def test_uses_designated_id(self):
"""
If a form_id is provided, will be used as the form's id and name
attribute in checkboxes.
"""
tokens = [Token('AND_ITEM', 'foo'), Token('AND_ITEM', 'bar'),
Token('AND_ITEM', 'baz')]
form_id = 'test'
result = get_form(tokens, form_id)
regexID = re.compile(r'id="(?P<id>[\w-]+)"')
regexName = re.compile(r'name="(?P<id>[\w-]+)"')
# find the id attribute.
ids = regexID.findall(result)
# find all the name attributes.
names = regexName.findall(result)
# The id attribute is only used once (the form tag).
self.assertEqual(1, len(ids))
# Found the name attributes for each of the checkbox items.
self.assertEqual(3, len(names))
# There is only one value for the name attributes.
self.assertEqual(1, len(set(names)))
# The id is the form_id.
self.assertTrue(form_id in ids)
# The names are the form_id.
self.assertTrue(form_id in names)
def edit_checklist(request, id):
if not request.user.is_authenticated():
return HttpResponseRedirect('/')
checklist = Checklist.objects.get(id=id)
if not checklist.owner == request.user:
return HttpResponseRedirect('/')
context = {}
if request.method == 'POST':
form = ChecklistForm(request.POST, instance=checklist)
if 'Save' in request.POST:
if form.is_valid():
form.save()
messages.add_message(request, messages.INFO, "Your changes have been saved...")
if 'Preview' in request.POST:
if form.is_valid():
content = form.cleaned_data['content']
tokens = lex.get_tokens(content)
result = parse.get_form(tokens)
context = {
'checklist': checklist,
'result': result
}
return render(request, 'view_checklist.html', context)
else:
form = ChecklistForm(instance=checklist)
context['action'] = '/checklist/%s/edit' % id
context['form'] = form
return render(request, 'user/edit_checklist.html', context)
def edit_checklist(request, id):
if not request.user.is_authenticated():
return HttpResponseRedirect('/')
checklist = Checklist.objects.get(id=id)
if not checklist.owner == request.user:
return HttpResponseRedirect('/')
context = {}
if request.method == 'POST':
form = ChecklistForm(request.POST, instance=checklist)
if 'Save' in request.POST:
if form.is_valid():
form.save()
messages.add_message(request, messages.INFO,
"Your changes have been saved...")
if 'Preview' in request.POST:
if form.is_valid():
content = form.cleaned_data['content']
tokens = lex.get_tokens(content)
result = parse.get_form(tokens)
context = {'checklist': checklist, 'result': result}
return render(request, 'view_checklist.html', context)
else:
form = ChecklistForm(instance=checklist)
context['action'] = '/checklist/%s/edit' % id
context['form'] = form
return render(request, 'user/edit_checklist.html', context)
def test_returns_empty_no_tokens(self):
"""
If no tokens were passed into the function, an empty string is
returned.
"""
tokens = []
result = get_form(tokens)
self.assertEqual(result, '')
def view_checklist(request, id):
checklist = Checklist.objects.get(id=id)
tokens = lex.get_tokens(checklist.content)
result = parse.get_form(tokens)
context = {
'checklist': checklist,
'result': result
}
return render(request, 'view_checklist.html', context)
def test_returns_items_in_correct_order(self):
"""
Ensures that the tags appear in the correct order in the form.
"""
tokens = [Token('TEXT', 'foo'), Token('TEXT', 'bar'),
Token('TEXT', 'baz')]
form_id = 'test'
result = get_form(tokens, form_id)
self.assertTrue(result.find('foo') < result.find('bar') <
result.find('baz'))
def test_default_attrs(self):
"""
Make sure the default attributes for the form tag are as expected.
"""
tokens = [Token('TEXT', 'foo')]
form_id = 'test'
csrf_token = '12345'
result = get_form(tokens, form_id)
expected = '<form id="test" action="." method="POST">'
self.assertTrue(expected in result)
def preview_checklist(request):
"""
Takes a request from the markitup editor and returns a preview.
"""
result = ''
if request.method == 'POST':
if 'data' in request.POST:
raw_data = request.POST['data']
tokens = lex.get_tokens(raw_data)
result = parse.get_form(tokens)
return render(request, 'preview.html', {'content': result})
def preview_checklist(request):
"""
Takes a request from the markitup editor and returns a preview.
