Summit

Merge lp:~mhall119/summit/csrf-fix-from-production into lp:summit

  1. csrf-fix-from-production
  2. Merge into trunk
Proposed by Chris Johnston
Status: Merged
Approved by: Chris Johnston
Approved revision: 236
Merged at revision: 236
Proposed branch: lp:~mhall119/summit/csrf-fix-from-production
Merge into: lp:summit
Diff against target: 197 lines (+89/-0)
10 files modified
summit/sponsor/templates/sponsor/nonlaunchpadreview.html (+1/-0)
summit/sponsor/templates/sponsor/nonlaunchpadstep0.html (+1/-0)
summit/sponsor/templates/sponsor/nonlaunchpadstep1.html (+1/-0)
summit/sponsor/templates/sponsor/review.html (+1/-0)
summit/sponsor/templates/sponsor/step0.html (+1/-0)
summit/sponsor/templates/sponsor/step1.html (+1/-0)
summit/sponsor/templates/sponsor/suggestionreview.html (+1/-0)
summit/sponsor/templates/sponsor/suggeststep0.html (+1/-0)
summit/sponsor/templates/sponsor/suggeststep1.html (+1/-0)
summit/sponsor/tests.py (+80/-0)
To merge this branch: bzr merge lp:~mhall119/summit/csrf-fix-from-production
Reviewer Review Type Date Requested Status
Chris Johnston Approve
Review via email: mp+86836@code.launchpad.net

Commit message

Fixes token problems

To post a comment you must log in.
Revision history for this message
Chris Johnston (cjohnston) wrote :

