Show More
@@ -499,6 +499,7 b' def make_map(config):' | |||
|
499 | 499 | ) |
|
500 | 500 | |
|
501 | 501 | #LOGIN/LOGOUT/REGISTER/SIGN IN |
|
502 | rmap.connect('authentication_token', '%s/authentication_token' % ADMIN_PREFIX, controller='login', action='authentication_token') | |
|
502 | 503 | rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login') |
|
503 | 504 | rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login', |
|
504 | 505 | action='logout') |
@@ -270,3 +270,11 b' class LoginController(BaseController):' | |||
|
270 | 270 | session.delete() |
|
271 | 271 | log.info('Logging out and deleting session for user') |
|
272 | 272 | redirect(url('home')) |
|
273 | ||
|
274 | def authentication_token(self): | |
|
275 | """Return the CSRF protection token for the session - just like it | |
|
276 | could have been screen scrabed from a page with a form. | |
|
277 | Only intended for testing but might also be useful for other kinds | |
|
278 | of automation. | |
|
279 | """ | |
|
280 | return h.authentication_token() |
@@ -213,6 +213,9 b' class TestController(BaseTestCase):' | |||
|
213 | 213 | def _get_logged_user(self): |
|
214 | 214 | return User.get_by_username(self._logged_username) |
|
215 | 215 | |
|
216 | def authentication_token(self): | |
|
217 | return self.app.get(url('authentication_token')).body | |
|
218 | ||
|
216 | 219 | def checkSessionFlash(self, response, msg, skip=0): |
|
217 | 220 | if 'flash' not in response.session: |
|
218 | 221 | self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg)) |
@@ -6,7 +6,7 b' class TestAuthSettingsController(TestCon' | |||
|
6 | 6 | def _enable_plugins(self, plugins_list): |
|
7 | 7 | test_url = url(controller='admin/auth_settings', |
|
8 | 8 | action='auth_settings') |
|
9 | params={'auth_plugins': plugins_list,} | |
|
9 | params={'auth_plugins': plugins_list, '_authentication_token': self.authentication_token()} | |
|
10 | 10 | |
|
11 | 11 | for plugin in plugins_list.split(','): |
|
12 | 12 | enable = plugin.partition('kallithea.lib.auth_modules.')[-1] |
@@ -32,10 +32,12 b' class TestDefaultsController(TestControl' | |||
|
32 | 32 | 'default_repo_enable_statistics': True, |
|
33 | 33 | 'default_repo_private': True, |
|
34 | 34 | 'default_repo_type': 'hg', |
|
35 | '_authentication_token': self.authentication_token(), | |
|
35 | 36 | } |
|
36 | 37 | response = self.app.put(url('default', id='default'), params=params) |
|
37 | 38 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
38 | 39 | |
|
40 | params.pop('_authentication_token') | |
|
39 | 41 | defs = Setting.get_default_repo_settings() |
|
40 | 42 | self.assertEqual(params, defs) |
|
41 | 43 | |
@@ -47,20 +49,23 b' class TestDefaultsController(TestControl' | |||
|
47 | 49 | 'default_repo_enable_statistics': False, |
|
48 | 50 | 'default_repo_private': False, |
|
49 | 51 | 'default_repo_type': 'git', |
|
52 | '_authentication_token': self.authentication_token(), | |
|
50 | 53 | } |
|
51 | 54 | response = self.app.put(url('default', id='default'), params=params) |
|
52 | 55 | self.checkSessionFlash(response, 'Default settings updated successfully') |
|
56 | ||
|
57 | params.pop('_authentication_token') | |
|
53 | 58 | defs = Setting.get_default_repo_settings() |
|
54 | 59 | self.assertEqual(params, defs) |
|
55 | 60 | |
|
56 | 61 | def test_update_browser_fakeout(self): |
|
57 | response = self.app.post(url('default', id=1), params=dict(_method='put')) | |
|
62 | response = self.app.post(url('default', id=1), params=dict(_method='put', _authentication_token=self.authentication_token())) | |
|
58 | 63 | |
|
59 | 64 | def test_delete(self): |
|
60 | 65 | response = self.app.delete(url('default', id=1)) |
|
61 | 66 | |
|
62 | 67 | def test_delete_browser_fakeout(self): |
|
63 | response = self.app.post(url('default', id=1), params=dict(_method='delete')) | |
|
68 | response = self.app.post(url('default', id=1), params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
|
64 | 69 | |
|
65 | 70 | def test_show(self): |
|
66 | 71 | response = self.app.get(url('default', id=1)) |
@@ -56,7 +56,8 b' class TestGistsController(TestController' | |||
|
56 | 56 | def test_create_missing_description(self): |
|
57 | 57 | self.log_user() |
|
58 | 58 | response = self.app.post(url('gists'), |
|
59 |
params={'lifetime': -1}, |
|
|
59 | params={'lifetime': -1, '_authentication_token': self.authentication_token()}, | |
|
60 | status=200) | |
|
60 | 61 | |
|
61 | 62 | response.mustcontain('Missing value') |
|
62 | 63 | |
@@ -66,7 +67,8 b' class TestGistsController(TestController' | |||
|
66 | 67 | params={'lifetime': -1, |
|
67 | 68 | 'content': 'gist test', |
|
68 | 69 | 'filename': 'foo', |
|
69 |
'public': 'public' |
|
|
70 | 'public': 'public', | |
|
71 | '_authentication_token': self.authentication_token()}, | |
|
70 | 72 | status=302) |
|
71 | 73 | response = response.follow() |
|
72 | 74 | response.mustcontain('added file: foo') |
@@ -79,7 +81,8 b' class TestGistsController(TestController' | |||
|
79 | 81 | params={'lifetime': -1, |
|
80 | 82 | 'content': 'gist test', |
|
81 | 83 | 'filename': '/home/foo', |
|
82 |
'public': 'public' |
|
|
84 | 'public': 'public', | |
|
85 | '_authentication_token': self.authentication_token()}, | |
|
83 | 86 | status=200) |
|
84 | 87 | response.mustcontain('Filename cannot be inside a directory') |
|
85 | 88 | |
@@ -98,7 +101,8 b' class TestGistsController(TestController' | |||
|
98 | 101 | params={'lifetime': -1, |
|
99 | 102 | 'content': 'private gist test', |
|
100 | 103 | 'filename': 'private-foo', |
|
101 |
'private': 'private' |
|
|
104 | 'private': 'private', | |
|
105 | '_authentication_token': self.authentication_token()}, | |
|
102 | 106 | status=302) |
|
103 | 107 | response = response.follow() |
|
104 | 108 | response.mustcontain('added file: private-foo<') |
@@ -112,7 +116,8 b' class TestGistsController(TestController' | |||
|
112 | 116 | 'content': 'gist test', |
