Summit

Merge lp:~mhall119/summit/csrf-fix-from-production into lp:summit

  1. csrf-fix-from-production
  2. Merge into trunk
Proposed by Chris Johnston
Status: Merged
Approved by: Chris Johnston
Approved revision: 236
Merged at revision: 236
Proposed branch: lp:~mhall119/summit/csrf-fix-from-production
Merge into: lp:summit
Diff against target: 197 lines (+89/-0)
10 files modified
summit/sponsor/templates/sponsor/nonlaunchpadreview.html (+1/-0)
summit/sponsor/templates/sponsor/nonlaunchpadstep0.html (+1/-0)
summit/sponsor/templates/sponsor/nonlaunchpadstep1.html (+1/-0)
summit/sponsor/templates/sponsor/review.html (+1/-0)
summit/sponsor/templates/sponsor/step0.html (+1/-0)
summit/sponsor/templates/sponsor/step1.html (+1/-0)
summit/sponsor/templates/sponsor/suggestionreview.html (+1/-0)
summit/sponsor/templates/sponsor/suggeststep0.html (+1/-0)
summit/sponsor/templates/sponsor/suggeststep1.html (+1/-0)
summit/sponsor/tests.py (+80/-0)
To merge this branch: bzr merge lp:~mhall119/summit/csrf-fix-from-production
Reviewer Review Type Date Requested Status
Chris Johnston Approve
Review via email: mp+86836@code.launchpad.net

Commit message

Fixes token problems

To post a comment you must log in.
Revision history for this message
Chris Johnston (cjohnston) wrote :

