##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

tests: provide _authentication_token when POSTing...
Mads Kiilerich -
r4993:0efca3ad default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -499,6 +499,7 b' def make_map(config):'
499 499 )
500 500
501 501 #LOGIN/LOGOUT/REGISTER/SIGN IN
502 rmap.connect('authentication_token', '%s/authentication_token' % ADMIN_PREFIX, controller='login', action='authentication_token')
502 503 rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login')
503 504 rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login',
504 505 action='logout')
Show file before | Show file after | Hide comments
@@ -270,3 +270,11 b' class LoginController(BaseController):'
270 270 session.delete()
271 271 log.info('Logging out and deleting session for user')
272 272 redirect(url('home'))
273
274 def authentication_token(self):
275 """Return the CSRF protection token for the session - just like it
276 could have been screen scrabed from a page with a form.
277 Only intended for testing but might also be useful for other kinds
278 of automation.
279 """
280 return h.authentication_token()
Show file before | Show file after | Hide comments
@@ -213,6 +213,9 b' class TestController(BaseTestCase):'
213 213 def _get_logged_user(self):
214 214 return User.get_by_username(self._logged_username)
215 215
216 def authentication_token(self):
217 return self.app.get(url('authentication_token')).body
218
216 219 def checkSessionFlash(self, response, msg, skip=0):
217 220 if 'flash' not in response.session:
218 221 self.fail(safe_str(u'msg `%s` not found - session has no flash ' % msg))
Show file before | Show file after | Hide comments
@@ -6,7 +6,7 b' class TestAuthSettingsController(TestCon'
6 6 def _enable_plugins(self, plugins_list):
7 7 test_url = url(controller='admin/auth_settings',
8 8 action='auth_settings')
9 params={'auth_plugins': plugins_list,}
9 params={'auth_plugins': plugins_list, '_authentication_token': self.authentication_token()}
10 10
11 11 for plugin in plugins_list.split(','):
12 12 enable = plugin.partition('kallithea.lib.auth_modules.')[-1]
Show file before | Show file after | Hide comments
@@ -32,10 +32,12 b' class TestDefaultsController(TestControl'
32 32 'default_repo_enable_statistics': True,
33 33 'default_repo_private': True,
34 34 'default_repo_type': 'hg',
35 '_authentication_token': self.authentication_token(),
35 36 }
36 37 response = self.app.put(url('default', id='default'), params=params)
37 38 self.checkSessionFlash(response, 'Default settings updated successfully')
38 39
40 params.pop('_authentication_token')
39 41 defs = Setting.get_default_repo_settings()
40 42 self.assertEqual(params, defs)
41 43
@@ -47,20 +49,23 b' class TestDefaultsController(TestControl'
47 49 'default_repo_enable_statistics': False,
48 50 'default_repo_private': False,
49 51 'default_repo_type': 'git',
52 '_authentication_token': self.authentication_token(),
50 53 }
51 54 response = self.app.put(url('default', id='default'), params=params)
52 55 self.checkSessionFlash(response, 'Default settings updated successfully')
56
57 params.pop('_authentication_token')
53 58 defs = Setting.get_default_repo_settings()
54 59 self.assertEqual(params, defs)
55 60
56 61 def test_update_browser_fakeout(self):
57 response = self.app.post(url('default', id=1), params=dict(_method='put'))
62 response = self.app.post(url('default', id=1), params=dict(_method='put', _authentication_token=self.authentication_token()))
58 63
59 64 def test_delete(self):
60 65 response = self.app.delete(url('default', id=1))
61 66
62 67 def test_delete_browser_fakeout(self):
63 response = self.app.post(url('default', id=1), params=dict(_method='delete'))
68 response = self.app.post(url('default', id=1), params=dict(_method='delete', _authentication_token=self.authentication_token()))
64 69
65 70 def test_show(self):
66 71 response = self.app.get(url('default', id=1))
Show file before | Show file after | Hide comments
@@ -56,7 +56,8 b' class TestGistsController(TestController'
56 56 def test_create_missing_description(self):
57 57 self.log_user()
58 58 response = self.app.post(url('gists'),
59 params={'lifetime': -1}, status=200)
59 params={'lifetime': -1, '_authentication_token': self.authentication_token()},
60 status=200)
60 61
61 62 response.mustcontain('Missing value')
62 63
@@ -66,7 +67,8 b' class TestGistsController(TestController'
66 67 params={'lifetime': -1,
67 68 'content': 'gist test',
68 69 'filename': 'foo',
69 'public': 'public'},
70 'public': 'public',
71 '_authentication_token': self.authentication_token()},
70 72 status=302)
71 73 response = response.follow()
72 74 response.mustcontain('added file: foo')
@@ -79,7 +81,8 b' class TestGistsController(TestController'
79 81 params={'lifetime': -1,
80 82 'content': 'gist test',
81 83 'filename': '/home/foo',
82 'public': 'public'},
84 'public': 'public',
85 '_authentication_token': self.authentication_token()},
83 86 status=200)
84 87 response.mustcontain('Filename cannot be inside a directory')
85 88
@@ -98,7 +101,8 b' class TestGistsController(TestController'
98 101 params={'lifetime': -1,
99 102 'content': 'private gist test',