|
113 | 117 | 'filename': 'foo-desc', |
|
114 | 118 | 'description': 'gist-desc', |
|
115 |
'public': 'public' |
|
|
119 | 'public': 'public', | |
|
120 | '_authentication_token': self.authentication_token()}, | |
|
116 | 121 | status=302) |
|
117 | 122 | response = response.follow() |
|
118 | 123 | response.mustcontain('added file: foo-desc') |
@@ -18,7 +18,8 b' class TestAdminPermissionsController(Tes' | |||
|
18 | 18 | self.log_user() |
|
19 | 19 | default_user_id = User.get_default_user().user_id |
|
20 | 20 | response = self.app.put(url('edit_user_ips', id=default_user_id), |
|
21 |
params=dict(new_ip='127.0.0.0/24' |
|
|
21 | params=dict(new_ip='127.0.0.0/24', | |
|
22 | _authentication_token=self.authentication_token())) | |
|
22 | 23 | |
|
23 | 24 | response = self.app.get(url('admin_permissions_ips')) |
|
24 | 25 | response.mustcontain('127.0.0.0/24') |
@@ -31,7 +32,8 b' class TestAdminPermissionsController(Tes' | |||
|
31 | 32 | |
|
32 | 33 | response = self.app.post(url('edit_user_ips', id=default_user_id), |
|
33 | 34 | params=dict(_method='delete', |
|
34 |
del_ip_id=del_ip_id |
|
|
35 | del_ip_id=del_ip_id, | |
|
36 | _authentication_token=self.authentication_token())) | |
|
35 | 37 | |
|
36 | 38 | response = self.app.get(url('admin_permissions_ips')) |
|
37 | 39 | response.mustcontain('All IP addresses are allowed') |
@@ -56,7 +56,8 b' class _BaseTest(TestController):' | |||
|
56 | 56 | fixture._get_repo_create_params(repo_private=False, |
|
57 | 57 | repo_name=repo_name, |
|
58 | 58 | repo_type=self.REPO_TYPE, |
|
59 |
repo_description=description |
|
|
59 | repo_description=description, | |
|
60 | _authentication_token=self.authentication_token())) | |
|
60 | 61 | ## run the check page that triggers the flash message |
|
61 | 62 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
62 | 63 | self.assertEqual(response.json, {u'result': True}) |
@@ -96,7 +97,8 b' class _BaseTest(TestController):' | |||
|
96 | 97 | fixture._get_repo_create_params(repo_private=False, |
|
97 | 98 | repo_name=repo_name, |
|
98 | 99 | repo_type=self.REPO_TYPE, |
|
99 |
repo_description=description |
|
|
100 | repo_description=description, | |
|
101 | _authentication_token=self.authentication_token())) | |
|
100 | 102 | ## run the check page that triggers the flash message |
|
101 | 103 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
102 | 104 | self.assertEqual(response.json, {u'result': True}) |
@@ -139,7 +141,8 b' class _BaseTest(TestController):' | |||
|
139 | 141 | repo_name=repo_name, |
|
140 | 142 | repo_type=self.REPO_TYPE, |
|
141 | 143 | repo_description=description, |
|
142 |
repo_group=gr.group_id, |
|
|
144 | repo_group=gr.group_id, | |
|
145 | _authentication_token=self.authentication_token())) | |
|
143 | 146 | ## run the check page that triggers the flash message |
|
144 | 147 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
|
145 | 148 | self.assertEqual(response.json, {u'result': True}) |
@@ -177,6 +180,8 b' class _BaseTest(TestController):' | |||
|
177 | 180 | |
|
178 | 181 | def test_create_in_group_without_needed_permissions(self): |
|
179 | 182 | usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) |
|
183 | # avoid spurious RepoGroup DetachedInstanceError ... | |
|
184 | authentication_token = self.authentication_token() | |
|
180 | 185 | # revoke |
|
181 | 186 | user_model = UserModel() |
|
182 | 187 | # disable fork and create on default user |
@@ -213,7 +218,8 b' class _BaseTest(TestController):' | |||
|
213 | 218 | repo_name=repo_name, |
|
214 | 219 | repo_type=self.REPO_TYPE, |
|
215 | 220 | repo_description=description, |
|
216 |
repo_group=gr.group_id, |
|
|
221 | repo_group=gr.group_id, | |
|
222 | _authentication_token=authentication_token)) | |
|
217 | 223 | |
|
218 | 224 | response.mustcontain('Invalid value') |
|
219 | 225 | |
@@ -226,7 +232,8 b' class _BaseTest(TestController):' | |||
|
226 | 232 | repo_name=repo_name, |
|
227 | 233 | repo_type=self.REPO_TYPE, |
|
228 | 234 | repo_description=description, |
|
229 |
repo_group=gr_allowed.group_id, |
|
|
235 | repo_group=gr_allowed.group_id, | |
|
236 | _authentication_token=authentication_token)) | |
|
230 | 237 | |
|
231 | 238 | ## run the check page that triggers the flash message |
|
232 | 239 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
@@ -287,7 +294,8 b' class _BaseTest(TestController):' | |||
|
287 | 294 | repo_type=self.REPO_TYPE, |
|
288 | 295 | repo_description=description, |
|
289 | 296 | repo_group=gr.group_id, |
|
290 |
repo_copy_permissions=True |
|
|
297 | repo_copy_permissions=True, | |
|
298 | _authentication_token=self.authentication_token())) | |
|
291 | 299 | |
|
292 | 300 | ## run the check page that triggers the flash message |
|
293 | 301 | response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) |
@@ -338,7 +346,8 b' class _BaseTest(TestController):' | |||
|
338 | 346 | repo_name=repo_name, |
|
339 | 347 | repo_type=self.REPO_TYPE, |
|
340 | 348 | repo_description=description, |
|
341 |
clone_uri='http://127.0.0.1/repo' |
|
|
349 | clone_uri='http://127.0.0.1/repo', | |
|
350 | _authentication_token=self.authentication_token())) | |
|
342 | 351 | response.mustcontain('invalid clone URL') |
|
343 | 352 | |
|
344 | 353 | |
@@ -351,7 +360,8 b' class _BaseTest(TestController):' | |||
|
351 | 360 | repo_name=repo_name, |
|
352 | 361 | repo_type=self.REPO_TYPE, |
|
353 | 362 | repo_description=description, |
|
354 |
clone_uri='svn+http://127.0.0.1/repo' |
|
|
363 | clone_uri='svn+http://127.0.0.1/repo', | |
|
364 | _authentication_token=self.authentication_token())) | |
|
355 | 365 | response.mustcontain('invalid clone URL') |
|
356 | 366 | |
|
357 | 367 | |
@@ -363,7 +373,8 b' class _BaseTest(TestController):' | |||
|
363 | 373 | fixture._get_repo_create_params(repo_private=False, |
|
364 | 374 | repo_type=self.REPO_TYPE, |
|
365 | 375 | repo_name=repo_name, |
|
366 |
