def test_renderer_jpeg(self): """ Test that the renderer returns a jpeg. In this case, the CAPTCHA image. """ settings = copy.copy(self.app_settings) settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, 'captcha.secret': '2o78T5zF7OERyAtBfC570ZX2TXvfmI3R5mvw6LkG3W0=', 'captcha.image_width': '300', 'captcha.image_height': '80', 'captcha.font_path': '/usr/share/fonts/liberation/LiberationMono-Regular.ttf', 'captcha.font_size': '36', 'captcha.font_color': '#000000', 'captcha.background_color': '#ffffff', 'captcha.padding': '5', 'captcha.ttl': '300', }) with mock.patch('bodhi.server.Session.remove'): app = base.BodhiTestApp(main({}, session=self.db, **settings)) res = app.get('/updates/FEDORA-{}-a3bbe1a8f2'.format( datetime.datetime.utcnow().year), status=200, headers=dict(accept='text/html')) captcha_url = re.search(r'"http://localhost(/captcha/[^"]*)"', str(res)).groups()[0] resp = app.get(captcha_url, status=200) self.assertIn('image/jpeg', resp.headers['Content-Type']) jpegdata = StringIO(resp.body) img = PIL.Image.open(jpegdata) self.assertEqual(img.size, (300, 80))
def test_popup_toggle(self): """Check that the toggling of pop-up notifications works""" # first we check that popups are enabled by default res = self.app.get('/') self.assertIn('Disable popups', res) # toggle popups off self.app.post('/popup_toggle') # now check popups are off res = self.app.get('/') self.assertIn('Enable popups', res) # test that the unlogged in user cannot toggle popups anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) res = app.post('/popup_toggle', status=403) self.assertIn('<h1>403 <small>Forbidden</small></h1>', res) self.assertIn( '<p class="lead">Access was denied to this resource.</p>', res)
def test_admin_unauthed(self): """Test that an unauthed user cannot see the admin endpoint""" anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) res = app.get('/admin/', status=403) self.assertIn('<h1>403 <small>Forbidden</small></h1>', res) self.assertIn( '<p class="lead">Access was denied to this resource.</p>', res)
def test_new_stack_form_unauthed(self): """ Assert we get a 403 if the user is not logged in """ anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) res = app.get('/stacks/new', status=403) self.assertIn('<h1>403 <small>Forbidden</small></h1>', res) self.assertIn('<p class="lead">Access was denied to this resource.</p>', res)
def test_override_new_not_loggedin(self): """ Test a non logged in User is forbidden from viewing the new overrides page """ anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) resp = app.get('/overrides/new', status=403, headers={'Accept': 'text/html'}) self.assertIn('<h1>403 <small>Forbidden</small></h1>', resp) self.assertIn('<p class="lead">Access was denied to this resource.</p>', resp)
def test_override_view_not_loggedin(self): """ Test a non logged in User can't see the edit overrides form """ anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) with mock.patch('bodhi.server.Session.remove'): app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) resp = app.get('/overrides/bodhi-2.0-1.fc17', status=200, headers={'Accept': 'text/html'}) self.assertNotIn('<span>New Buildroot Override Form Requires JavaScript</span>', resp) self.assertIn('<h2>Buildroot Override for <code>bodhi-2.0-1.fc17</code></h2>', resp)
def test_anonymous_cant_edit_release(self): """Ensure that an unauthenticated user cannot edit a release, since only an admin should.""" name = u"F22" # Create a new app so we are the anonymous user. with mock.patch('bodhi.server.Session.remove'): app = base.BodhiTestApp( server.main({}, session=self.db, **self.app_settings)) res = app.get('/releases/%s' % name, status=200) r = res.json_body r["edited"] = name r["state"] = "current" r["csrf_token"] = self.get_csrf_token() # The anonymous user should receive a 403. res = app.post("/releases/", r, status=403) r = self.db.query(Release).filter(Release.name == name).one() self.assertEquals(r.state, ReleaseState.disabled)
def test_new_update_form(self): """Test the new update Form page""" # Test that a logged in user sees the New Update form res = self.app.get('/updates/new') self.assertIn('Creating a new update requires JavaScript', res) # Test that the unlogged in user cannot see the New Update form anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) res = app.get('/updates/new', status=403) self.assertIn('<h1>403 <small>Forbidden</small></h1>', res) self.assertIn( '<p class="lead">Access was denied to this resource.</p>', res)
def test_new_override_form(self): """Test the New Override form page""" # Test that the New Override form shows when logged in res = self.app.get('/overrides/new') self.assertIn( '<span>New Buildroot Override Form Requires JavaScript</span>', res) # Test that the unlogged in user cannot see the New Override form anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) app = base.BodhiTestApp(main({}, session=self.db, **anonymous_settings)) res = app.get('/overrides/new', status=403) self.assertIn('<h1>403 <small>Forbidden</small></h1>', res) self.assertIn( '<p class="lead">Access was denied to this resource.</p>', res)
def test_anonymous_commenting_with_no_author(self): anonymous_settings = copy.copy(self.app_settings) anonymous_settings.update({ 'authtkt.secret': 'whatever', 'authtkt.secure': True, }) with mock.patch('bodhi.server.Session.remove'): app = base.BodhiTestApp( main({}, session=self.db, **anonymous_settings)) comment = { u'update': 'bodhi-2.0-1.fc17', u'text': 'Test', u'karma': 0, u'csrf_token': app.get('/csrf').json_body['csrf_token'], } res = app.post_json('/comments/', comment, status=400) self.assertEquals(res.json_body['errors'][0]['name'], 'email') self.assertEquals(res.json_body['errors'][0]['description'], "You must provide an author")