specified') | |
52 | response = self.app.post(url('my_account_emails'), |
|
52 | response = self.app.post(url('my_account_emails'), | |
53 | {'new_email': TEST_USER_REGULAR_EMAIL}) |
|
53 | {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()}) | |
54 | self.checkSessionFlash(response, 'This e-mail address is already taken') |
|
54 | self.checkSessionFlash(response, 'This e-mail address is already taken') | |
55 |
|
55 | |||
56 | def test_my_account_my_emails_add_mising_email_in_form(self): |
|
56 | def test_my_account_my_emails_add_mising_email_in_form(self): | |
@@ -66,7 +66,7 b' class TestMyAccountController(TestContro' | |||||
66 | response.mustcontain('No additional emails specified') |
|
66 | response.mustcontain('No additional emails specified') | |
67 |
|
67 | |||
68 | response = self.app.post(url('my_account_emails'), |
|
68 | response = self.app.post(url('my_account_emails'), | |
69 | {'new_email': 'foo@barz.com'}) |
|
69 | {'new_email': 'foo@barz.com', '_authentication_token': self.authentication_token()}) | |
70 |
|
70 | |||
71 | response = self.app.get(url('my_account_emails')) |
|
71 | response = self.app.get(url('my_account_emails')) | |
72 |
|
72 | |||
@@ -79,7 +79,7 b' class TestMyAccountController(TestContro' | |||||
79 | response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) |
|
79 | response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) | |
80 |
|
80 | |||
81 | response = self.app.post(url('my_account_emails'), |
|
81 | response = self.app.post(url('my_account_emails'), | |
82 | {'del_email_id': email_id, '_method': 'delete'}) |
|
82 | {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()}) | |
83 | self.checkSessionFlash(response, 'Removed email from user') |
|
83 | self.checkSessionFlash(response, 'Removed email from user') | |
84 | response = self.app.get(url('my_account_emails')) |
|
84 | response = self.app.get(url('my_account_emails')) | |
85 | response.mustcontain('No additional emails specified') |
|
85 | response.mustcontain('No additional emails specified') | |
@@ -114,6 +114,7 b' class TestMyAccountController(TestContro' | |||||
114 | params.update({'new_password': ''}) |
|
114 | params.update({'new_password': ''}) | |
115 | params.update({'extern_type': 'internal'}) |
|
115 | params.update({'extern_type': 'internal'}) | |
116 | params.update({'extern_name': self.test_user_1}) |
|
116 | params.update({'extern_name': self.test_user_1}) | |
|
117 | params.update({'_authentication_token': self.authentication_token()}) | |||
117 |
|
118 | |||
118 | params.update(attrs) |
|
119 | params.update(attrs) | |
119 | response = self.app.post(url('my_account'), params) |
|
120 | response = self.app.post(url('my_account'), params) | |
@@ -142,6 +143,7 b' class TestMyAccountController(TestContro' | |||||
142 | #my account cannot make you an admin ! |
|
143 | #my account cannot make you an admin ! | |
143 | params['admin'] = False |
|
144 | params['admin'] = False | |
144 |
|
145 | |||
|
146 | params.pop('_authentication_token') | |||
145 | self.assertEqual(params, updated_params) |
|
147 | self.assertEqual(params, updated_params) | |
146 |
|
148 | |||
147 | def test_my_account_update_err_email_exists(self): |
|
149 | def test_my_account_update_err_email_exists(self): | |
@@ -155,7 +157,8 b' class TestMyAccountController(TestContro' | |||||
155 | password_confirmation='test122', |
|
157 | password_confirmation='test122', | |
156 | firstname='NewName', |
|
158 | firstname='NewName', | |
157 | lastname='NewLastname', |
|
159 | lastname='NewLastname', | |
158 |
email=new_email, |
|
160 | email=new_email, | |
|
161 | _authentication_token=self.authentication_token()) | |||
159 | ) |
|
162 | ) | |
160 |
|
163 | |||
161 | response.mustcontain('This e-mail address is already taken') |