Merging from production

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadreview.html'
--- summit/sponsor/templates/sponsor/nonlaunchpadreview.html 2011-11-26 02:57:25 +0000
+++ summit/sponsor/templates/sponsor/nonlaunchpadreview.html 2011-12-23 21:54:24 +0000
@@ -25,6 +25,7 @@
25</p>25</p>
26{% endfor %}26{% endfor %}
27<form method="post">27<form method="post">
28{% csrf_token %}
28<table>29<table>
29<tr>30<tr>
30 <td><select name="score">31 <td><select name="score">
3132
=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadstep0.html'
--- summit/sponsor/templates/sponsor/nonlaunchpadstep0.html 2011-02-01 00:09:34 +0000
+++ summit/sponsor/templates/sponsor/nonlaunchpadstep0.html 2011-12-23 21:54:24 +0000
@@ -22,6 +22,7 @@
2222
23 <article class='main-content'>23 <article class='main-content'>
24 <form method="post">24 <form method="post">
25 {% csrf_token %}
25 <table>26 <table>
26 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>27 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
27 <tr><td colspan="2"><h2>Your details</h2></td></tr>28 <tr><td colspan="2"><h2>Your details</h2></td></tr>
2829
=== modified file 'summit/sponsor/templates/sponsor/nonlaunchpadstep1.html'
--- summit/sponsor/templates/sponsor/nonlaunchpadstep1.html 2010-03-05 10:33:36 +0000
+++ summit/sponsor/templates/sponsor/nonlaunchpadstep1.html 2011-12-23 21:54:24 +0000
@@ -15,6 +15,7 @@
15</p>15</p>
1616
17<form method="post">17<form method="post">
18{% csrf_token %}
18<table>19<table>
19{{ form }}20{{ form }}
20</table>21</table>
2122
=== modified file 'summit/sponsor/templates/sponsor/review.html'
--- summit/sponsor/templates/sponsor/review.html 2011-10-31 21:43:10 +0000
+++ summit/sponsor/templates/sponsor/review.html 2011-12-23 21:54:24 +0000
@@ -54,6 +54,7 @@
54</p>54</p>
55{% endfor %}55{% endfor %}
56<form method="post">56<form method="post">
57{% csrf_token %}
57<table>58<table>
58<tr>59<tr>
59 <td><select name="score">60 <td><select name="score">
6061
=== modified file 'summit/sponsor/templates/sponsor/step0.html'
--- summit/sponsor/templates/sponsor/step0.html 2011-02-14 00:20:03 +0000
+++ summit/sponsor/templates/sponsor/step0.html 2011-12-23 21:54:24 +0000
@@ -23,6 +23,7 @@
23 <article class='main-content'>23 <article class='main-content'>
2424
25 <form method="post">25 <form method="post">
26 {% csrf_token %}
26 <table>27 <table>
27 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>28 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
28 <tr><td colspan="2"><h2>Your details</h2></td></tr>29 <tr><td colspan="2"><h2>Your details</h2></td></tr>
2930
=== modified file 'summit/sponsor/templates/sponsor/step1.html'
--- summit/sponsor/templates/sponsor/step1.html 2010-08-25 00:22:58 +0000
+++ summit/sponsor/templates/sponsor/step1.html 2011-12-23 21:54:24 +0000
@@ -22,6 +22,7 @@
2222
23<article class="main-content">23<article class="main-content">
24<form method="post">24<form method="post">
25{% csrf_token %}
25<table>26<table>
26{{ form }}27{{ form }}
27</table>28</table>
2829
=== modified file 'summit/sponsor/templates/sponsor/suggestionreview.html'
--- summit/sponsor/templates/sponsor/suggestionreview.html 2011-11-26 19:42:40 +0000
+++ summit/sponsor/templates/sponsor/suggestionreview.html 2011-12-23 21:54:24 +0000
@@ -22,6 +22,7 @@
22</p>22</p>
23{% endfor %}23{% endfor %}
24<form method="post">24<form method="post">
25{% csrf_token %}
25<table>26<table>
26<tr>27<tr>
27 <td><select name="score">28 <td><select name="score">
2829
=== modified file 'summit/sponsor/templates/sponsor/suggeststep0.html'
--- summit/sponsor/templates/sponsor/suggeststep0.html 2011-02-01 00:09:34 +0000
+++ summit/sponsor/templates/sponsor/suggeststep0.html 2011-12-23 21:54:24 +0000
@@ -24,6 +24,7 @@
2424
25 <article class='main-content'>25 <article class='main-content'>
26 <form method="post">26 <form method="post">
27 {% csrf_token %}
27 <table>28 <table>
28 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>29 <tr><th>Summit:</th><td><span>{{ summit.name }}<br/>{{ summit.location }}</span></td></tr>
29 <tr><td colspan="2"><h2>Your details</h2></td></tr>30 <tr><td colspan="2"><h2>Your details</h2></td></tr>
3031
=== modified file 'summit/sponsor/templates/sponsor/suggeststep1.html'
--- summit/sponsor/templates/sponsor/suggeststep1.html 2010-10-03 22:43:07 +0000
+++ summit/sponsor/templates/sponsor/suggeststep1.html 2011-12-23 21:54:24 +0000
@@ -17,6 +17,7 @@
17</p>17</p>
1818
19<form method="post">19<form method="post">
20{% csrf_token %}
20<table>21<table>
21{{ form }}22{{ form }}
22</table>23</table>
2324
=== modified file 'summit/sponsor/tests.py'
--- summit/sponsor/tests.py 2011-08-27 18:05:04 +0000
+++ summit/sponsor/tests.py 2011-12-23 21:54:24 +0000
@@ -32,6 +32,86 @@
32)32)
33from summit.sponsor.forms import SponsorshipSuggestionForm33from summit.sponsor.forms import SponsorshipSuggestionForm
3434
35class TestSponsorshipApplicationTestCase(djangotest.TestCase):
36
37 def setUp(self):
38 self.client = djangotest.Client(enforce_csrf_checks=True)
39 self.summit = Summit.objects.create(
40 name='test-summit',
41 title='Test Summit',
42 location='Test Location',
43 description='Test Summit Description',
44 timezone='UTC',
45 last_update=datetime.datetime.now(),
46 state='sponsor',
47 date_start=(datetime.datetime.now() + datetime.timedelta(days=1)),
48 date_end=(datetime.datetime.now() + datetime.timedelta(days=6)),
49 )
50
51 self.user = User.objects.create(
52 username='testuser',
53 first_name='Test',
54 last_name='User',
55 is_superuser=True,
56 )
57 self.user.set_password('password')
58 self.user.save()
59
60 self.form_data_0 = {
61 '0-location': 'Test Location',
62 '0-country': 'US',
63 '0-about': 'Test About Description',
64 '0-video_tos': 'Fake TOS text',
65 '0-video_agreement': 1,
66 'wizard_step': 0,
67 }
68
69 self.form_data_1 = {
70 '1-needs_travel': 0,
71 '1-needs_accomodation': 0,
72 '1-would_crew': 'False',
73 '1-diet': 'None',
74 '1-further_info': 'Nothing',
75 'wizard_step': 1,
76 }
77
78 def test_application_process(self):
79 self.assertEquals(0, Sponsorship.objects.filter(user=self.user).count())
80
81 auth = self.client.login(username='testuser', password='password')
82 response = self.client.get('/test-summit/sponsorship/')
83 self.assertContains(response, 'csrfmiddlewaretoken')
84 data = self.form_data_0
85 # Add csrftoken to form data
86 data['csrfmiddlewaretoken'] = self.client.cookies['csrftoken'].value
87 response = self.client.post('/test-summit/sponsorship/', data)
88 self.assertEquals(200, response.status_code)
89 self.assertContains(response, 'Finish')
90
91 self.assertContains(response, 'csrfmiddlewaretoken')
92 data.update(self.form_data_1)
93 # Scrape the hashed value from the template context
94 data['hash_0'] = response.context['previous_fields'][response.context['previous_fields'].index('hash_0')+15:response.context['previous_fields'].index('hash_0')+55]
95 data['csrfmiddlewaretoken'] = self.client.cookies['csrftoken'].value
96 response = self.client.post('/test-summit/sponsorship/', data, follow=False)
97 self.assertEquals(302, response.status_code)
98 self.assertEquals(response._headers['location'], ('Location', 'http://testserver/test-summit/sponsorship/done'))
99
100 self.assertEquals(1, Sponsorship.objects.filter(user=self.user).count())
101
102 def test_suggest_process(self):
103 auth = self.client.login(username='testuser', password='password')
104 response = self.client.get('/test-summit/suggestsponsorship/')
105 self.assertContains(response, 'csrfmiddlewaretoken')
106 # TODO: Finish testing the process
107
108 def test_nonlaunchpad_process(self):
109 auth = self.client.login(username='testuser', password='password')
110 response = self.client.get('/test-summit/nonlaunchpadsponsorship/')
111 self.assertContains(response, 'csrfmiddlewaretoken')
112 # TODO: Finish testing the process
113
114
35class SponsorshipDisplayTestCase(djangotest.TestCase):115class SponsorshipDisplayTestCase(djangotest.TestCase):
36 """Tests for the 'reschedule' management command."""116 """Tests for the 'reschedule' management command."""
37117

Subscribers

People subscribed via source and target branches