def test_dashboard_submit_sql(admin_client, dashboard_db):
# Test full flow of POST submitting new SQL, having it signed
# and having it redirect to the results page
get_response = admin_client.get("/dashboard/")
assert get_response.status_code == 200
assert get_response["Content-Security-Policy"] == "frame-ancestors 'self'"
sql = "select 14 + 33"
response = admin_client.post(
"/dashboard/",
{
"sql": sql,
"_save-title": "",
"_save-slug": "",
"_save-description": "",
"_save-view_policy": "private",
"_save-view_group": "",
"_save-edit_policy": "private",
"_save-edit_group": "",
},
)
assert response.status_code == 302
# Should redirect to ?sql=signed-value
bits = urllib.parse.parse_qs(response.url.split("?")[1])
assert set(bits.keys()) == {"sql"}
signed_sql = bits["sql"][0]
assert signed_sql == sign_sql(sql)
# GET against this new location should return correct result
get_response = admin_client.get(response.url)
assert get_response.status_code == 200
assert b"47" in get_response.content
def test_dashboard_upgrade_old_base64_links(admin_client, dashboard_db, settings):
old_signed = signing.dumps("select 1 + 1", salt=SQL_SALT)
assert is_valid_base64_json(old_signed.split(":")[0])
# Should do nothing without setting
assert admin_client.get("/dashboard/?sql=" + old_signed).status_code == 200
# With setting should redirect
settings.DASHBOARD_UPGRADE_OLD_BASE64_LINKS = True
response = admin_client.get("/dashboard/?sql=" + old_signed)
assert response.status_code == 302
assert response.url == "/dashboard/?" + urllib.parse.urlencode(
{"sql": sign_sql("select 1 + 1")}
)
def test_dashboard_submit_sql(admin_client, dashboard_db):
# Test full flow of POST submitting new SQL, having it signed
# and having it redirect to the results page
get_response = admin_client.get("/dashboard/")
assert get_response.status_code == 200
assert get_response["Content-Security-Policy"] == "frame-ancestors 'self'"
sql = "select 14 + 33"
response = admin_client.post("/dashboard/", {"sql": sql})
assert response.status_code == 302
# Should redirect to ?sql=signed-value
signed_sql = urllib.parse.parse_qs(response.url.split("?")[1])["sql"][0]
assert signed_sql == sign_sql(sql)
# GET against this new location should return correct result
get_response = admin_client.get(response.url)
assert get_response.status_code == 200
assert b"47" in get_response.content
def signed_sql(queries):
return [sign_sql(sql) for sql in queries]