100 103 'filename': 'private-foo',
101 'private': 'private'},
104 'private': 'private',
105 '_authentication_token': self.authentication_token()},
102 106 status=302)
103 107 response = response.follow()
104 108 response.mustcontain('added file: private-foo<')
@@ -112,7 +116,8 b' class TestGistsController(TestController'
112 116 'content': 'gist test',
113 117 'filename': 'foo-desc',
114 118 'description': 'gist-desc',
115 'public': 'public'},
119 'public': 'public',
120 '_authentication_token': self.authentication_token()},
116 121 status=302)
117 122 response = response.follow()
118 123 response.mustcontain('added file: foo-desc')
Show file before | Show file after | Hide comments
@@ -18,7 +18,8 b' class TestAdminPermissionsController(Tes'
18 18 self.log_user()
19 19 default_user_id = User.get_default_user().user_id
20 20 response = self.app.put(url('edit_user_ips', id=default_user_id),
21 params=dict(new_ip='127.0.0.0/24'))
21 params=dict(new_ip='127.0.0.0/24',
22 _authentication_token=self.authentication_token()))
22 23
23 24 response = self.app.get(url('admin_permissions_ips'))
24 25 response.mustcontain('127.0.0.0/24')
@@ -31,7 +32,8 b' class TestAdminPermissionsController(Tes'
31 32
32 33 response = self.app.post(url('edit_user_ips', id=default_user_id),
33 34 params=dict(_method='delete',
34 del_ip_id=del_ip_id))
35 del_ip_id=del_ip_id,
36 _authentication_token=self.authentication_token()))
35 37
36 38 response = self.app.get(url('admin_permissions_ips'))
37 39 response.mustcontain('All IP addresses are allowed')
Show file before | Show file after | Hide comments
@@ -56,7 +56,8 b' class _BaseTest(TestController):'
56 56 fixture._get_repo_create_params(repo_private=False,
57 57 repo_name=repo_name,
58 58 repo_type=self.REPO_TYPE,
59 repo_description=description))
59 repo_description=description,
60 _authentication_token=self.authentication_token()))
60 61 ## run the check page that triggers the flash message
61 62 response = self.app.get(url('repo_check_home', repo_name=repo_name))
62 63 self.assertEqual(response.json, {u'result': True})
@@ -96,7 +97,8 b' class _BaseTest(TestController):'
96 97 fixture._get_repo_create_params(repo_private=False,
97 98 repo_name=repo_name,
98 99 repo_type=self.REPO_TYPE,
99 repo_description=description))
100 repo_description=description,
101 _authentication_token=self.authentication_token()))
100 102 ## run the check page that triggers the flash message
101 103 response = self.app.get(url('repo_check_home', repo_name=repo_name))
102 104 self.assertEqual(response.json, {u'result': True})
@@ -139,7 +141,8 b' class _BaseTest(TestController):'
139 141 repo_name=repo_name,
140 142 repo_type=self.REPO_TYPE,
141 143 repo_description=description,
142 repo_group=gr.group_id,))
144 repo_group=gr.group_id,
145 _authentication_token=self.authentication_token()))
143 146 ## run the check page that triggers the flash message
144 147 response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
145 148 self.assertEqual(response.json, {u'result': True})
@@ -177,6 +180,8 b' class _BaseTest(TestController):'
177 180
178 181 def test_create_in_group_without_needed_permissions(self):
179 182 usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
183 # avoid spurious RepoGroup DetachedInstanceError ...
184 authentication_token = self.authentication_token()
180 185 # revoke
181 186 user_model = UserModel()
182 187 # disable fork and create on default user
@@ -213,7 +218,8 b' class _BaseTest(TestController):'
213 218 repo_name=repo_name,
214 219 repo_type=self.REPO_TYPE,
215 220 repo_description=description,
216 repo_group=gr.group_id,))
221 repo_group=gr.group_id,
222 _authentication_token=authentication_token))
217 223
218 224 response.mustcontain('Invalid value')
219 225
@@ -226,7 +232,8 b' class _BaseTest(TestController):'
226 232 repo_name=repo_name,
227 233 repo_type=self.REPO_TYPE,
228 234 repo_description=description,
229 repo_group=gr_allowed.group_id,))
235 repo_group=gr_allowed.group_id,
236 _authentication_token=authentication_token))
230 237
231 238 ## run the check page that triggers the flash message
232 239 response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
@@ -287,7 +294,8 b' class _BaseTest(TestController):'
287 294 repo_type=self.REPO_TYPE,
288 295 repo_description=description,
289 296 repo_group=gr.group_id,
290 repo_copy_permissions=True))
297 repo_copy_permissions=True,
298 _authentication_token=self.authentication_token()))
291 299
292 300 ## run the check page that triggers the flash message
293 301 response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
@@ -338,7 +346,8 b' class _BaseTest(TestController):'
338 346 repo_name=repo_name,
339 347 repo_type=self.REPO_TYPE,
340 348 repo_description=description,
341 clone_uri='http://127.0.0.1/repo'))
349 clone_uri='http://127.0.0.1/repo',
350 _authentication_token=self.authentication_token()))
342 351 response.mustcontain('invalid clone URL')
343 352
344 353
@@ -351,7 +360,8 b' class _BaseTest(TestController):'
351 360 repo_name=repo_name,
352 361 repo_type=self.REPO_TYPE,
353 362 repo_description=description,
354 clone_uri='svn+http://127.0.0.1/repo'))
363 clone_uri='svn+http://127.0.0.1/repo',