repo_description=description |
|
|
376 | repo_description=description, | |
|
377 | _authentication_token=self.authentication_token())) | |
|
367 | 378 | ## run the check page that triggers the flash message |
|
368 | 379 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
369 | 380 | self.checkSessionFlash(response, |
@@ -413,7 +424,8 b' class _BaseTest(TestController):' | |||
|
413 | 424 | fixture._get_repo_create_params(repo_private=False, |
|
414 | 425 | repo_name=repo_name, |
|
415 | 426 | repo_type=self.REPO_TYPE, |
|
416 |
repo_description=description |
|
|
427 | repo_description=description, | |
|
428 | _authentication_token=self.authentication_token())) | |
|
417 | 429 | ## run the check page that triggers the flash message |
|
418 | 430 | response = self.app.get(url('repo_check_home', repo_name=repo_name)) |
|
419 | 431 | self.assertEqual(response.json, {u'result': True}) |
@@ -457,7 +469,7 b' class _BaseTest(TestController):' | |||
|
457 | 469 | |
|
458 | 470 | def test_delete_browser_fakeout(self): |
|
459 | 471 | response = self.app.post(url('repo', repo_name=self.REPO), |
|
460 | params=dict(_method='delete')) | |
|
472 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
|
461 | 473 | |
|
462 | 474 | def test_show(self): |
|
463 | 475 | self.log_user() |
@@ -478,7 +490,8 b' class _BaseTest(TestController):' | |||
|
478 | 490 | fixture._get_repo_create_params(repo_private=1, |
|
479 | 491 | repo_name=self.REPO, |
|
480 | 492 | repo_type=self.REPO_TYPE, |
|
481 |
user=TEST_USER_ADMIN_LOGIN |
|
|
493 | user=TEST_USER_ADMIN_LOGIN, | |
|
494 | _authentication_token=self.authentication_token())) | |
|
482 | 495 | self.checkSessionFlash(response, |
|
483 | 496 | msg='Repository %s updated successfully' % (self.REPO)) |
|
484 | 497 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) |
@@ -492,7 +505,8 b' class _BaseTest(TestController):' | |||
|
492 | 505 | fixture._get_repo_create_params(repo_private=False, |
|
493 | 506 | repo_name=self.REPO, |
|
494 | 507 | repo_type=self.REPO_TYPE, |
|
495 |
user=TEST_USER_ADMIN_LOGIN |
|
|
508 | user=TEST_USER_ADMIN_LOGIN, | |
|
509 | _authentication_token=self.authentication_token())) | |
|
496 | 510 | self.checkSessionFlash(response, |
|
497 | 511 | msg='Repository %s updated successfully' % (self.REPO)) |
|
498 | 512 | self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) |
@@ -521,7 +535,7 b' class _BaseTest(TestController):' | |||
|
521 | 535 | repo = Repository.get_by_repo_name(self.REPO) |
|
522 | 536 | repo2 = Repository.get_by_repo_name(other_repo) |
|
523 | 537 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
524 | params=dict(id_fork_of=repo2.repo_id)) | |
|
538 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
|
525 | 539 | repo = Repository.get_by_repo_name(self.REPO) |
|
526 | 540 | repo2 = Repository.get_by_repo_name(other_repo) |
|
527 | 541 | self.checkSessionFlash(response, |
@@ -542,7 +556,7 b' class _BaseTest(TestController):' | |||
|
542 | 556 | repo = Repository.get_by_repo_name(self.REPO) |
|
543 | 557 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
544 | 558 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
545 | params=dict(id_fork_of=repo2.repo_id)) | |
|
559 | params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token())) | |
|
546 | 560 | repo = Repository.get_by_repo_name(self.REPO) |
|
547 | 561 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
548 | 562 | self.checkSessionFlash(response, |
@@ -552,7 +566,7 b' class _BaseTest(TestController):' | |||
|
552 | 566 | self.log_user() |
|
553 | 567 | ## mark it as None |
|
554 | 568 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
555 | params=dict(id_fork_of=None)) | |
|
569 | params=dict(id_fork_of=None, _authentication_token=self.authentication_token())) | |
|
556 | 570 | repo = Repository.get_by_repo_name(self.REPO) |
|
557 | 571 | repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO) |
|
558 | 572 | self.checkSessionFlash(response, |
@@ -564,7 +578,7 b' class _BaseTest(TestController):' | |||
|
564 | 578 | self.log_user() |
|
565 | 579 | repo = Repository.get_by_repo_name(self.REPO) |
|
566 | 580 | response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO), |
|
567 | params=dict(id_fork_of=repo.repo_id)) | |
|
581 | params=dict(id_fork_of=repo.repo_id, _authentication_token=self.authentication_token())) | |
|
568 | 582 | self.checkSessionFlash(response, |
|
569 | 583 | 'An error occurred during this operation') |
|
570 | 584 | |
@@ -594,7 +608,8 b' class _BaseTest(TestController):' | |||
|
594 | 608 | fixture._get_repo_create_params(repo_private=False, |
|
595 | 609 | repo_name=repo_name, |
|
596 | 610 | repo_type=self.REPO_TYPE, |
|
597 |
repo_description=description |
|
|
611 | repo_description=description, | |
|
612 | _authentication_token=self.authentication_token())) | |
|
598 | 613 | |
|
599 | 614 | response.mustcontain('no permission to create repository in root location') |
|
600 | 615 | |
@@ -611,7 +626,8 b' class _BaseTest(TestController):' | |||
|
611 | 626 | fixture._get_repo_create_params(repo_private=False, |
|
612 | 627 | repo_name=repo_name, |
|
613 | 628 | repo_type=self.REPO_TYPE, |
|
614 |
repo_description=description |
|
|
629 | repo_description=description, | |
|
630 | _authentication_token=self.authentication_token())) | |
|
615 | 631 | |
|
616 | 632 | self.checkSessionFlash(response, |
|
617 | 633 | 'Error creating repository %s' % repo_name) |
@@ -37,7 +37,8 b' class TestAdminSettingsController(TestCo' | |||
|
37 | 37 | self.log_user() |
|
38 | 38 | response = self.app.post(url('admin_settings_hooks'), |
|
39 | 39 | params=dict(new_hook_ui_key='test_hooks_1', |
|
40 |
new_hook_ui_value='cd /tmp' |
|
|
40 | new_hook_ui_value='cd /tmp', | |
|
41 | _authentication_token=self.authentication_token())) | |
|
41 | 42 | |
|
42 | 43 | response = response.follow() |
|
43 | 44 | response.mustcontain('test_hooks_1') |
