def test_uses_designated_id(self): """ If a form_id is provided, will be used as the form's id and name attribute in checkboxes. """ tokens = [Token('AND_ITEM', 'foo'), Token('AND_ITEM', 'bar'), Token('AND_ITEM', 'baz')] form_id = 'test' result = get_form(tokens, form_id) regexID = re.compile(r'id="(?P<id>[\w-]+)"') regexName = re.compile(r'name="(?P<id>[\w-]+)"') # find the id attribute. ids = regexID.findall(result) # find all the name attributes. names = regexName.findall(result) # The id attribute is only used once (the form tag). self.assertEqual(1, len(ids)) # Found the name attributes for each of the checkbox items. self.assertEqual(3, len(names)) # There is only one value for the name attributes. self.assertEqual(1, len(set(names))) # The id is the form_id. self.assertTrue(form_id in ids) # The names are the form_id. self.assertTrue(form_id in names)
def edit_checklist(request, id): if not request.user.is_authenticated(): return HttpResponseRedirect('/') checklist = Checklist.objects.get(id=id) if not checklist.owner == request.user: return HttpResponseRedirect('/') context = {} if request.method == 'POST': form = ChecklistForm(request.POST, instance=checklist) if 'Save' in request.POST: if form.is_valid(): form.save() messages.add_message(request, messages.INFO, "Your changes have been saved...") if 'Preview' in request.POST: if form.is_valid(): content = form.cleaned_data['content'] tokens = lex.get_tokens(content) result = parse.get_form(tokens) context = { 'checklist': checklist, 'result': result } return render(request, 'view_checklist.html', context) else: form = ChecklistForm(instance=checklist) context['action'] = '/checklist/%s/edit' % id context['form'] = form return render(request, 'user/edit_checklist.html', context)
def edit_checklist(request, id): if not request.user.is_authenticated(): return HttpResponseRedirect('/') checklist = Checklist.objects.get(id=id) if not checklist.owner == request.user: return HttpResponseRedirect('/') context = {} if request.method == 'POST': form = ChecklistForm(request.POST, instance=checklist) if 'Save' in request.POST: if form.is_valid(): form.save() messages.add_message(request, messages.INFO, "Your changes have been saved...") if 'Preview' in request.POST: if form.is_valid(): content = form.cleaned_data['content'] tokens = lex.get_tokens(content) result = parse.get_form(tokens) context = {'checklist': checklist, 'result': result} return render(request, 'view_checklist.html', context) else: form = ChecklistForm(instance=checklist) context['action'] = '/checklist/%s/edit' % id context['form'] = form return render(request, 'user/edit_checklist.html', context)
def test_returns_empty_no_tokens(self): """ If no tokens were passed into the function, an empty string is returned. """ tokens = [] result = get_form(tokens) self.assertEqual(result, '')
def view_checklist(request, id): checklist = Checklist.objects.get(id=id) tokens = lex.get_tokens(checklist.content) result = parse.get_form(tokens) context = { 'checklist': checklist, 'result': result } return render(request, 'view_checklist.html', context)
def test_returns_items_in_correct_order(self): """ Ensures that the tags appear in the correct order in the form. """ tokens = [Token('TEXT', 'foo'), Token('TEXT', 'bar'), Token('TEXT', 'baz')] form_id = 'test' result = get_form(tokens, form_id) self.assertTrue(result.find('foo') < result.find('bar') < result.find('baz'))
def test_default_attrs(self): """ Make sure the default attributes for the form tag are as expected. """ tokens = [Token('TEXT', 'foo')] form_id = 'test' csrf_token = '12345' result = get_form(tokens, form_id) expected = '<form id="test" action="." method="POST">' self.assertTrue(expected in result)
def preview_checklist(request): """ Takes a request from the markitup editor and returns a preview. """ result = '' if request.method == 'POST': if 'data' in request.POST: raw_data = request.POST['data'] tokens = lex.get_tokens(raw_data) result = parse.get_form(tokens) return render(request, 'preview.html', {'content': result})