364 _authentication_token=self.authentication_token()))
355 365 response.mustcontain('invalid clone URL')
356 366
357 367
@@ -363,7 +373,8 b' class _BaseTest(TestController):'
363 373 fixture._get_repo_create_params(repo_private=False,
364 374 repo_type=self.REPO_TYPE,
365 375 repo_name=repo_name,
366 repo_description=description))
376 repo_description=description,
377 _authentication_token=self.authentication_token()))
367 378 ## run the check page that triggers the flash message
368 379 response = self.app.get(url('repo_check_home', repo_name=repo_name))
369 380 self.checkSessionFlash(response,
@@ -413,7 +424,8 b' class _BaseTest(TestController):'
413 424 fixture._get_repo_create_params(repo_private=False,
414 425 repo_name=repo_name,
415 426 repo_type=self.REPO_TYPE,
416 repo_description=description))
427 repo_description=description,
428 _authentication_token=self.authentication_token()))
417 429 ## run the check page that triggers the flash message
418 430 response = self.app.get(url('repo_check_home', repo_name=repo_name))
419 431 self.assertEqual(response.json, {u'result': True})
@@ -457,7 +469,7 b' class _BaseTest(TestController):'
457 469
458 470 def test_delete_browser_fakeout(self):
459 471 response = self.app.post(url('repo', repo_name=self.REPO),
460 params=dict(_method='delete'))
472 params=dict(_method='delete', _authentication_token=self.authentication_token()))
461 473
462 474 def test_show(self):
463 475 self.log_user()
@@ -478,7 +490,8 b' class _BaseTest(TestController):'
478 490 fixture._get_repo_create_params(repo_private=1,
479 491 repo_name=self.REPO,
480 492 repo_type=self.REPO_TYPE,
481 user=TEST_USER_ADMIN_LOGIN))
493 user=TEST_USER_ADMIN_LOGIN,
494 _authentication_token=self.authentication_token()))
482 495 self.checkSessionFlash(response,
483 496 msg='Repository %s updated successfully' % (self.REPO))
484 497 self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True)
@@ -492,7 +505,8 b' class _BaseTest(TestController):'
492 505 fixture._get_repo_create_params(repo_private=False,
493 506 repo_name=self.REPO,
494 507 repo_type=self.REPO_TYPE,
495 user=TEST_USER_ADMIN_LOGIN))
508 user=TEST_USER_ADMIN_LOGIN,
509 _authentication_token=self.authentication_token()))
496 510 self.checkSessionFlash(response,
497 511 msg='Repository %s updated successfully' % (self.REPO))
498 512 self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
@@ -521,7 +535,7 b' class _BaseTest(TestController):'
521 535 repo = Repository.get_by_repo_name(self.REPO)
522 536 repo2 = Repository.get_by_repo_name(other_repo)
523 537 response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO),
524 params=dict(id_fork_of=repo2.repo_id))
538 params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token()))
525 539 repo = Repository.get_by_repo_name(self.REPO)
526 540 repo2 = Repository.get_by_repo_name(other_repo)
527 541 self.checkSessionFlash(response,
@@ -542,7 +556,7 b' class _BaseTest(TestController):'
542 556 repo = Repository.get_by_repo_name(self.REPO)
543 557 repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO)
544 558 response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO),
545 params=dict(id_fork_of=repo2.repo_id))
559 params=dict(id_fork_of=repo2.repo_id, _authentication_token=self.authentication_token()))
546 560 repo = Repository.get_by_repo_name(self.REPO)
547 561 repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO)
548 562 self.checkSessionFlash(response,
@@ -552,7 +566,7 b' class _BaseTest(TestController):'
552 566 self.log_user()
553 567 ## mark it as None
554 568 response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO),
555 params=dict(id_fork_of=None))
569 params=dict(id_fork_of=None, _authentication_token=self.authentication_token()))
556 570 repo = Repository.get_by_repo_name(self.REPO)
557 571 repo2 = Repository.get_by_repo_name(self.OTHER_TYPE_REPO)
558 572 self.checkSessionFlash(response,
@@ -564,7 +578,7 b' class _BaseTest(TestController):'
564 578 self.log_user()
565 579 repo = Repository.get_by_repo_name(self.REPO)
566 580 response = self.app.put(url('edit_repo_advanced_fork', repo_name=self.REPO),
567 params=dict(id_fork_of=repo.repo_id))
581 params=dict(id_fork_of=repo.repo_id, _authentication_token=self.authentication_token()))
568 582 self.checkSessionFlash(response,
569 583 'An error occurred during this operation')
570 584
@@ -594,7 +608,8 b' class _BaseTest(TestController):'
594 608 fixture._get_repo_create_params(repo_private=False,
595 609 repo_name=repo_name,
596 610 repo_type=self.REPO_TYPE,
597 repo_description=description))
611 repo_description=description,
612 _authentication_token=self.authentication_token()))
598 613
599 614 response.mustcontain('no permission to create repository in root location')
600 615
@@ -611,7 +626,8 b' class _BaseTest(TestController):'
611 626 fixture._get_repo_create_params(repo_private=False,
612 627 repo_name=repo_name,
613 628 repo_type=self.REPO_TYPE,
614 repo_description=description))
629 repo_description=description,
630 _authentication_token=self.authentication_token()))
615 631
616 632 self.checkSessionFlash(response,
617 633 'Error creating repository %s' % repo_name)