@@ -47,7 +48,8 b' class TestAdminSettingsController(TestCo' | |||
|
47 | 48 | self.log_user() |
|
48 | 49 | response = self.app.post(url('admin_settings_hooks'), |
|
49 | 50 | params=dict(new_hook_ui_key='test_hooks_2', |
|
50 |
new_hook_ui_value='cd /tmp2' |
|
|
51 | new_hook_ui_value='cd /tmp2', | |
|
52 | _authentication_token=self.authentication_token())) | |
|
51 | 53 | |
|
52 | 54 | response = response.follow() |
|
53 | 55 | response.mustcontain('test_hooks_2') |
@@ -56,7 +58,7 b' class TestAdminSettingsController(TestCo' | |||
|
56 | 58 | hook_id = Ui.get_by_key('test_hooks_2').ui_id |
|
57 | 59 | ## delete |
|
58 | 60 | self.app.post(url('admin_settings_hooks'), |
|
59 | params=dict(hook_id=hook_id)) | |
|
61 | params=dict(hook_id=hook_id, _authentication_token=self.authentication_token())) | |
|
60 | 62 | response = self.app.get(url('admin_settings_hooks')) |
|
61 | 63 | response.mustcontain(no=['test_hooks_2']) |
|
62 | 64 | response.mustcontain(no=['cd /tmp2']) |
@@ -80,6 +82,7 b' class TestAdminSettingsController(TestCo' | |||
|
80 | 82 | ga_code=new_ga_code, |
|
81 | 83 | captcha_private_key='', |
|
82 | 84 | captcha_public_key='', |
|
85 | _authentication_token=self.authentication_token(), | |
|
83 | 86 | )) |
|
84 | 87 | |
|
85 | 88 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -101,6 +104,7 b' class TestAdminSettingsController(TestCo' | |||
|
101 | 104 | ga_code=new_ga_code, |
|
102 | 105 | captcha_private_key='', |
|
103 | 106 | captcha_public_key='', |
|
107 | _authentication_token=self.authentication_token(), | |
|
104 | 108 | )) |
|
105 | 109 | |
|
106 | 110 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -121,6 +125,7 b' class TestAdminSettingsController(TestCo' | |||
|
121 | 125 | ga_code=new_ga_code, |
|
122 | 126 | captcha_private_key='1234567890', |
|
123 | 127 | captcha_public_key='1234567890', |
|
128 | _authentication_token=self.authentication_token(), | |
|
124 | 129 | )) |
|
125 | 130 | |
|
126 | 131 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -141,6 +146,7 b' class TestAdminSettingsController(TestCo' | |||
|
141 | 146 | ga_code=new_ga_code, |
|
142 | 147 | captcha_private_key='', |
|
143 | 148 | captcha_public_key='1234567890', |
|
149 | _authentication_token=self.authentication_token(), | |
|
144 | 150 | )) |
|
145 | 151 | |
|
146 | 152 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -163,6 +169,7 b' class TestAdminSettingsController(TestCo' | |||
|
163 | 169 | ga_code='', |
|
164 | 170 | captcha_private_key='', |
|
165 | 171 | captcha_public_key='', |
|
172 | _authentication_token=self.authentication_token(), | |
|
166 | 173 | )) |
|
167 | 174 | |
|
168 | 175 | self.checkSessionFlash(response, 'Updated application settings') |
@@ -19,7 +19,8 b' class TestAdminUsersGroupsController(Tes' | |||
|
19 | 19 | response = self.app.post(url('users_groups'), |
|
20 | 20 | {'users_group_name': users_group_name, |
|
21 | 21 | 'user_group_description': 'DESC', |
|
22 |
'active': True |
|
|
22 | 'active': True, | |
|
23 | '_authentication_token': self.authentication_token()}) | |
|
23 | 24 | response.follow() |
|
24 | 25 | |
|
25 | 26 | self.checkSessionFlash(response, |
@@ -35,7 +36,7 b' class TestAdminUsersGroupsController(Tes' | |||
|
35 | 36 | |
|
36 | 37 | def test_update_browser_fakeout(self): |
|
37 | 38 | response = self.app.post(url('users_group', id=1), |
|
38 | params=dict(_method='put')) | |
|
39 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
|
39 | 40 | |
|
40 | 41 | def test_delete(self): |
|
41 | 42 | self.log_user() |
@@ -43,7 +44,8 b' class TestAdminUsersGroupsController(Tes' | |||
|
43 | 44 | response = self.app.post(url('users_groups'), |
|
44 | 45 | {'users_group_name':users_group_name, |
|
45 | 46 | 'user_group_description': 'DESC', |
|
46 |
'active': True |
|
|
47 | 'active': True, | |
|
48 | '_authentication_token': self.authentication_token()}) | |
|
47 | 49 | response.follow() |
|
48 | 50 | |
|
49 | 51 | self.checkSessionFlash(response, |
@@ -65,7 +67,8 b' class TestAdminUsersGroupsController(Tes' | |||
|
65 | 67 | response = self.app.post(url('users_groups'), |
|
66 | 68 | {'users_group_name': users_group_name, |
|
67 | 69 | 'user_group_description': 'DESC', |
|
68 |
'active': True |
|
|
70 | 'active': True, | |
|
71 | '_authentication_token': self.authentication_token()}) | |
|
69 | 72 | response.follow() |
|
70 | 73 | |
|
71 | 74 | ug = UserGroup.get_by_group_name(users_group_name) |
@@ -74,8 +77,8 b' class TestAdminUsersGroupsController(Tes' | |||
|
74 | 77 | ## ENABLE REPO CREATE ON A GROUP |
|
75 | 78 | response = self.app.put(url('edit_user_group_default_perms', |
|
76 | 79 | id=ug.users_group_id), |
|
77 |
{'create_repo_perm': True |
|
|
78 | ||
|
80 | {'create_repo_perm': True, | |
|
81 | '_authentication_token': self.authentication_token()}) | |
|
79 | 82 | response.follow() |
|
80 | 83 | ug = UserGroup.get_by_group_name(users_group_name) |
|
81 | 84 | p = Permission.get_by_key('hg.create.repository') |
@@ -135,7 +138,8 b' class TestAdminUsersGroupsController(Tes' | |||
|
135 | 138 | response = self.app.post(url('users_groups'), |
|
136 | 139 | {'users_group_name': users_group_name, |
|
137 | 140 | 'user_group_description': 'DESC', |
|
138 |
'active': True |
|
|
141 | 'active': True, | |
|
142 | '_authentication_token': self.authentication_token()}) | |
|
139 | 143 | response.follow() |
|
140 | 144 | |
|
141 | 145 | ug = UserGroup.get_by_group_name(users_group_name) |
@@ -144,7 +148,7 b' class TestAdminUsersGroupsController(Tes' | |||
|
144 | 148 | ## ENABLE REPO CREATE ON A GROUP |
|
145 | 149 | response = self.app.put(url('edit_user_group_default_perms', |
|
146 | 150 | id=ug.users_group_id), |
|
147 | {'fork_repo_perm': True}) | |
|
151 | {'fork_repo_perm': True, '_authentication_token': self.authentication_token()}) | |
|
148 | 152 | |
|
149 | 153 | response.follow() |
|
150 | 154 | ug = UserGroup.get_by_group_name(users_group_name) |