Merging from production

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadreview.html'
2--- summit/sponsor/templates/sponsor/nonlaunchpadreview.html 2011-11-26 02:57:25 +0000
3+++ summit/sponsor/templates/sponsor/nonlaunchpadreview.html 2011-12-23 21:54:24 +0000
4@@ -25,6 +25,7 @@
5 </p>
6 {% endfor %}
7 <form method="post">
8+{% csrf_token %}
9 <table>
10 <tr>
11 <td><select name="score">
12
13=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadstep0.html'
14--- summit/sponsor/templates/sponsor/nonlaunchpadstep0.html 2011-02-01 00:09:34 +0000
15+++ summit/sponsor/templates/sponsor/nonlaunchpadstep0.html 2011-12-23 21:54:24 +0000
16@@ -22,6 +22,7 @@
17
18 <article class='main-content'>
19 <form method="post">
20+ {% csrf_token %}
21 <table>
22 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
23 <tr><td colspan="2"><h2>Your details</h2></td></tr>
24
25=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadstep1.html'
26--- summit/sponsor/templates/sponsor/nonlaunchpadstep1.html 2010-03-05 10:33:36 +0000
27+++ summit/sponsor/templates/sponsor/nonlaunchpadstep1.html 2011-12-23 21:54:24 +0000
28@@ -15,6 +15,7 @@
29 </p>
30
31 <form method="post">
32+{% csrf_token %}
33 <table>
34 {{ form }}
35 </table>
36
37=== modified file 'summit/sponsor/templates/sponsor/review.html'
38--- summit/sponsor/templates/sponsor/review.html 2011-10-31 21:43:10 +0000
39+++ summit/sponsor/templates/sponsor/review.html 2011-12-23 21:54:24 +0000
40@@ -54,6 +54,7 @@
41 </p>
42 {% endfor %}
43 <form method="post">
44+{% csrf_token %}
45 <table>
46 <tr>
47 <td><select name="score">
48
49=== modified file 'summit/sponsor/templates/sponsor/step0.html'
50--- summit/sponsor/templates/sponsor/step0.html 2011-02-14 00:20:03 +0000
51+++ summit/sponsor/templates/sponsor/step0.html 2011-12-23 21:54:24 +0000
52@@ -23,6 +23,7 @@
53 <article class='main-content'>
54
55 <form method="post">
56+ {% csrf_token %}
57 <table>
58 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
59 <tr><td colspan="2"><h2>Your details</h2></td></tr>
60
61=== modified file 'summit/sponsor/templates/sponsor/step1.html'
62--- summit/sponsor/templates/sponsor/step1.html 2010-08-25 00:22:58 +0000
63+++ summit/sponsor/templates/sponsor/step1.html 2011-12-23 21:54:24 +0000
64@@ -22,6 +22,7 @@
65
66 <article class="main-content">
67 <form method="post">
68+{% csrf_token %}
69 <table>
70 {{ form }}
71 </table>
72
73=== modified file 'summit/sponsor/templates/sponsor/suggestionreview.html'
74--- summit/sponsor/templates/sponsor/suggestionreview.html 2011-11-26 19:42:40 +0000
75+++ summit/sponsor/templates/sponsor/suggestionreview.html 2011-12-23 21:54:24 +0000
76@@ -22,6 +22,7 @@
77 </p>
78 {% endfor %}
79 <form method="post">
80+{% csrf_token %}
81 <table>
82 <tr>
83 <td><select name="score">
84
85=== modified file 'summit/sponsor/templates/sponsor/suggeststep0.html'
86--- summit/sponsor/templates/sponsor/suggeststep0.html 2011-02-01 00:09:34 +0000
87+++ summit/sponsor/templates/sponsor/suggeststep0.html 2011-12-23 21:54:24 +0000
88@@ -24,6 +24,7 @@
89
90 <article class='main-content'>
91 <form method="post">
92+ {% csrf_token %}
93 <table>
94 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
95 <tr><td colspan="2"><h2>Your details</h2></td></tr>
96
97=== modified file 'summit/sponsor/templates/sponsor/suggeststep1.html'
98--- summit/sponsor/templates/sponsor/suggeststep1.html 2010-10-03 22:43:07 +0000
99+++ summit/sponsor/templates/sponsor/suggeststep1.html 2011-12-23 21:54:24 +0000
100@@ -17,6 +17,7 @@
101 </p>
102
103 <form method="post">
104+{% csrf_token %}
105 <table>
106 {{ form }}
107 </table>
108
109=== modified file 'summit/sponsor/tests.py'
110--- summit/sponsor/tests.py 2011-08-27 18:05:04 +0000
111+++ summit/sponsor/tests.py 2011-12-23 21:54:24 +0000
112@@ -32,6 +32,86 @@
113 )
114 from summit.sponsor.forms import SponsorshipSuggestionForm
115
116+class TestSponsorshipApplicationTestCase(djangotest.TestCase):
117+
118+ def setUp(self):
119+ self.client = djangotest.Client(enforce_csrf_checks=True)
120+ self.summit = Summit.objects.create(
121+ name='test-summit',
122+ title='Test Summit',
123+ location='Test Location',
124+ description='Test Summit Description',
125+ timezone='UTC',
126+ last_update=datetime.datetime.now(),
127+ state='sponsor',
128+ date_start=(datetime.datetime.now() + datetime.timedelta(days=1)),
129+ date_end=(datetime.datetime.now() + datetime.timedelta(days=6)),
130+ )
131+
132+ self.user = User.objects.create(
133+ username='testuser',
134+ first_name='Test',
135+ last_name='User',
136+ is_superuser=True,
137+ )
138+ self.user.set_password('password')
139+ self.user.save()
140+
141+ self.form_data_0 = {
142+ '0-location': 'Test Location',
143+ '0-country': 'US',
144+ '0-about': 'Test About Description',
145+ '0-video_tos': 'Fake TOS text',
146+ '0-video_agreement': 1,
147+ 'wizard_step': 0,
148+ }
149+
150+ self.form_data_1 = {
151+ '1-needs_travel': 0,
152+ '1-needs_accomodation': 0,
153+ '1-would_crew': 'False',
154+ '1-diet': 'None',
155+ '1-further_info': 'Nothing',
156+ 'wizard_step': 1,
157+ }
158+
159+ def test_application_process(self):
160+ self.assertEquals(0, Sponsorship.objects.filter(user=self.user).count())
161+
162+ auth = self.client.login(username='testuser', password='password')
163+ response = self.client.get('/test-summit/sponsorship/')
164+ self.assertContains(response, 'csrfmiddlewaretoken')
165+ data = self.form_data_0
166+ # Add csrftoken to form data
167+ data['csrfmiddlewaretoken'] = self.client.cookies['csrftoken'].value
168+ response = self.client.post('/test-summit/sponsorship/', data)
169+ self.assertEquals(200, response.status_code)
170+ self.assertContains(response, 'Finish')
171+
172+ self.assertContains(response, 'csrfmiddlewaretoken')
173+ data.update(self.form_data_1)
174+ # Scrape the hashed value from the template context
175+ data['hash_0'] = response.context['previous_fields'][response.context['previous_fields'].index('hash_0')+15:response.context['previous_fields'].index('hash_0')+55]
176+ data['csrfmiddlewaretoken'] = self.client.cookies['csrftoken'].value
177+ response = self.client.post('/test-summit/sponsorship/', data, follow=False)
178+ self.assertEquals(302, response.status_code)
179+ self.assertEquals(response._headers['location'], ('Location', 'http://testserver/test-summit/sponsorship/done'))
180+
181+ self.assertEquals(1, Sponsorship.objects.filter(user=self.user).count())
182+
183+ def test_suggest_process(self):
184+ auth = self.client.login(username='testuser', password='password')
185+ response = self.client.get('/test-summit/suggestsponsorship/')
186+ self.assertContains(response, 'csrfmiddlewaretoken')
187+ # TODO: Finish testing the process
188+
189+ def test_nonlaunchpad_process(self):
190+ auth = self.client.login(username='testuser', password='password')
191+ response = self.client.get('/test-summit/nonlaunchpadsponsorship/')
192+ self.assertContains(response, 'csrfmiddlewaretoken')
193+ # TODO: Finish testing the process
194+
195+
196 class SponsorshipDisplayTestCase(djangotest.TestCase):
197 """Tests for the 'reschedule' management command."""
198

Subscribers

People subscribed via source and target branches