def test_post(self): cookie = yield self.login() xsrf_response = yield self.http_client.fetch( self.get_url("/admin/overview"), headers={"Cookie": cookie}, follow_redirects=False, ) soup = BeautifulSoup(xsrf_response.body, "html.parser") xsrf = soup.find(name="form", attrs={ "action": "/logout" }).find(attrs={"name": "_xsrf"})["value"] xsrf = soup.find(attrs={"name": "_xsrf"})["value"] cookie = xsrf_response.headers["Set-Cookie"] response = yield self.http_client.fetch( self.get_url("/logout"), method="POST", headers={"Cookie": cookie}, body="_xsrf={}".format(xsrf), ) self.assertEqual(response.code, 200) database.delete_login("test_user")
def test_post(self): login_cookie = yield self.login() get = yield self.http_client.fetch( self.get_url("/admin/server_list"), headers={"Cookie": login_cookie}, follow_redirects=False, ) self.assertEqual(get.code, 200) xsrf = _get_xsrf(get.body, "session_remove") cookie = login_cookie + ";" + get.headers["Set-Cookie"] secret = list(sessions.get_all().keys())[0] post = yield self.http_client.fetch( self.get_url("/admin/server_list"), headers={"Cookie": cookie}, follow_redirects=False, method="POST", body="_xsrf={}&action=session_remove&secret={}".format( xsrf, secret), ) self.assertEqual(post.code, 200) database.delete_login("test_user")
def test_redirect(self): cookie = yield self.login() response = yield self.http_client.fetch( self.get_url("/login?view=overview"), headers={"Cookie": cookie}) self.assertEqual(response.code, 200) database.delete_login("test_user")
def test_post(self): login_cookie = yield self.login() get = yield self.http_client.fetch( self.get_url("/admin/user_management"), headers={"Cookie": login_cookie}, follow_redirects=False, ) self.assertEqual(get.code, 200) xsrf = _get_xsrf(get.body, "create_user") cookie = login_cookie + ";" + get.headers["Set-Cookie"] post = yield self.http_client.fetch( self.get_url("/admin/user_management"), headers={"Cookie": cookie}, method="POST", body= "_xsrf={}&action=create_user&username=test-user2&password=b&sysop=1" .format(xsrf), follow_redirects=False, ) self.assertEqual(post.code, 200) xsrf = _get_xsrf(post.body, "change_password") cookie = login_cookie + ";" + get.headers["Set-Cookie"] post = yield self.http_client.fetch( self.get_url("/admin/user_management"), headers={"Cookie": cookie}, method="POST", body= "_xsrf={}&action=change_password&username=test-user2&password=test" .format(xsrf), follow_redirects=False, ) self.assertEqual(post.code, 200) xsrf = _get_xsrf(post.body, "delete_user") cookie = login_cookie + ";" + get.headers["Set-Cookie"] post = yield self.http_client.fetch( self.get_url("/admin/user_management"), headers={"Cookie": cookie}, method="POST", body="_xsrf={}&action=delete_user&username=test-user2".format( xsrf), follow_redirects=False, ) self.assertEqual(post.code, 200) database.delete_login("test_user")
def test_get(self): cookie = yield self.login() response = yield self.http_client.fetch( self.get_url("/admin/bans"), headers={"Cookie": cookie}, follow_redirects=False, ) self.assertEqual(response.code, 200) database.delete_login("test_user")
def runTest(self): can_ban = database.can_ban("test_user3") self.assertEqual(can_ban, False) if database.login_exists("test_user"): database.delete_login("test_user") database.add_login("test_user", "abc", sysop=False, can_ban_user=True) can_ban = database.can_ban("test_user") self.assertEqual(can_ban, True) database.delete_login("test_user")
def runTest(self): can_blacklist = database.can_modify_blacklist("test_user3") self.assertEqual(can_blacklist, False) if database.login_exists("test_user"): database.delete_login("test_user") database.add_login("test_user", "abc", sysop=False, can_modify_blacklist=True) can_blacklist = database.can_modify_blacklist("test_user") self.assertEqual(can_blacklist, True) database.delete_login("test_user")
def remove_user(self, username): """Remove user""" if not username: self.set_error("Missing parameters") return if not database.is_sysop(self.get_username()): self.set_error("Only sysop can delete users") return if not database.login_exists(username): self.set_error("No such user") return if self.get_username() == username: self.set_error("Can't delete own account!") return database.delete_login(username)
def test_post(self): login_cookie = yield self.login() get = yield self.http_client.fetch( self.get_url("/admin/blacklist"), headers={"Cookie": login_cookie}, follow_redirects=False, ) self.assertEqual(get.code, 200) xsrf = _get_xsrf(get.body, "blacklist_add") cookie = login_cookie + ";" + get.headers["Set-Cookie"] post = yield self.http_client.fetch( self.get_url("/admin/blacklist"), headers={"Cookie": cookie}, method="POST", body="_xsrf={}&action=blacklist_add&word=test&reason=test".format( xsrf), follow_redirects=False, ) self.assertEqual(post.code, 200) xsrf = _get_xsrf(post.body, "blacklist_remove") cookie = login_cookie + ";" + get.headers["Set-Cookie"] post = yield self.http_client.fetch( self.get_url("/admin/blacklist"), headers={"Cookie": cookie}, method="POST", body="_xsrf={}&action=blacklist_remove&word=test".format(xsrf), follow_redirects=False, ) self.assertEqual(post.code, 200) database.delete_login("test_user")
def test_post(self): yield self.login() database.delete_login("test_user")