@@ -204,7 +208,7 b' class TestAdminUsersGroupsController(Tes' | |||
|
204 | 208 | |
|
205 | 209 | def test_delete_browser_fakeout(self): |
|
206 | 210 | response = self.app.post(url('users_group', id=1), |
|
207 | params=dict(_method='delete')) | |
|
211 | params=dict(_method='delete', _authentication_token=self.authentication_token())) | |
|
208 | 212 | |
|
209 | 213 | def test_show(self): |
|
210 | 214 | response = self.app.get(url('users_group', id=1)) |
@@ -58,7 +58,8 b' class TestAdminUsersController(TestContr' | |||
|
58 | 58 | 'lastname': lastname, |
|
59 | 59 | 'extern_name': 'internal', |
|
60 | 60 | 'extern_type': 'internal', |
|
61 |
'email': email |
|
|
61 | 'email': email, | |
|
62 | '_authentication_token': self.authentication_token()}) | |
|
62 | 63 | |
|
63 | 64 | self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''') |
|
64 | 65 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) |
@@ -89,7 +90,8 b' class TestAdminUsersController(TestContr' | |||
|
89 | 90 | 'name': name, |
|
90 | 91 | 'active': False, |
|
91 | 92 | 'lastname': lastname, |
|
92 |
'email': email |
|
|
93 | 'email': email, | |
|
94 | '_authentication_token': self.authentication_token()}) | |
|
93 | 95 | |
|
94 | 96 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] |
|
95 | 97 | msg = h.html_escape(msg % {'username': 'new_user'}) |
@@ -145,8 +147,10 b' class TestAdminUsersController(TestContr' | |||
|
145 | 147 | # logged in yet his data is not filled |
|
146 | 148 | # so we use creation data |
|
147 | 149 | |
|
150 | params.update({'_authentication_token': self.authentication_token()}) | |
|
148 | 151 | response = self.app.put(url('user', id=usr.user_id), params) |
|
149 | 152 | self.checkSessionFlash(response, 'User updated successfully') |
|
153 | params.pop('_authentication_token') | |
|
150 | 154 | |
|
151 | 155 | updated_user = User.get_by_username(self.test_user_1) |
|
152 | 156 | updated_params = updated_user.get_api_data(True) |
@@ -266,7 +270,8 b' class TestAdminUsersController(TestContr' | |||
|
266 | 270 | |
|
267 | 271 | response = self.app.post(url('edit_user_perms', id=uid), |
|
268 | 272 | params=dict(_method='put', |
|
269 |
create_repo_perm=True |
|
|
273 | create_repo_perm=True, | |
|
274 | _authentication_token=self.authentication_token())) | |
|
270 | 275 | |
|
271 | 276 | perm_none = Permission.get_by_key('hg.create.none') |
|
272 | 277 | perm_create = Permission.get_by_key('hg.create.repository') |
@@ -295,7 +300,7 b' class TestAdminUsersController(TestContr' | |||
|
295 | 300 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
296 | 301 | |
|
297 | 302 | response = self.app.post(url('edit_user_perms', id=uid), |
|
298 | params=dict(_method='put')) | |
|
303 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
|
299 | 304 | |
|
300 | 305 | perm_none = Permission.get_by_key('hg.create.none') |
|
301 | 306 | perm_create = Permission.get_by_key('hg.create.repository') |
@@ -325,7 +330,8 b' class TestAdminUsersController(TestContr' | |||
|
325 | 330 | |
|
326 | 331 | response = self.app.post(url('edit_user_perms', id=uid), |
|
327 | 332 | params=dict(_method='put', |
|
328 |
create_repo_perm=True |
|
|
333 | create_repo_perm=True, | |
|
334 | _authentication_token=self.authentication_token())) | |
|
329 | 335 | |
|
330 | 336 | perm_none = Permission.get_by_key('hg.create.none') |
|
331 | 337 | perm_create = Permission.get_by_key('hg.create.repository') |
@@ -354,7 +360,7 b' class TestAdminUsersController(TestContr' | |||
|
354 | 360 | self.assertEqual(UserModel().has_perm(user, perm_fork), False) |
|
355 | 361 | |
|
356 | 362 | response = self.app.post(url('edit_user_perms', id=uid), |
|
357 | params=dict(_method='put')) | |
|
363 | params=dict(_method='put', _authentication_token=self.authentication_token())) | |
|
358 | 364 | |
|
359 | 365 | perm_none = Permission.get_by_key('hg.create.none') |
|
360 | 366 | perm_create = Permission.get_by_key('hg.create.repository') |
@@ -386,7 +392,7 b' class TestAdminUsersController(TestContr' | |||
|
386 | 392 | user_id = user.user_id |
|
387 | 393 | |
|
388 | 394 | response = self.app.put(url('edit_user_ips', id=user_id), |
|
389 | params=dict(new_ip=ip)) | |
|
395 | params=dict(new_ip=ip, _authentication_token=self.authentication_token())) | |
|
390 | 396 | |
|
391 | 397 | if failure: |
|
392 | 398 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address') |
@@ -419,7 +425,7 b' class TestAdminUsersController(TestContr' | |||
|
419 | 425 | response.mustcontain(ip_range) |
|
420 | 426 | |
|
421 | 427 | self.app.post(url('edit_user_ips', id=user_id), |
|
422 | params=dict(_method='delete', del_ip_id=new_ip_id)) | |
|
428 | params=dict(_method='delete', del_ip_id=new_ip_id, _authentication_token=self.authentication_token())) | |
|
423 | 429 | |
|
424 | 430 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
425 | 431 | response.mustcontain('All IP addresses are allowed') |
@@ -445,7 +451,7 b' class TestAdminUsersController(TestContr' | |||
|
445 | 451 | user_id = user.user_id |
|
446 | 452 | |
|
447 | 453 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
448 | {'_method': 'put', 'description': desc, 'lifetime': lifetime}) | |
|
454 | {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
|
449 | 455 | self.checkSessionFlash(response, 'Api key successfully created') |
|
450 | 456 | try: |
|
451 | 457 | response = response.follow() |
@@ -463,7 +469,7 b' class TestAdminUsersController(TestContr' | |||
|
463 | 469 | user_id = user.user_id |
|
464 | 470 | |
|
465 | 471 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
466 | {'_method': 'put', 'description': 'desc', 'lifetime': -1}) | |
|
472 | {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
|
467 | 473 | self.checkSessionFlash(response, 'Api key successfully created') |
|
468 | 474 | response = response.follow() |
|
469 | 475 | |
@@ -472,7 +478,7 b' class TestAdminUsersController(TestContr' | |||