Show file before | Show file after | Hide comments
@@ -37,7 +37,8 b' class TestAdminSettingsController(TestCo'
37 37 self.log_user()
38 38 response = self.app.post(url('admin_settings_hooks'),
39 39 params=dict(new_hook_ui_key='test_hooks_1',
40 new_hook_ui_value='cd /tmp'))
40 new_hook_ui_value='cd /tmp',
41 _authentication_token=self.authentication_token()))
41 42
42 43 response = response.follow()
43 44 response.mustcontain('test_hooks_1')
@@ -47,7 +48,8 b' class TestAdminSettingsController(TestCo'
47 48 self.log_user()
48 49 response = self.app.post(url('admin_settings_hooks'),
49 50 params=dict(new_hook_ui_key='test_hooks_2',
50 new_hook_ui_value='cd /tmp2'))
51 new_hook_ui_value='cd /tmp2',
52 _authentication_token=self.authentication_token()))
51 53
52 54 response = response.follow()
53 55 response.mustcontain('test_hooks_2')
@@ -56,7 +58,7 b' class TestAdminSettingsController(TestCo'
56 58 hook_id = Ui.get_by_key('test_hooks_2').ui_id
57 59 ## delete
58 60 self.app.post(url('admin_settings_hooks'),
59 params=dict(hook_id=hook_id))
61 params=dict(hook_id=hook_id, _authentication_token=self.authentication_token()))
60 62 response = self.app.get(url('admin_settings_hooks'))
61 63 response.mustcontain(no=['test_hooks_2'])
62 64 response.mustcontain(no=['cd /tmp2'])
@@ -80,6 +82,7 b' class TestAdminSettingsController(TestCo'
80 82 ga_code=new_ga_code,
81 83 captcha_private_key='',
82 84 captcha_public_key='',
85 _authentication_token=self.authentication_token(),
83 86 ))
84 87
85 88 self.checkSessionFlash(response, 'Updated application settings')
@@ -101,6 +104,7 b' class TestAdminSettingsController(TestCo'
101 104 ga_code=new_ga_code,
102 105 captcha_private_key='',
103 106 captcha_public_key='',
107 _authentication_token=self.authentication_token(),
104 108 ))
105 109
106 110 self.checkSessionFlash(response, 'Updated application settings')
@@ -121,6 +125,7 b' class TestAdminSettingsController(TestCo'
121 125 ga_code=new_ga_code,
122 126 captcha_private_key='1234567890',
123 127 captcha_public_key='1234567890',
128 _authentication_token=self.authentication_token(),
124 129 ))
125 130
126 131 self.checkSessionFlash(response, 'Updated application settings')
@@ -141,6 +146,7 b' class TestAdminSettingsController(TestCo'
141 146 ga_code=new_ga_code,
142 147 captcha_private_key='',
143 148 captcha_public_key='1234567890',
149 _authentication_token=self.authentication_token(),
144 150 ))
145 151
146 152 self.checkSessionFlash(response, 'Updated application settings')
@@ -163,6 +169,7 b' class TestAdminSettingsController(TestCo'
163 169 ga_code='',
164 170 captcha_private_key='',
165 171 captcha_public_key='',
172 _authentication_token=self.authentication_token(),
166 173 ))
167 174
168 175 self.checkSessionFlash(response, 'Updated application settings')
Show file before | Show file after | Hide comments
@@ -19,7 +19,8 b' class TestAdminUsersGroupsController(Tes'
19 19 response = self.app.post(url('users_groups'),
20 20 {'users_group_name': users_group_name,
21 21 'user_group_description': 'DESC',
22 'active': True})
22 'active': True,
23 '_authentication_token': self.authentication_token()})
23 24 response.follow()
24 25
25 26 self.checkSessionFlash(response,
@@ -35,7 +36,7 b' class TestAdminUsersGroupsController(Tes'
35 36
36 37 def test_update_browser_fakeout(self):
37 38 response = self.app.post(url('users_group', id=1),
38 params=dict(_method='put'))
39 params=dict(_method='put', _authentication_token=self.authentication_token()))
39 40
40 41 def test_delete(self):
41 42 self.log_user()
@@ -43,7 +44,8 b' class TestAdminUsersGroupsController(Tes'
43 44 response = self.app.post(url('users_groups'),
44 45 {'users_group_name':users_group_name,
45 46 'user_group_description': 'DESC',
46 'active': True})
47 'active': True,
48 '_authentication_token': self.authentication_token()})
47 49 response.follow()
48 50
49 51 self.checkSessionFlash(response,
@@ -65,7 +67,8 b' class TestAdminUsersGroupsController(Tes'
65 67 response = self.app.post(url('users_groups'),
66 68 {'users_group_name': users_group_name,
67 69 'user_group_description': 'DESC',
68 'active': True})
70 'active': True,
71 '_authentication_token': self.authentication_token()})
69 72 response.follow()
70 73
71 74 ug = UserGroup.get_by_group_name(users_group_name)
@@ -74,8 +77,8 b' class TestAdminUsersGroupsController(Tes'
74 77 ## ENABLE REPO CREATE ON A GROUP
75 78 response = self.app.put(url('edit_user_group_default_perms',
76 79 id=ug.users_group_id),
77 {'create_repo_perm': True})
78
80 {'create_repo_perm': True,
81 '_authentication_token': self.authentication_token()})
79 82 response.follow()
80 83 ug = UserGroup.get_by_group_name(users_group_name)
81 84 p = Permission.get_by_key('hg.create.repository')
@@ -135,7 +138,8 b' class TestAdminUsersGroupsController(Tes'
135 138 response = self.app.post(url('users_groups'),
136 139 {'users_group_name': users_group_name,
137 140 'user_group_description': 'DESC',
138 'active': True})
141 'active': True,
142 '_authentication_token': self.authentication_token()})
139 143 response.follow()
140 144
141 145 ug = UserGroup.get_by_group_name(users_group_name)
@@ -144,7 +148,7 b' class TestAdminUsersGroupsController(Tes'