|
164 | response.mustcontain('This e-mail address is already taken') | |
@@ -171,7 +174,8 b' class TestMyAccountController(TestContro' | |||||
171 | password_confirmation='test122', |
|
174 | password_confirmation='test122', | |
172 | firstname='NewName', |
|
175 | firstname='NewName', | |
173 | lastname='NewLastname', |
|
176 | lastname='NewLastname', | |
174 |
email=new_email, |
|
177 | email=new_email, | |
|
178 | _authentication_token=self.authentication_token())) | |||
175 |
|
179 | |||
176 | response.mustcontain('An email address must contain a single @') |
|
180 | response.mustcontain('An email address must contain a single @') | |
177 | from kallithea.model import validators |
|
181 | from kallithea.model import validators | |
@@ -196,7 +200,7 b' class TestMyAccountController(TestContro' | |||||
196 | usr = self.log_user('test_regular2', 'test12') |
|
200 | usr = self.log_user('test_regular2', 'test12') | |
197 | user = User.get(usr['user_id']) |
|
201 | user = User.get(usr['user_id']) | |
198 | response = self.app.post(url('my_account_api_keys'), |
|
202 | response = self.app.post(url('my_account_api_keys'), | |
199 | {'description': desc, 'lifetime': lifetime}) |
|
203 | {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
200 | self.checkSessionFlash(response, 'Api key successfully created') |
|
204 | self.checkSessionFlash(response, 'Api key successfully created') | |
201 | try: |
|
205 | try: | |
202 | response = response.follow() |
|
206 | response = response.follow() | |
@@ -212,7 +216,7 b' class TestMyAccountController(TestContro' | |||||
212 | usr = self.log_user('test_regular2', 'test12') |
|
216 | usr = self.log_user('test_regular2', 'test12') | |
213 | user = User.get(usr['user_id']) |
|
217 | user = User.get(usr['user_id']) | |
214 | response = self.app.post(url('my_account_api_keys'), |
|
218 | response = self.app.post(url('my_account_api_keys'), | |
215 | {'description': 'desc', 'lifetime': -1}) |
|
219 | {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
216 | self.checkSessionFlash(response, 'Api key successfully created') |
|
220 | self.checkSessionFlash(response, 'Api key successfully created') | |
217 | response = response.follow() |
|
221 | response = response.follow() | |
218 |
|
222 | |||
@@ -221,7 +225,7 b' class TestMyAccountController(TestContro' | |||||
221 | self.assertEqual(1, len(keys)) |
|
225 | self.assertEqual(1, len(keys)) | |
222 |
|
226 | |||
223 | response = self.app.post(url('my_account_api_keys'), |
|
227 | response = self.app.post(url('my_account_api_keys'), | |
224 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) |
|
228 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
225 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
229 | self.checkSessionFlash(response, 'Api key successfully deleted') | |
226 | keys = UserApiKeys.query().all() |
|
230 | keys = UserApiKeys.query().all() | |
227 | self.assertEqual(0, len(keys)) |
|
231 | self.assertEqual(0, len(keys)) | |
@@ -236,7 +240,7 b' class TestMyAccountController(TestContro' | |||||
236 | response.mustcontain('expires: never') |
|
240 | response.mustcontain('expires: never') | |
237 |
|
241 | |||
238 | response = self.app.post(url('my_account_api_keys'), |
|
242 | response = self.app.post(url('my_account_api_keys'), | |
239 | {'_method': 'delete', 'del_api_key_builtin': api_key}) |
|
243 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
240 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
244 | self.checkSessionFlash(response, 'Api key successfully reset') | |
241 | response = response.follow() |
|
245 | response = response.follow() | |
242 | response.mustcontain(no=[api_key]) |
|
246 | response.mustcontain(no=[api_key]) |
General Comments 0
You need to be logged in to leave comments.
Login now