def test_dashboard_submit_sql(admin_client, dashboard_db): # Test full flow of POST submitting new SQL, having it signed # and having it redirect to the results page get_response = admin_client.get("/dashboard/") assert get_response.status_code == 200 assert get_response["Content-Security-Policy"] == "frame-ancestors 'self'" sql = "select 14 + 33" response = admin_client.post( "/dashboard/", { "sql": sql, "_save-title": "", "_save-slug": "", "_save-description": "", "_save-view_policy": "private", "_save-view_group": "", "_save-edit_policy": "private", "_save-edit_group": "", }, ) assert response.status_code == 302 # Should redirect to ?sql=signed-value bits = urllib.parse.parse_qs(response.url.split("?")[1]) assert set(bits.keys()) == {"sql"} signed_sql = bits["sql"][0] assert signed_sql == sign_sql(sql) # GET against this new location should return correct result get_response = admin_client.get(response.url) assert get_response.status_code == 200 assert b"47" in get_response.content
def test_dashboard_upgrade_old_base64_links(admin_client, dashboard_db, settings): old_signed = signing.dumps("select 1 + 1", salt=SQL_SALT) assert is_valid_base64_json(old_signed.split(":")[0]) # Should do nothing without setting assert admin_client.get("/dashboard/?sql=" + old_signed).status_code == 200 # With setting should redirect settings.DASHBOARD_UPGRADE_OLD_BASE64_LINKS = True response = admin_client.get("/dashboard/?sql=" + old_signed) assert response.status_code == 302 assert response.url == "/dashboard/?" + urllib.parse.urlencode( {"sql": sign_sql("select 1 + 1")} )
def test_dashboard_submit_sql(admin_client, dashboard_db): # Test full flow of POST submitting new SQL, having it signed # and having it redirect to the results page get_response = admin_client.get("/dashboard/") assert get_response.status_code == 200 assert get_response["Content-Security-Policy"] == "frame-ancestors 'self'" sql = "select 14 + 33" response = admin_client.post("/dashboard/", {"sql": sql}) assert response.status_code == 302 # Should redirect to ?sql=signed-value signed_sql = urllib.parse.parse_qs(response.url.split("?")[1])["sql"][0] assert signed_sql == sign_sql(sql) # GET against this new location should return correct result get_response = admin_client.get(response.url) assert get_response.status_code == 200 assert b"47" in get_response.content
def signed_sql(queries): return [sign_sql(sql) for sql in queries]