144 148 ## ENABLE REPO CREATE ON A GROUP
145 149 response = self.app.put(url('edit_user_group_default_perms',
146 150 id=ug.users_group_id),
147 {'fork_repo_perm': True})
151 {'fork_repo_perm': True, '_authentication_token': self.authentication_token()})
148 152
149 153 response.follow()
150 154 ug = UserGroup.get_by_group_name(users_group_name)
@@ -204,7 +208,7 b' class TestAdminUsersGroupsController(Tes'
204 208
205 209 def test_delete_browser_fakeout(self):
206 210 response = self.app.post(url('users_group', id=1),
207 params=dict(_method='delete'))
211 params=dict(_method='delete', _authentication_token=self.authentication_token()))
208 212
209 213 def test_show(self):
210 214 response = self.app.get(url('users_group', id=1))
Show file before | Show file after | Hide comments
@@ -58,7 +58,8 b' class TestAdminUsersController(TestContr'
58 58 'lastname': lastname,
59 59 'extern_name': 'internal',
60 60 'extern_type': 'internal',
61 'email': email})
61 'email': email,
62 '_authentication_token': self.authentication_token()})
62 63
63 64 self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''')
64 65 self.checkSessionFlash(response, '''/edit">%s</a>''' % (username))
@@ -89,7 +90,8 b' class TestAdminUsersController(TestContr'
89 90 'name': name,
90 91 'active': False,
91 92 'lastname': lastname,
92 'email': email})
93 'email': email,
94 '_authentication_token': self.authentication_token()})
93 95
94 96 msg = validators.ValidUsername(False, {})._messages['system_invalid_username']
95 97 msg = h.html_escape(msg % {'username': 'new_user'})
@@ -145,8 +147,10 b' class TestAdminUsersController(TestContr'
145 147 # logged in yet his data is not filled
146 148 # so we use creation data
147 149
150 params.update({'_authentication_token': self.authentication_token()})
148 151 response = self.app.put(url('user', id=usr.user_id), params)
149 152 self.checkSessionFlash(response, 'User updated successfully')
153 params.pop('_authentication_token')
150 154
151 155 updated_user = User.get_by_username(self.test_user_1)
152 156 updated_params = updated_user.get_api_data(True)
@@ -266,7 +270,8 b' class TestAdminUsersController(TestContr'
266 270
267 271 response = self.app.post(url('edit_user_perms', id=uid),
268 272 params=dict(_method='put',
269 create_repo_perm=True))
273 create_repo_perm=True,
274 _authentication_token=self.authentication_token()))
270 275
271 276 perm_none = Permission.get_by_key('hg.create.none')
272 277 perm_create = Permission.get_by_key('hg.create.repository')
@@ -295,7 +300,7 b' class TestAdminUsersController(TestContr'
295 300 self.assertEqual(UserModel().has_perm(user, perm_create), False)
296 301
297 302 response = self.app.post(url('edit_user_perms', id=uid),
298 params=dict(_method='put'))
303 params=dict(_method='put', _authentication_token=self.authentication_token()))
299 304
300 305 perm_none = Permission.get_by_key('hg.create.none')
301 306 perm_create = Permission.get_by_key('hg.create.repository')
@@ -325,7 +330,8 b' class TestAdminUsersController(TestContr'
325 330
326 331 response = self.app.post(url('edit_user_perms', id=uid),
327 332 params=dict(_method='put',
328 create_repo_perm=True))
333 create_repo_perm=True,
334 _authentication_token=self.authentication_token()))
329 335
330 336 perm_none = Permission.get_by_key('hg.create.none')
331 337 perm_create = Permission.get_by_key('hg.create.repository')
@@ -354,7 +360,7 b' class TestAdminUsersController(TestContr'
354 360 self.assertEqual(UserModel().has_perm(user, perm_fork), False)
355 361
356 362 response = self.app.post(url('edit_user_perms', id=uid),
357 params=dict(_method='put'))
363 params=dict(_method='put', _authentication_token=self.authentication_token()))
358 364
359 365 perm_none = Permission.get_by_key('hg.create.none')
360 366 perm_create = Permission.get_by_key('hg.create.repository')
@@ -386,7 +392,7 b' class TestAdminUsersController(TestContr'
386 392 user_id = user.user_id
387 393
388 394 response = self.app.put(url('edit_user_ips', id=user_id),
389 params=dict(new_ip=ip))
395 params=dict(new_ip=ip, _authentication_token=self.authentication_token()))
390 396
391 397 if failure:
392 398 self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address')
@@ -419,7 +425,7 b' class TestAdminUsersController(TestContr'
419 425 response.mustcontain(ip_range)
420 426
421 427 self.app.post(url('edit_user_ips', id=user_id),
422 params=dict(_method='delete', del_ip_id=new_ip_id))
428 params=dict(_method='delete', del_ip_id=new_ip_id, _authentication_token=self.authentication_token()))
423 429
424 430 response = self.app.get(url('edit_user_ips', id=user_id))
425 431 response.mustcontain('All IP addresses are allowed')
@@ -445,7 +451,7 b' class TestAdminUsersController(TestContr'
445 451 user_id = user.user_id
446 452
447 453 response = self.app.post(url('edit_user_api_keys', id=user_id),
448 {'_method': 'put', 'description': desc, 'lifetime': lifetime})
454 {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})
449 455 self.checkSessionFlash(response, 'Api key successfully created')
450 456 try:
451 457 response = response.follow()
@@ -463,7 +469,7 b' class TestAdminUsersController(TestContr'