|
472 | 478 | self.assertEqual(1, len(keys)) |
|
473 | 479 | |
|
474 | 480 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
475 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) | |
|
481 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
|
476 | 482 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
477 | 483 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() |
|
478 | 484 | self.assertEqual(0, len(keys)) |
@@ -487,7 +493,7 b' class TestAdminUsersController(TestContr' | |||
|
487 | 493 | response.mustcontain('expires: never') |
|
488 | 494 | |
|
489 | 495 | response = self.app.post(url('edit_user_api_keys', id=user_id), |
|
490 | {'_method': 'delete', 'del_api_key_builtin': api_key}) | |
|
496 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
|
491 | 497 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
492 | 498 | response = response.follow() |
|
493 | 499 | response.mustcontain(no=[api_key]) |
@@ -29,7 +29,7 b' class TestChangeSetCommentsController(Te' | |||
|
29 | 29 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
30 | 30 | text = u'CommentOnRevision' |
|
31 | 31 | |
|
32 | params = {'text': text} | |
|
32 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
|
33 | 33 | response = self.app.post(url(controller='changeset', action='comment', |
|
34 | 34 | repo_name=HG_REPO, revision=rev), |
|
35 | 35 | params=params) |
@@ -66,7 +66,7 b' class TestChangeSetCommentsController(Te' | |||
|
66 | 66 | f_path = 'vcs/web/simplevcs/views/repository.py' |
|
67 | 67 | line = 'n1' |
|
68 | 68 | |
|
69 | params = {'text': text, 'f_path': f_path, 'line': line} | |
|
69 | params = {'text': text, 'f_path': f_path, 'line': line, '_authentication_token': self.authentication_token()} | |
|
70 | 70 | response = self.app.post(url(controller='changeset', action='comment', |
|
71 | 71 | repo_name=HG_REPO, revision=rev), |
|
72 | 72 | params=params) |
@@ -106,7 +106,7 b' class TestChangeSetCommentsController(Te' | |||
|
106 | 106 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
107 | 107 | text = u'@test_regular check CommentOnRevision' |
|
108 | 108 | |
|
109 | params = {'text':text} | |
|
109 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
|
110 | 110 | response = self.app.post(url(controller='changeset', action='comment', |
|
111 | 111 | repo_name=HG_REPO, revision=rev), |
|
112 | 112 | params=params) |
@@ -134,7 +134,7 b' class TestChangeSetCommentsController(Te' | |||
|
134 | 134 | rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' |
|
135 | 135 | text = u'CommentOnRevision' |
|
136 | 136 | |
|
137 | params = {'text': text} | |
|
137 | params = {'text': text, '_authentication_token': self.authentication_token()} | |
|
138 | 138 | response = self.app.post(url(controller='changeset', action='comment', |
|
139 | 139 | repo_name=HG_REPO, revision=rev), |
|
140 | 140 | params=params) |
@@ -328,7 +328,8 b' removed extra unicode conversion in diff' | |||
|
328 | 328 | repo_name=HG_REPO, |
|
329 | 329 | revision='tip', f_path='/'), |
|
330 | 330 | params={ |
|
331 | 'content': '' | |
|
331 | 'content': '', | |
|
332 | '_authentication_token': self.authentication_token(), | |
|
332 | 333 | }, |
|
333 | 334 | status=302) |
|
334 | 335 | |
@@ -340,7 +341,8 b' removed extra unicode conversion in diff' | |||
|
340 | 341 | repo_name=HG_REPO, |
|
341 | 342 | revision='tip', f_path='/'), |
|
342 | 343 | params={ |
|
343 | 'content': "foo" | |
|
344 | 'content': "foo", | |
|
345 | '_authentication_token': self.authentication_token(), | |
|
344 | 346 | }, |
|
345 | 347 | status=302) |
|
346 | 348 | |
@@ -359,7 +361,8 b' removed extra unicode conversion in diff' | |||
|
359 | 361 | params={ |
|
360 | 362 | 'content': "foo", |
|
361 | 363 | 'filename': filename, |
|
362 | 'location': location | |
|
364 | 'location': location, | |
|
365 | '_authentication_token': self.authentication_token(), | |
|
363 | 366 | }, |
|
364 | 367 | status=302) |
|
365 | 368 | |
@@ -379,7 +382,8 b' removed extra unicode conversion in diff' | |||
|
379 | 382 | params={ |
|
380 | 383 | 'content': "foo", |
|
381 | 384 | 'filename': filename, |
|
382 | 'location': location | |
|
385 | 'location': location, | |
|
386 | '_authentication_token': self.authentication_token(), | |
|
383 | 387 | }, |
|
384 | 388 | status=302) |
|
385 | 389 | try: |
@@ -401,7 +405,8 b' removed extra unicode conversion in diff' | |||
|
401 | 405 | repo_name=GIT_REPO, |
|
402 | 406 | revision='tip', f_path='/'), |
|
403 | 407 | params={ |
|
404 | 'content': '' | |
|
408 | 'content': '', | |
|
409 | '_authentication_token': self.authentication_token(), | |
|
405 | 410 | }, |
|
406 | 411 | status=302) |
|
407 | 412 | self.checkSessionFlash(response, 'No content') |
@@ -412,7 +417,8 b' removed extra unicode conversion in diff' | |||
|
412 | 417 | repo_name=GIT_REPO, |
|
413 | 418 | revision='tip', f_path='/'), |
|
414 | 419 | params={ |
|
415 | 'content': "foo" | |
|
420 | 'content': "foo", | |
|
421 | '_authentication_token': self.authentication_token(), | |
|
416 | 422 | }, |
|
417 | 423 | status=302) |
|
418 | 424 | |
@@ -431,7 +437,8 b' removed extra unicode conversion in diff' | |||
|
431 | 437 | params={ |
|
432 | 438 | 'content': "foo", |
|
433 | 439 | 'filename': filename, |
|
434 | 'location': location | |
|
440 | 'location': location, | |
|
441 | '_authentication_token': self.authentication_token(), | |
|
435 | 442 | }, |
|
436 | 443 | status=302) |
|
437 | 444 | |
@@ -451,7 +458,8 b' removed extra unicode conversion in diff' | |||
|
451 | 458 | params={ |
|
452 | 459 | 'content': "foo", |
|
453 | 460 | 'filename': filename, |
|
454 | 'location': location | |
|
461 | 'location': location, | |
|
462 | '_authentication_token': self.authentication_token(), | |
|
455 | 463 | }, |
|
456 | 464 | status=302) |
|
457 | 465 | try: |
@@ -480,7 +488,8 b' removed extra unicode conversion in diff' | |||
|
480 | 488 | params={ |
|