"""
result = ''
if request.method == 'POST':
if 'data' in request.POST:
raw_data = request.POST['data']
tokens = lex.get_tokens(raw_data)
result = parse.get_form(tokens)
return render(request, 'preview.html', {'content': result})
def test_given_form_id_is_sanitized(self):
"""
Ensure the (potentially user derived) form_id is sanitized to avoid
the possibility of XSS.
"""
tokens = [Token('TEXT', 'foo')]
form_id = '<script>alert("hello");</script>'
result = get_form(tokens, form_id)
regexID = re.compile(r'id="(?P<id>[\w-]+)"')
ids = regexID.findall(result)
self.assertEqual('script-alert-hello-script', ids[0])
def test_radio_buttons_in_same_group(self):
"""
A list of adjacent radio button (OR) items have the same name
attribute.
"""
tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'),
Token('OR_ITEM', 'baz')]
result = get_form(tokens, 'test')
regex = re.compile(r'name="(?P<id>[\w-]+)"')
ids = set(regex.findall(result))
self.assertEqual(1, len(ids))
def print_checklist(request, id):
checklist = Checklist.objects.get(id=id)
modified = checklist.modified
tokens = lex.get_tokens(checklist.content)
result = parse.get_form(tokens)
context = {
'checklist': checklist,
'result': result,
'modified': modified,
'username': checklist.owner.username
}
return render(request, 'print_checklist.html', context)
def test_attrs_are_set_from_kwargs(self):
"""
Check that any further named args are turned into attribites of the
form tag.
"""
tokens = [Token('TEXT', 'foo')]
form_id = 'test'
csrf_token = '12345'
result = get_form(tokens, form_id, action='/foo',
method='get')
expected = '<form id="test" action="/foo" method="get">'
self.assertTrue(expected in result)
def test_csrf_token_is_included(self):
"""
Ensures that if a CSRF token is passed in the correct hidden input
tag is added to the form.
"""
tokens = [Token('TEXT', 'foo')]
form_id = 'test'
csrf_token = '12345'
result = get_form(tokens, form_id, csrf_token)
expected = ('<input type="hidden" name="csrfmiddlewaretoken"' +
' value="12345"/>')
self.assertTrue(expected in result)
def print_checklist(request, id):
checklist = Checklist.objects.get(id=id)
modified = checklist.modified
tokens = lex.get_tokens(checklist.content)
result = parse.get_form(tokens)
context = {
'checklist': checklist,
'result': result,
'modified': modified,
'username': checklist.owner.username
}
return render(request, 'print_checklist.html', context)
def test_radio_button_group_name_changes(self):
"""
Non-adjacent radio button (OR) items have different name attributes.
"""
tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'),
Token('OR_ITEM', 'baz'), Token('BREAK', '----'),
Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'),
Token('OR_ITEM', 'baz')]
result = get_form(tokens, 'test')
regex = re.compile(r'name="(?P<id>[\w-]+)"')
ids = set(regex.findall(result))
self.assertEqual(2, len(ids))
def test_radio_button_name_not_form_id(self):
"""
Ensure that radio button tags don't use the form_id for their
name attribute.
"""
tokens = [Token('OR_ITEM', 'foo'), Token('OR_ITEM', 'bar'),
Token('OR_ITEM', 'baz')]
form_id = 'test'
result = get_form(tokens, form_id)
regex = re.compile(r'name="(?P<id>[\w-]+)"')
ids = set(regex.findall(result))
self.assertNotEqual(form_id, list(ids)[0],
'The form_id must not be used as name attribute of radio buttons')
def test_creates_uuid_if_no_form_id(self):
"""
If no form id is given, the function invents one (in the form of a
uuid4).
"""
tokens = [Token('AND_ITEM', 'foo'), Token('AND_ITEM', 'bar'),
Token('AND_ITEM', 'baz')]
result = get_form(tokens)
regexID = re.compile(r'id="(?P<id>[\w-]+)"')
regexName = re.compile(r'name="(?P<id>[\w-]+)"')
# find the id attribute.
ids = regexID.findall(result)
# find all the name attributes.
names = regexName.findall(result)
# The id attribute is only used once (the form tag).
self.assertEqual(1, len(ids))
# Found the name attributes for each of the checkbox items.
self.assertEqual(3, len(names))
# There is only one value for the name attributes.
self.assertEqual(1, len(set(names)))
# The id is the same for ids and names.
self.assertEqual(ids[0], names[0])
def view_checklist(request, id):
checklist = Checklist.objects.get(id=id)
tokens = lex.get_tokens(checklist.content)
result = parse.get_form(tokens)
context = {'checklist': checklist, 'result': result}
return render(request, 'view_checklist.html', context)