463 469 user_id = user.user_id
464 470
465 471 response = self.app.post(url('edit_user_api_keys', id=user_id),
466 {'_method': 'put', 'description': 'desc', 'lifetime': -1})
472 {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})
467 473 self.checkSessionFlash(response, 'Api key successfully created')
468 474 response = response.follow()
469 475
@@ -472,7 +478,7 b' class TestAdminUsersController(TestContr'
472 478 self.assertEqual(1, len(keys))
473 479
474 480 response = self.app.post(url('edit_user_api_keys', id=user_id),
475 {'_method': 'delete', 'del_api_key': keys[0].api_key})
481 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})
476 482 self.checkSessionFlash(response, 'Api key successfully deleted')
477 483 keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()
478 484 self.assertEqual(0, len(keys))
@@ -487,7 +493,7 b' class TestAdminUsersController(TestContr'
487 493 response.mustcontain('expires: never')
488 494
489 495 response = self.app.post(url('edit_user_api_keys', id=user_id),
490 {'_method': 'delete', 'del_api_key_builtin': api_key})
496 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})
491 497 self.checkSessionFlash(response, 'Api key successfully reset')
492 498 response = response.follow()
493 499 response.mustcontain(no=[api_key])
Show file before | Show file after | Hide comments
@@ -29,7 +29,7 b' class TestChangeSetCommentsController(Te'
29 29 rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc'
30 30 text = u'CommentOnRevision'
31 31
32 params = {'text': text}
32 params = {'text': text, '_authentication_token': self.authentication_token()}
33 33 response = self.app.post(url(controller='changeset', action='comment',
34 34 repo_name=HG_REPO, revision=rev),
35 35 params=params)
@@ -66,7 +66,7 b' class TestChangeSetCommentsController(Te'
66 66 f_path = 'vcs/web/simplevcs/views/repository.py'
67 67 line = 'n1'
68 68
69 params = {'text': text, 'f_path': f_path, 'line': line}
69 params = {'text': text, 'f_path': f_path, 'line': line, '_authentication_token': self.authentication_token()}
70 70 response = self.app.post(url(controller='changeset', action='comment',
71 71 repo_name=HG_REPO, revision=rev),
72 72 params=params)
@@ -106,7 +106,7 b' class TestChangeSetCommentsController(Te'
106 106 rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc'
107 107 text = u'@test_regular check CommentOnRevision'
108 108
109 params = {'text':text}
109 params = {'text': text, '_authentication_token': self.authentication_token()}
110 110 response = self.app.post(url(controller='changeset', action='comment',
111 111 repo_name=HG_REPO, revision=rev),
112 112 params=params)
@@ -134,7 +134,7 b' class TestChangeSetCommentsController(Te'
134 134 rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc'
135 135 text = u'CommentOnRevision'
136 136
137 params = {'text': text}
137 params = {'text': text, '_authentication_token': self.authentication_token()}
138 138 response = self.app.post(url(controller='changeset', action='comment',
139 139 repo_name=HG_REPO, revision=rev),
140 140 params=params)
Show file before | Show file after | Hide comments
@@ -328,7 +328,8 b' removed extra unicode conversion in diff'
328 328 repo_name=HG_REPO,
329 329 revision='tip', f_path='/'),
330 330 params={
331 'content': ''
331 'content': '',
332 '_authentication_token': self.authentication_token(),
332 333 },
333 334 status=302)
334 335
@@ -340,7 +341,8 b' removed extra unicode conversion in diff'
340 341 repo_name=HG_REPO,
341 342 revision='tip', f_path='/'),
342 343 params={
343 'content': "foo"
344 'content': "foo",
345 '_authentication_token': self.authentication_token(),
344 346 },
345 347 status=302)
346 348
@@ -359,7 +361,8 b' removed extra unicode conversion in diff'
359 361 params={
360 362 'content': "foo",
361 363 'filename': filename,
362 'location': location
364 'location': location,
365 '_authentication_token': self.authentication_token(),
363 366 },
364 367 status=302)
365 368
@@ -379,7 +382,8 b' removed extra unicode conversion in diff'
379 382 params={
380 383 'content': "foo",
381 384 'filename': filename,
382 'location': location
385 'location': location,
386 '_authentication_token': self.authentication_token(),
383 387 },
384 388 status=302)
385 389 try:
@@ -401,7 +405,8 b' removed extra unicode conversion in diff'
401 405 repo_name=GIT_REPO,
402 406 revision='tip', f_path='/'),
403 407 params={
404 'content': ''
408 'content': '',
409 '_authentication_token': self.authentication_token(),
405 410 },
406 411 status=302)
407 412 self.checkSessionFlash(response, 'No content')
@@ -412,7 +417,8 b' removed extra unicode conversion in diff'
412 417 repo_name=GIT_REPO,
413 418 revision='tip', f_path='/'),
414 419 params={
415 'content': "foo"
420 'content': "foo",
421 '_authentication_token': self.authentication_token(),
416 422 },
417 423 status=302)
418 424
@@ -431,7 +437,8 b' removed extra unicode conversion in diff'
431 437 params={
432 438 'content': "foo",
433 439 'filename': filename,
434 'location': location
440 'location': location,
441 '_authentication_token': self.authentication_token(),
435 442 },
436 443 status=302)
437 444
@@ -451,7 +458,8 b' removed extra unicode conversion in diff'