481 | 489 | 'content': "def py():\n print 'hello'\n", |
|
482 | 490 | 'filename': filename, |
|
483 | 'location': location | |
|
491 | 'location': location, | |
|
492 | '_authentication_token': self.authentication_token(), | |
|
484 | 493 | }, |
|
485 | 494 | status=302) |
|
486 | 495 | response.follow() |
@@ -510,7 +519,8 b' removed extra unicode conversion in diff' | |||
|
510 | 519 | params={ |
|
511 | 520 | 'content': "def py():\n print 'hello'\n", |
|
512 | 521 | 'filename': filename, |
|
513 | 'location': location | |
|
522 | 'location': location, | |
|
523 | '_authentication_token': self.authentication_token(), | |
|
514 | 524 | }, |
|
515 | 525 | status=302) |
|
516 | 526 | response.follow() |
@@ -524,6 +534,7 b' removed extra unicode conversion in diff' | |||
|
524 | 534 | params={ |
|
525 | 535 | 'content': "def py():\n print 'hello world'\n", |
|
526 | 536 | 'message': 'i commited', |
|
537 | '_authentication_token': self.authentication_token(), | |
|
527 | 538 | }, |
|
528 | 539 | status=302) |
|
529 | 540 | self.checkSessionFlash(response, |
@@ -551,7 +562,8 b' removed extra unicode conversion in diff' | |||
|
551 | 562 | params={ |
|
552 | 563 | 'content': "def py():\n print 'hello'\n", |
|
553 | 564 | 'filename': filename, |
|
554 | 'location': location | |
|
565 | 'location': location, | |
|
566 | '_authentication_token': self.authentication_token(), | |
|
555 | 567 | }, |
|
556 | 568 | status=302) |
|
557 | 569 | response.follow() |
@@ -581,7 +593,8 b' removed extra unicode conversion in diff' | |||
|
581 | 593 | params={ |
|
582 | 594 | 'content': "def py():\n print 'hello'\n", |
|
583 | 595 | 'filename': filename, |
|
584 | 'location': location | |
|
596 | 'location': location, | |
|
597 | '_authentication_token': self.authentication_token(), | |
|
585 | 598 | }, |
|
586 | 599 | status=302) |
|
587 | 600 | response.follow() |
@@ -595,6 +608,7 b' removed extra unicode conversion in diff' | |||
|
595 | 608 | params={ |
|
596 | 609 | 'content': "def py():\n print 'hello world'\n", |
|
597 | 610 | 'message': 'i commited', |
|
611 | '_authentication_token': self.authentication_token(), | |
|
598 | 612 | }, |
|
599 | 613 | status=302) |
|
600 | 614 | self.checkSessionFlash(response, |
@@ -622,7 +636,8 b' removed extra unicode conversion in diff' | |||
|
622 | 636 | params={ |
|
623 | 637 | 'content': "def py():\n print 'hello'\n", |
|
624 | 638 | 'filename': filename, |
|
625 | 'location': location | |
|
639 | 'location': location, | |
|
640 | '_authentication_token': self.authentication_token(), | |
|
626 | 641 | }, |
|
627 | 642 | status=302) |
|
628 | 643 | response.follow() |
@@ -652,7 +667,8 b' removed extra unicode conversion in diff' | |||
|
652 | 667 | params={ |
|
653 | 668 | 'content': "def py():\n print 'hello'\n", |
|
654 | 669 | 'filename': filename, |
|
655 | 'location': location | |
|
670 | 'location': location, | |
|
671 | '_authentication_token': self.authentication_token(), | |
|
656 | 672 | }, |
|
657 | 673 | status=302) |
|
658 | 674 | response.follow() |
@@ -665,6 +681,7 b' removed extra unicode conversion in diff' | |||
|
665 | 681 | f_path='vcs/nodes.py'), |
|
666 | 682 | params={ |
|
667 | 683 | 'message': 'i commited', |
|
684 | '_authentication_token': self.authentication_token(), | |
|
668 | 685 | }, |
|
669 | 686 | status=302) |
|
670 | 687 | self.checkSessionFlash(response, |
@@ -692,7 +709,8 b' removed extra unicode conversion in diff' | |||
|
692 | 709 | params={ |
|
693 | 710 | 'content': "def py():\n print 'hello'\n", |
|
694 | 711 | 'filename': filename, |
|
695 | 'location': location | |
|
712 | 'location': location, | |
|
713 | '_authentication_token': self.authentication_token(), | |
|
696 | 714 | }, |
|
697 | 715 | status=302) |
|
698 | 716 | response.follow() |
@@ -722,7 +740,8 b' removed extra unicode conversion in diff' | |||
|
722 | 740 | params={ |
|
723 | 741 | 'content': "def py():\n print 'hello'\n", |
|
724 | 742 | 'filename': filename, |
|
725 | 'location': location | |
|
743 | 'location': location, | |
|
744 | '_authentication_token': self.authentication_token(), | |
|
726 | 745 | }, |
|
727 | 746 | status=302) |
|
728 | 747 | response.follow() |
@@ -735,6 +754,7 b' removed extra unicode conversion in diff' | |||
|
735 | 754 | f_path='vcs/nodes.py'), |
|
736 | 755 | params={ |
|
737 | 756 | 'message': 'i commited', |
|
757 | '_authentication_token': self.authentication_token(), | |
|
738 | 758 | }, |
|
739 | 759 | status=302) |
|
740 | 760 | self.checkSessionFlash(response, |
@@ -60,7 +60,7 b' class _BaseTest(TestController):' | |||
|
60 | 60 | # try create a fork |
|
61 | 61 | repo_name = self.REPO |
|
62 | 62 | self.app.post(url(controller='forks', action='fork_create', |
|
63 | repo_name=repo_name), {}, status=403) | |
|
63 | repo_name=repo_name), {'_authentication_token': self.authentication_token()}, status=403) | |
|
64 | 64 | |
|
65 | 65 | def test_index_with_fork(self): |
|
66 | 66 | self.log_user() |
@@ -77,7 +77,8 b' class _BaseTest(TestController):' | |||
|
77 | 77 | 'repo_type': self.REPO_TYPE, |
|
78 | 78 | 'description': description, |
|
79 | 79 | 'private': 'False', |
|
80 |
'landing_rev': 'rev:tip' |
|
|
80 | 'landing_rev': 'rev:tip', | |
|
81 | '_authentication_token': self.authentication_token()} | |
|
81 | 82 | |
|
82 | 83 | self.app.post(url(controller='forks', action='fork_create', |
|
83 | 84 | repo_name=repo_name), creation_args) |
@@ -108,7 +109,8 b' class _BaseTest(TestController):' | |||
|
108 | 109 | 'repo_type': self.REPO_TYPE, |
|
109 | 110 | 'description': description, |
|
110 | 111 | 'private': 'False', |
|
111 |
'landing_rev': 'rev:tip' |
|
|
112 | 'landing_rev': 'rev:tip', | |
|
113 | '_authentication_token': self.authentication_token()} | |
|
112 | 114 | self.app.post(url(controller='forks', action='fork_create', |
|
113 | 115 | repo_name=repo_name), creation_args) |
|
114 | 116 | repo = Repository.get_by_repo_name(fork_name_full) |
