def test_1000_consumermanageform_fail(self):
request = TestRequest(form={
'form.buttons.remove': 1,
})
request.form['_authenticator'] = None
form = consumer.ConsumerManageForm(self.portal, request)
self.assertRaises(Unauthorized, form.update)
def test_2000_usertokenform_fail(self):
request = TestRequest(form={
'form.buttons.revoke': 1,
})
request.form['_authenticator'] = None
form = user.UserTokenForm(self.portal, request)
self.assertRaises(Unauthorized, form.update)
def test_0001_authform_post_authfail(self):
request = TestRequest(form={
'oauth_token': self.reqtoken.key,
'form.buttons.approve': 1,
})
# simulate lack of CSRF
request.form['_authenticator'] = None
form = token.AuthorizeTokenForm(self.portal, request)
self.assertRaises(Unauthorized, form.update)
def test_2000_usertokenform_fail(self):
# have to add a token to show the button.
atok = self.tokenManager._generateBaseToken(self.consumer.key)
atok.access = True
atok.user = default_user
self.tokenManager.add(atok)
request = TestRequest(form={"form.buttons.revoke": 1})
request.form["_authenticator"] = None
form = user.UserTokenForm(self.portal, request)
self.assertRaises(Unauthorized, form.update)
