def test_post(self):
cookie = yield self.login()
xsrf_response = yield self.http_client.fetch(
self.get_url("/admin/overview"),
headers={"Cookie": cookie},
follow_redirects=False,
)
soup = BeautifulSoup(xsrf_response.body, "html.parser")
xsrf = soup.find(name="form", attrs={
"action": "/logout"
}).find(attrs={"name": "_xsrf"})["value"]
xsrf = soup.find(attrs={"name": "_xsrf"})["value"]
cookie = xsrf_response.headers["Set-Cookie"]
response = yield self.http_client.fetch(
self.get_url("/logout"),
method="POST",
headers={"Cookie": cookie},
body="_xsrf={}".format(xsrf),
)
self.assertEqual(response.code, 200)
database.delete_login("test_user")
def test_post(self):
login_cookie = yield self.login()
get = yield self.http_client.fetch(
self.get_url("/admin/server_list"),
headers={"Cookie": login_cookie},
follow_redirects=False,
)
self.assertEqual(get.code, 200)
xsrf = _get_xsrf(get.body, "session_remove")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
secret = list(sessions.get_all().keys())[0]
post = yield self.http_client.fetch(
self.get_url("/admin/server_list"),
headers={"Cookie": cookie},
follow_redirects=False,
method="POST",
body="_xsrf={}&action=session_remove&secret={}".format(
xsrf, secret),
)
self.assertEqual(post.code, 200)
database.delete_login("test_user")
def test_redirect(self):
cookie = yield self.login()
response = yield self.http_client.fetch(
self.get_url("/login?view=overview"), headers={"Cookie": cookie})
self.assertEqual(response.code, 200)
database.delete_login("test_user")
def test_post(self):
login_cookie = yield self.login()
get = yield self.http_client.fetch(
self.get_url("/admin/user_management"),
headers={"Cookie": login_cookie},
follow_redirects=False,
)
self.assertEqual(get.code, 200)
xsrf = _get_xsrf(get.body, "create_user")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
post = yield self.http_client.fetch(
self.get_url("/admin/user_management"),
headers={"Cookie": cookie},
method="POST",
body=
"_xsrf={}&action=create_user&username=test-user2&password=b&sysop=1"
.format(xsrf),
follow_redirects=False,
)
self.assertEqual(post.code, 200)
xsrf = _get_xsrf(post.body, "change_password")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
post = yield self.http_client.fetch(
self.get_url("/admin/user_management"),
headers={"Cookie": cookie},
method="POST",
body=
"_xsrf={}&action=change_password&username=test-user2&password=test"
.format(xsrf),
follow_redirects=False,
)
self.assertEqual(post.code, 200)
xsrf = _get_xsrf(post.body, "delete_user")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
post = yield self.http_client.fetch(
self.get_url("/admin/user_management"),
headers={"Cookie": cookie},
method="POST",
body="_xsrf={}&action=delete_user&username=test-user2".format(
xsrf),
follow_redirects=False,
)
self.assertEqual(post.code, 200)
database.delete_login("test_user")
def test_get(self):
cookie = yield self.login()
response = yield self.http_client.fetch(
self.get_url("/admin/bans"),
headers={"Cookie": cookie},
follow_redirects=False,
)
self.assertEqual(response.code, 200)
database.delete_login("test_user")
def runTest(self):
can_ban = database.can_ban("test_user3")
self.assertEqual(can_ban, False)
if database.login_exists("test_user"):
database.delete_login("test_user")
database.add_login("test_user", "abc", sysop=False, can_ban_user=True)
can_ban = database.can_ban("test_user")
self.assertEqual(can_ban, True)
database.delete_login("test_user")
def runTest(self):
can_blacklist = database.can_modify_blacklist("test_user3")
self.assertEqual(can_blacklist, False)
if database.login_exists("test_user"):
database.delete_login("test_user")
database.add_login("test_user",
"abc",
sysop=False,
can_modify_blacklist=True)
can_blacklist = database.can_modify_blacklist("test_user")
self.assertEqual(can_blacklist, True)
database.delete_login("test_user")
def remove_user(self, username):
"""Remove user"""
if not username:
self.set_error("Missing parameters")
return
if not database.is_sysop(self.get_username()):
self.set_error("Only sysop can delete users")
return
if not database.login_exists(username):
self.set_error("No such user")
return
if self.get_username() == username:
self.set_error("Can't delete own account!")
return
database.delete_login(username)
def test_post(self):
login_cookie = yield self.login()
get = yield self.http_client.fetch(
self.get_url("/admin/blacklist"),
headers={"Cookie": login_cookie},
follow_redirects=False,
)
self.assertEqual(get.code, 200)
xsrf = _get_xsrf(get.body, "blacklist_add")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
post = yield self.http_client.fetch(
self.get_url("/admin/blacklist"),
headers={"Cookie": cookie},
method="POST",
body="_xsrf={}&action=blacklist_add&word=test&reason=test".format(
xsrf),
follow_redirects=False,
)
self.assertEqual(post.code, 200)
xsrf = _get_xsrf(post.body, "blacklist_remove")
cookie = login_cookie + ";" + get.headers["Set-Cookie"]
post = yield self.http_client.fetch(
self.get_url("/admin/blacklist"),
headers={"Cookie": cookie},
method="POST",
body="_xsrf={}&action=blacklist_remove&word=test".format(xsrf),
follow_redirects=False,
)
self.assertEqual(post.code, 200)
database.delete_login("test_user")
def test_post(self):
yield self.login()
database.delete_login("test_user")