@@ -150,7 +152,8 b' class _BaseTest(TestController):' | |||
|
150 | 152 | 'repo_type': self.REPO_TYPE, |
|
151 | 153 | 'description': description, |
|
152 | 154 | 'private': 'False', |
|
153 |
'landing_rev': 'rev:tip' |
|
|
155 | 'landing_rev': 'rev:tip', | |
|
156 | '_authentication_token': self.authentication_token()} | |
|
154 | 157 | self.app.post(url(controller='forks', action='fork_create', |
|
155 | 158 | repo_name=repo_name), creation_args) |
|
156 | 159 | repo = Repository.get_by_repo_name(self.REPO_FORK) |
@@ -50,7 +50,7 b' class TestMyAccountController(TestContro' | |||
|
50 | 50 | response = self.app.get(url('my_account_emails')) |
|
51 | 51 | response.mustcontain('No additional emails specified') |
|
52 | 52 | response = self.app.post(url('my_account_emails'), |
|
53 | {'new_email': TEST_USER_REGULAR_EMAIL}) | |
|
53 | {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()}) | |
|
54 | 54 | self.checkSessionFlash(response, 'This e-mail address is already taken') |
|
55 | 55 | |
|
56 | 56 | def test_my_account_my_emails_add_mising_email_in_form(self): |
@@ -66,7 +66,7 b' class TestMyAccountController(TestContro' | |||
|
66 | 66 | response.mustcontain('No additional emails specified') |
|
67 | 67 | |
|
68 | 68 | response = self.app.post(url('my_account_emails'), |
|
69 | {'new_email': 'foo@barz.com'}) | |
|
69 | {'new_email': 'foo@barz.com', '_authentication_token': self.authentication_token()}) | |
|
70 | 70 | |
|
71 | 71 | response = self.app.get(url('my_account_emails')) |
|
72 | 72 | |
@@ -79,7 +79,7 b' class TestMyAccountController(TestContro' | |||
|
79 | 79 | response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) |
|
80 | 80 | |
|
81 | 81 | response = self.app.post(url('my_account_emails'), |
|
82 | {'del_email_id': email_id, '_method': 'delete'}) | |
|
82 | {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()}) | |
|
83 | 83 | self.checkSessionFlash(response, 'Removed email from user') |
|
84 | 84 | response = self.app.get(url('my_account_emails')) |
|
85 | 85 | response.mustcontain('No additional emails specified') |
@@ -114,6 +114,7 b' class TestMyAccountController(TestContro' | |||
|
114 | 114 | params.update({'new_password': ''}) |
|
115 | 115 | params.update({'extern_type': 'internal'}) |
|
116 | 116 | params.update({'extern_name': self.test_user_1}) |
|
117 | params.update({'_authentication_token': self.authentication_token()}) | |
|
117 | 118 | |
|
118 | 119 | params.update(attrs) |
|
119 | 120 | response = self.app.post(url('my_account'), params) |
@@ -142,6 +143,7 b' class TestMyAccountController(TestContro' | |||
|
142 | 143 | #my account cannot make you an admin ! |
|
143 | 144 | params['admin'] = False |
|
144 | 145 | |
|
146 | params.pop('_authentication_token') | |
|
145 | 147 | self.assertEqual(params, updated_params) |
|
146 | 148 | |
|
147 | 149 | def test_my_account_update_err_email_exists(self): |
@@ -155,7 +157,8 b' class TestMyAccountController(TestContro' | |||
|
155 | 157 | password_confirmation='test122', |
|
156 | 158 | firstname='NewName', |
|
157 | 159 | lastname='NewLastname', |
|
158 |
email=new_email, |
|
|
160 | email=new_email, | |
|
161 | _authentication_token=self.authentication_token()) | |
|
159 | 162 | ) |
|
160 | 163 | |
|
161 | 164 | response.mustcontain('This e-mail address is already taken') |
@@ -171,7 +174,8 b' class TestMyAccountController(TestContro' | |||
|
171 | 174 | password_confirmation='test122', |
|
172 | 175 | firstname='NewName', |
|
173 | 176 | lastname='NewLastname', |
|
174 |
email=new_email, |
|
|
177 | email=new_email, | |
|
178 | _authentication_token=self.authentication_token())) | |
|
175 | 179 | |
|
176 | 180 | response.mustcontain('An email address must contain a single @') |
|
177 | 181 | from kallithea.model import validators |
@@ -196,7 +200,7 b' class TestMyAccountController(TestContro' | |||
|
196 | 200 | usr = self.log_user('test_regular2', 'test12') |
|
197 | 201 | user = User.get(usr['user_id']) |
|
198 | 202 | response = self.app.post(url('my_account_api_keys'), |
|
199 | {'description': desc, 'lifetime': lifetime}) | |
|
203 | {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
|
200 | 204 | self.checkSessionFlash(response, 'Api key successfully created') |
|
201 | 205 | try: |
|
202 | 206 | response = response.follow() |
@@ -212,7 +216,7 b' class TestMyAccountController(TestContro' | |||
|
212 | 216 | usr = self.log_user('test_regular2', 'test12') |
|
213 | 217 | user = User.get(usr['user_id']) |
|
214 | 218 | response = self.app.post(url('my_account_api_keys'), |
|
215 | {'description': 'desc', 'lifetime': -1}) | |
|
219 | {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
|
216 | 220 | self.checkSessionFlash(response, 'Api key successfully created') |
|
217 | 221 | response = response.follow() |
|
218 | 222 | |
@@ -221,7 +225,7 b' class TestMyAccountController(TestContro' | |||
|
221 | 225 | self.assertEqual(1, len(keys)) |
|
222 | 226 | |
|
223 | 227 | response = self.app.post(url('my_account_api_keys'), |
|
224 | {'_method': 'delete', 'del_api_key': keys[0].api_key}) | |
|
228 | {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
|
225 | 229 | self.checkSessionFlash(response, 'Api key successfully deleted') |
|
226 | 230 | keys = UserApiKeys.query().all() |
|
227 | 231 | self.assertEqual(0, len(keys)) |
@@ -236,7 +240,7 b' class TestMyAccountController(TestContro' | |||
|
236 | 240 | response.mustcontain('expires: never') |
|
237 | 241 | |
|
238 | 242 | response = self.app.post(url('my_account_api_keys'), |
|
239 | {'_method': 'delete', 'del_api_key_builtin': api_key}) | |
|
243 | {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
|
240 | 244 | self.checkSessionFlash(response, 'Api key successfully reset') |
|
241 | 245 | response = response.follow() |
|
242 | 246 | response.mustcontain(no=[api_key]) |
General Comments 0
You need to be logged in to leave comments.
Login now