451 458 params={
452 459 'content': "foo",
453 460 'filename': filename,
454 'location': location
461 'location': location,
462 '_authentication_token': self.authentication_token(),
455 463 },
456 464 status=302)
457 465 try:
@@ -480,7 +488,8 b' removed extra unicode conversion in diff'
480 488 params={
481 489 'content': "def py():\n print 'hello'\n",
482 490 'filename': filename,
483 'location': location
491 'location': location,
492 '_authentication_token': self.authentication_token(),
484 493 },
485 494 status=302)
486 495 response.follow()
@@ -510,7 +519,8 b' removed extra unicode conversion in diff'
510 519 params={
511 520 'content': "def py():\n print 'hello'\n",
512 521 'filename': filename,
513 'location': location
522 'location': location,
523 '_authentication_token': self.authentication_token(),
514 524 },
515 525 status=302)
516 526 response.follow()
@@ -524,6 +534,7 b' removed extra unicode conversion in diff'
524 534 params={
525 535 'content': "def py():\n print 'hello world'\n",
526 536 'message': 'i commited',
537 '_authentication_token': self.authentication_token(),
527 538 },
528 539 status=302)
529 540 self.checkSessionFlash(response,
@@ -551,7 +562,8 b' removed extra unicode conversion in diff'
551 562 params={
552 563 'content': "def py():\n print 'hello'\n",
553 564 'filename': filename,
554 'location': location
565 'location': location,
566 '_authentication_token': self.authentication_token(),
555 567 },
556 568 status=302)
557 569 response.follow()
@@ -581,7 +593,8 b' removed extra unicode conversion in diff'
581 593 params={
582 594 'content': "def py():\n print 'hello'\n",
583 595 'filename': filename,
584 'location': location
596 'location': location,
597 '_authentication_token': self.authentication_token(),
585 598 },
586 599 status=302)
587 600 response.follow()
@@ -595,6 +608,7 b' removed extra unicode conversion in diff'
595 608 params={
596 609 'content': "def py():\n print 'hello world'\n",
597 610 'message': 'i commited',
611 '_authentication_token': self.authentication_token(),
598 612 },
599 613 status=302)
600 614 self.checkSessionFlash(response,
@@ -622,7 +636,8 b' removed extra unicode conversion in diff'
622 636 params={
623 637 'content': "def py():\n print 'hello'\n",
624 638 'filename': filename,
625 'location': location
639 'location': location,
640 '_authentication_token': self.authentication_token(),
626 641 },
627 642 status=302)
628 643 response.follow()
@@ -652,7 +667,8 b' removed extra unicode conversion in diff'
652 667 params={
653 668 'content': "def py():\n print 'hello'\n",
654 669 'filename': filename,
655 'location': location
670 'location': location,
671 '_authentication_token': self.authentication_token(),
656 672 },
657 673 status=302)
658 674 response.follow()
@@ -665,6 +681,7 b' removed extra unicode conversion in diff'
665 681 f_path='vcs/nodes.py'),
666 682 params={
667 683 'message': 'i commited',
684 '_authentication_token': self.authentication_token(),
668 685 },
669 686 status=302)
670 687 self.checkSessionFlash(response,
@@ -692,7 +709,8 b' removed extra unicode conversion in diff'
692 709 params={
693 710 'content': "def py():\n print 'hello'\n",
694 711 'filename': filename,
695 'location': location
712 'location': location,
713 '_authentication_token': self.authentication_token(),
696 714 },
697 715 status=302)
698 716 response.follow()
@@ -722,7 +740,8 b' removed extra unicode conversion in diff'
722 740 params={
723 741 'content': "def py():\n print 'hello'\n",
724 742 'filename': filename,
725 'location': location
743 'location': location,
744 '_authentication_token': self.authentication_token(),
726 745 },
727 746 status=302)
728 747 response.follow()
@@ -735,6 +754,7 b' removed extra unicode conversion in diff'
735 754 f_path='vcs/nodes.py'),
736 755 params={
737 756 'message': 'i commited',
757 '_authentication_token': self.authentication_token(),
738 758 },
739 759 status=302)
740 760 self.checkSessionFlash(response,
Show file before | Show file after | Hide comments
@@ -60,7 +60,7 b' class _BaseTest(TestController):'
60 60 # try create a fork
61 61 repo_name = self.REPO
62 62 self.app.post(url(controller='forks', action='fork_create',
63 repo_name=repo_name), {}, status=403)
63 repo_name=repo_name), {'_authentication_token': self.authentication_token()}, status=403)
64 64
65 65 def test_index_with_fork(self):
66 66 self.log_user()
@@ -77,7 +77,8 b' class _BaseTest(TestController):'
77 77 'repo_type': self.REPO_TYPE,
78 78 'description': description,
79 79 'private': 'False',
80 'landing_rev': 'rev:tip'}
80 'landing_rev': 'rev:tip',
81 '_authentication_token': self.authentication_token()}
81 82
82 83 self.app.post(url(controller='forks', action='fork_create',
83 84 repo_name=repo_name), creation_args)
@@ -108,7 +109,8 b' class _BaseTest(TestController):'
108 109 'repo_type': self.REPO_TYPE,
109 110 'description': description,
110 111 'private': 'False',
111 'landing_rev': 'rev:tip'}
112 'landing_rev': 'rev:tip',
113 '_authentication_token': self.authentication_token()}
112 114 self.app.post(url(controller='forks', action='fork_create',
113 115 repo_name=repo_name), creation_args)
