def test_renderer_jpeg(self):
"""
Test that the renderer returns a jpeg. In this case, the CAPTCHA image.
"""
settings = copy.copy(self.app_settings)
settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
'captcha.secret': '2o78T5zF7OERyAtBfC570ZX2TXvfmI3R5mvw6LkG3W0=',
'captcha.image_width': '300',
'captcha.image_height': '80',
'captcha.font_path':
'/usr/share/fonts/liberation/LiberationMono-Regular.ttf',
'captcha.font_size': '36',
'captcha.font_color': '#000000',
'captcha.background_color': '#ffffff',
'captcha.padding': '5',
'captcha.ttl': '300',
})
with mock.patch('bodhi.server.Session.remove'):
app = base.BodhiTestApp(main({}, session=self.db, **settings))
res = app.get('/updates/FEDORA-{}-a3bbe1a8f2'.format(
datetime.datetime.utcnow().year),
status=200,
headers=dict(accept='text/html'))
captcha_url = re.search(r'"http://localhost(/captcha/[^"]*)"',
str(res)).groups()[0]
resp = app.get(captcha_url, status=200)
self.assertIn('image/jpeg', resp.headers['Content-Type'])
jpegdata = StringIO(resp.body)
img = PIL.Image.open(jpegdata)
self.assertEqual(img.size, (300, 80))
def test_popup_toggle(self):
"""Check that the toggling of pop-up notifications works"""
# first we check that popups are enabled by default
res = self.app.get('/')
self.assertIn('Disable popups', res)
# toggle popups off
self.app.post('/popup_toggle')
# now check popups are off
res = self.app.get('/')
self.assertIn('Enable popups', res)
# test that the unlogged in user cannot toggle popups
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db,
**anonymous_settings))
res = app.post('/popup_toggle', status=403)
self.assertIn('<h1>403 <small>Forbidden</small></h1>', res)
self.assertIn(
'<p class="lead">Access was denied to this resource.</p>', res)
def test_admin_unauthed(self):
"""Test that an unauthed user cannot see the admin endpoint"""
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db,
**anonymous_settings))
res = app.get('/admin/', status=403)
self.assertIn('<h1>403 <small>Forbidden</small></h1>', res)
self.assertIn(
'<p class="lead">Access was denied to this resource.</p>', res)
def test_new_stack_form_unauthed(self):
"""
Assert we get a 403 if the user is not logged in
"""
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings))
res = app.get('/stacks/new', status=403)
self.assertIn('<h1>403 <small>Forbidden</small></h1>', res)
self.assertIn('<p class="lead">Access was denied to this resource.</p>', res)
def test_override_new_not_loggedin(self):
"""
Test a non logged in User is forbidden from viewing the new overrides page
"""
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings))
resp = app.get('/overrides/new',
status=403, headers={'Accept': 'text/html'})
self.assertIn('<h1>403 <small>Forbidden</small></h1>', resp)
self.assertIn('<p class="lead">Access was denied to this resource.</p>', resp)
def test_override_view_not_loggedin(self):
"""
Test a non logged in User can't see the edit overrides form
"""
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
with mock.patch('bodhi.server.Session.remove'):
app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings))
resp = app.get('/overrides/bodhi-2.0-1.fc17',
status=200, headers={'Accept': 'text/html'})
self.assertNotIn('<span>New Buildroot Override Form Requires JavaScript</span>', resp)
self.assertIn('<h2>Buildroot Override for <code>bodhi-2.0-1.fc17</code></h2>', resp)
def test_anonymous_cant_edit_release(self):
"""Ensure that an unauthenticated user cannot edit a release, since only an admin should."""
name = u"F22"
# Create a new app so we are the anonymous user.
with mock.patch('bodhi.server.Session.remove'):
app = base.BodhiTestApp(
server.main({}, session=self.db, **self.app_settings))
res = app.get('/releases/%s' % name, status=200)
r = res.json_body
r["edited"] = name
r["state"] = "current"
r["csrf_token"] = self.get_csrf_token()
# The anonymous user should receive a 403.
res = app.post("/releases/", r, status=403)
r = self.db.query(Release).filter(Release.name == name).one()
self.assertEquals(r.state, ReleaseState.disabled)
def test_new_update_form(self):
"""Test the new update Form page"""
# Test that a logged in user sees the New Update form
res = self.app.get('/updates/new')
self.assertIn('Creating a new update requires JavaScript', res)
# Test that the unlogged in user cannot see the New Update form
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db,
**anonymous_settings))
res = app.get('/updates/new', status=403)
self.assertIn('<h1>403 <small>Forbidden</small></h1>', res)
self.assertIn(
'<p class="lead">Access was denied to this resource.</p>', res)
def test_new_override_form(self):
"""Test the New Override form page"""
# Test that the New Override form shows when logged in
res = self.app.get('/overrides/new')
self.assertIn(
'<span>New Buildroot Override Form Requires JavaScript</span>',
res)
# Test that the unlogged in user cannot see the New Override form
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
app = base.BodhiTestApp(main({}, session=self.db,
**anonymous_settings))
res = app.get('/overrides/new', status=403)
self.assertIn('<h1>403 <small>Forbidden</small></h1>', res)
self.assertIn(
'<p class="lead">Access was denied to this resource.</p>', res)
def test_anonymous_commenting_with_no_author(self):
anonymous_settings = copy.copy(self.app_settings)
anonymous_settings.update({
'authtkt.secret': 'whatever',
'authtkt.secure': True,
})
with mock.patch('bodhi.server.Session.remove'):
app = base.BodhiTestApp(
main({}, session=self.db, **anonymous_settings))
comment = {
u'update': 'bodhi-2.0-1.fc17',
u'text': 'Test',
u'karma': 0,
u'csrf_token': app.get('/csrf').json_body['csrf_token'],
}
res = app.post_json('/comments/', comment, status=400)
self.assertEquals(res.json_body['errors'][0]['name'], 'email')
self.assertEquals(res.json_body['errors'][0]['description'],
"You must provide an author")