def test_given_form_id_is_sanitized(self): """ Ensure the (potentially user derived) form_id is sanitized to avoid the possibility of XSS. """ tokens = [Token('TEXT', 'foo')] form_id = '<script>alert("hello");</script>' result = get_form(tokens, form_id) regexID = re.compile(r'id="(?P<id>[\w-]+)"') ids = regexID.findall(result) self.assertEqual('script-alert-hello-script', ids[0])
def test_radio_buttons_in_same_group(self): """ A list of adjacent radio button (OR) items have the same name attribute. """ tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'), Token('OR_ITEM', 'baz')] result = get_form(tokens, 'test') regex = re.compile(r'name="(?P<id>[\w-]+)"') ids = set(regex.findall(result)) self.assertEqual(1, len(ids))
def print_checklist(request, id): checklist = Checklist.objects.get(id=id) modified = checklist.modified tokens = lex.get_tokens(checklist.content) result = parse.get_form(tokens) context = { 'checklist': checklist, 'result': result, 'modified': modified, 'username': checklist.owner.username } return render(request, 'print_checklist.html', context)
def test_attrs_are_set_from_kwargs(self): """ Check that any further named args are turned into attribites of the form tag. """ tokens = [Token('TEXT', 'foo')] form_id = 'test' csrf_token = '12345' result = get_form(tokens, form_id, action='/foo', method='get') expected = '<form id="test" action="/foo" method="get">' self.assertTrue(expected in result)
def test_csrf_token_is_included(self): """ Ensures that if a CSRF token is passed in the correct hidden input tag is added to the form. """ tokens = [Token('TEXT', 'foo')] form_id = 'test' csrf_token = '12345' result = get_form(tokens, form_id, csrf_token) expected = ('<input type="hidden" name="csrfmiddlewaretoken"' + ' value="12345"/>') self.assertTrue(expected in result)
def test_radio_button_group_name_changes(self): """ Non-adjacent radio button (OR) items have different name attributes. """ tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'), Token('OR_ITEM', 'baz'), Token('BREAK', '----'), Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'), Token('OR_ITEM', 'baz')] result = get_form(tokens, 'test') regex = re.compile(r'name="(?P<id>[\w-]+)"') ids = set(regex.findall(result)) self.assertEqual(2, len(ids))
def test_radio_button_name_not_form_id(self): """ Ensure that radio button tags don't use the form_id for their name attribute. """ tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'), Token('OR_ITEM', 'baz')] form_id = 'test' result = get_form(tokens, form_id) regex = re.compile(r'name="(?P<id>[\w-]+)"') ids = set(regex.findall(result)) self.assertNotEqual(form_id, list(ids)[0], 'The form_id must not be used as name attribute of radio buttons')
def test_creates_uuid_if_no_form_id(self): """ If no form id is given, the function invents one (in the form of a uuid4). """ tokens = [Token('AND_ITEM', 'foo'), Token('AND_ITEM', 'bar'), Token('AND_ITEM', 'baz')] result = get_form(tokens) regexID = re.compile(r'id="(?P<id>[\w-]+)"') regexName = re.compile(r'name="(?P<id>[\w-]+)"') # find the id attribute. ids = regexID.findall(result) # find all the name attributes. names = regexName.findall(result) # The id attribute is only used once (the form tag). self.assertEqual(1, len(ids)) # Found the name attributes for each of the checkbox items. self.assertEqual(3, len(names)) # There is only one value for the name attributes. self.assertEqual(1, len(set(names))) # The id is the same for ids and names. self.assertEqual(ids[0], names[0])
def view_checklist(request, id): checklist = Checklist.objects.get(id=id) tokens = lex.get_tokens(checklist.content) result = parse.get_form(tokens) context = {'checklist': checklist, 'result': result} return render(request, 'view_checklist.html', context)