114 116 repo = Repository.get_by_repo_name(fork_name_full)
@@ -150,7 +152,8 b' class _BaseTest(TestController):'
150 152 'repo_type': self.REPO_TYPE,
151 153 'description': description,
152 154 'private': 'False',
153 'landing_rev': 'rev:tip'}
155 'landing_rev': 'rev:tip',
156 '_authentication_token': self.authentication_token()}
154 157 self.app.post(url(controller='forks', action='fork_create',
155 158 repo_name=repo_name), creation_args)
156 159 repo = Repository.get_by_repo_name(self.REPO_FORK)
Show file before | Show file after | Hide comments
@@ -50,7 +50,7 b' class TestMyAccountController(TestContro'
50 50 response = self.app.get(url('my_account_emails'))
51 51 response.mustcontain('No additional emails specified')
52 52 response = self.app.post(url('my_account_emails'),
53 {'new_email': TEST_USER_REGULAR_EMAIL})
53 {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()})
54 54 self.checkSessionFlash(response, 'This e-mail address is already taken')
55 55
56 56 def test_my_account_my_emails_add_mising_email_in_form(self):
@@ -66,7 +66,7 b' class TestMyAccountController(TestContro'
66 66 response.mustcontain('No additional emails specified')
67 67
68 68 response = self.app.post(url('my_account_emails'),
69 {'new_email': 'foo@barz.com'})
69 {'new_email': 'foo@barz.com', '_authentication_token': self.authentication_token()})
70 70
71 71 response = self.app.get(url('my_account_emails'))
72 72
@@ -79,7 +79,7 b' class TestMyAccountController(TestContro'
79 79 response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id)
80 80
81 81 response = self.app.post(url('my_account_emails'),
82 {'del_email_id': email_id, '_method': 'delete'})
82 {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()})
83 83 self.checkSessionFlash(response, 'Removed email from user')
84 84 response = self.app.get(url('my_account_emails'))
85 85 response.mustcontain('No additional emails specified')
@@ -114,6 +114,7 b' class TestMyAccountController(TestContro'
114 114 params.update({'new_password': ''})
115 115 params.update({'extern_type': 'internal'})
116 116 params.update({'extern_name': self.test_user_1})
117 params.update({'_authentication_token': self.authentication_token()})
117 118
118 119 params.update(attrs)
119 120 response = self.app.post(url('my_account'), params)
@@ -142,6 +143,7 b' class TestMyAccountController(TestContro'
142 143 #my account cannot make you an admin !
143 144 params['admin'] = False
144 145
146 params.pop('_authentication_token')
145 147 self.assertEqual(params, updated_params)
146 148
147 149 def test_my_account_update_err_email_exists(self):
@@ -155,7 +157,8 b' class TestMyAccountController(TestContro'
155 157 password_confirmation='test122',
156 158 firstname='NewName',
157 159 lastname='NewLastname',
158 email=new_email,)
160 email=new_email,
161 _authentication_token=self.authentication_token())
159 162 )
160 163
161 164 response.mustcontain('This e-mail address is already taken')
@@ -171,7 +174,8 b' class TestMyAccountController(TestContro'
171 174 password_confirmation='test122',
172 175 firstname='NewName',
173 176 lastname='NewLastname',
174 email=new_email,))
177 email=new_email,
178 _authentication_token=self.authentication_token()))
175 179
176 180 response.mustcontain('An email address must contain a single @')
177 181 from kallithea.model import validators
@@ -196,7 +200,7 b' class TestMyAccountController(TestContro'
196 200 usr = self.log_user('test_regular2', 'test12')
197 201 user = User.get(usr['user_id'])
198 202 response = self.app.post(url('my_account_api_keys'),
199 {'description': desc, 'lifetime': lifetime})
203 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})
200 204 self.checkSessionFlash(response, 'Api key successfully created')
201 205 try:
202 206 response = response.follow()
@@ -212,7 +216,7 b' class TestMyAccountController(TestContro'
212 216 usr = self.log_user('test_regular2', 'test12')
213 217 user = User.get(usr['user_id'])
214 218 response = self.app.post(url('my_account_api_keys'),
215 {'description': 'desc', 'lifetime': -1})
219 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})
216 220 self.checkSessionFlash(response, 'Api key successfully created')
217 221 response = response.follow()
218 222
@@ -221,7 +225,7 b' class TestMyAccountController(TestContro'
221 225 self.assertEqual(1, len(keys))
222 226
223 227 response = self.app.post(url('my_account_api_keys'),
224 {'_method': 'delete', 'del_api_key': keys[0].api_key})
228 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})
225 229 self.checkSessionFlash(response, 'Api key successfully deleted')
226 230 keys = UserApiKeys.query().all()
227 231 self.assertEqual(0, len(keys))
@@ -236,7 +240,7 b' class TestMyAccountController(TestContro'
236 240 response.mustcontain('expires: never')
237 241
238 242 response = self.app.post(url('my_account_api_keys'),
239 {'_method': 'delete', 'del_api_key_builtin': api_key})
243 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})
240 244 self.checkSessionFlash(response, 'Api key successfully reset')
241 245 response = response.follow()
242 246 response.mustcontain(no=[api_key])
General Comments 0
You need to be logged in to leave comments. Login now