Skip to content

Commit

Permalink
Merge 227da7f into b6b3202
Browse files Browse the repository at this point in the history
  • Loading branch information
@kbecker42
kbecker42 committed Mar 6, 2023
2 parents b6b3202 + 227da7f commit ace19fe
Show file tree
Hide file tree
Showing 5 changed files with 216 additions and 2 deletions.
9 changes: 8 additions & 1 deletion pybossa/api/api_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,7 @@ def post(self):
cls_name = self.__class__.__name__
data = None
self.valid_args()
self._preprocess_request(request)
data = self._file_upload(request)
if data is None:
data = self._parse_request_data()
Expand Down Expand Up @@ -363,10 +364,15 @@ def _parse_request_data(self):
return data

def _preprocess_post_data(self, data):
"""Method to be overriden by inheriting classes that will
"""Method to be overridden by inheriting classes that will
perform preprocessing on the POST data"""
pass

def _preprocess_request(self, request):
"""Method to be overridden by inheriting classes that will
perform preprocessong on the POST and PUT request"""
pass

def _create_instance_from_request(self, data):
data = self.hateoas.remove_links(data)
inst = self.__class__(**data)
Expand Down Expand Up @@ -428,6 +434,7 @@ def put(self, oid):
"""
try:
self.valid_args()
self._preprocess_request(request)
cls_name = self.__class__.__name__
repo = repos[cls_name]['repo']
query_func = repos[cls_name]['get']
Expand Down
10 changes: 10 additions & 0 deletions pybossa/api/project.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ class ProjectAPI(APIBase):
private_keys = set(['secret_key'])
restricted_keys = set()

def _preprocess_request(self, request):
# Limit maximum post data size.
content_length = request.content_length if request else 0
max_length_mb = current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB', 2)
max_length_bytes = max_length_mb * 1024 * 1024 # Maximum POST data size (MB)
if content_length > max_length_bytes:
raise BadRequest('The task presenter/guidelines content exceeds ' +
str(max_length_mb) +
' MB. Please move large content to an external file.')

def _preprocess_post_data(self, data):
# set amp_store default as true when not passed as input param
amp_config = data.get('info', {}).get('annotation_config', {}).get('amp_store')
Expand Down
10 changes: 10 additions & 0 deletions pybossa/view/projects.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -606,13 +606,23 @@ def task_presenter_editor(short_name):
flash(gettext(disabled_msg), 'error')

if request.method == 'POST':
# Limit maximum post data size.
content_length = request.content_length
max_length_mb = current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB', 2)
max_length_bytes = max_length_mb * 1024 * 1024 # 2 MB maximum POST data size

if disable_editor:
flash(gettext(disabled_msg), 'error')
errors = True
elif not is_admin_or_owner:
flash(gettext('Ooops! Only project owners can update.'),
'error')
errors = True
elif content_length and content_length > max_length_bytes:
flash(gettext('The task presenter/guidelines content exceeds ' + str(max_length_mb) +
' MB. Please move large content to an external file.'),
'error')
errors = True
elif form.validate():
db_project = project_repo.get(project.id)
old_project = Project(**db_project.dictize())
Expand Down
142 changes: 141 additions & 1 deletion test/test_api/test_project_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2276,4 +2276,144 @@ def test_locked_tasks_api_specific_no_tasks(self):
res_data = json.loads(res.data)

assert res.status_code == 404, "POST project locks api should return 404"
assert res_data == [], "POST project locks api should return empty array"
assert res_data == [], "POST project locks api should return empty array"


@with_context
@patch('pybossa.model.project.signer')
def test_project_create_task_presenter_too_large(self, hasher_mock):
"""Test API project task presenter on PUT and POST with too large payload create"""
from flask import current_app
from pybossa.core import setup_task_presenter_editor

current_app.config['TASK_PRESENTER_MAX_SIZE_MB'] = 0.001
setup_task_presenter_editor(current_app)

[admin, subadmin] = UserFactory.create_batch(2)
make_admin(admin)
make_subadmin(subadmin)
CategoryFactory.create()

hasher_mock.generate_password_hash.return_value = "hashedpwd"

# Admin can create project with task presenter
too_large = '1_EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5_1'
name='XXXX Project 2'
data = dict(
name=name,
short_name='xxxx-project-2',
description='description',
owner_id=admin.id,
long_description='Long Description\n================',
password='hello',
info=dict(
task_presenter=too_large,
data_classification=dict(input_data="L4 - public", output_data="L4 - public"),
kpi=0.5,
product="abc",
subproduct="def",
))

newdata = json.dumps(data)
res = self.app.post('/api/project?api_key=' + admin.api_key,
data=newdata)
res_data = json.loads(res.data)
project = project_repo.get_by(name=name)

# Verify failed to update.
assert res.status_code == 400, "BadRequest"
assert res_data['action'] == 'POST', res_data
assert "content exceeds " + str(current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB')) + " MB" in res_data['exception_msg'], res_data
assert project is None


@with_context
@patch('pybossa.model.project.signer')
def test_project_update_task_presenter_too_large(self, hasher_mock):
"""Test API project task presenter on PUT and POST with too large payload update"""
from flask import current_app
from pybossa.core import setup_task_presenter_editor

current_app.config['TASK_PRESENTER_MAX_SIZE_MB'] = 0.001
setup_task_presenter_editor(current_app)

[admin, subadmin] = UserFactory.create_batch(2)
make_admin(admin)
make_subadmin(subadmin)
CategoryFactory.create()

hasher_mock.generate_password_hash.return_value = "hashedpwd"

# Admin can create project with task presenter
name='XXXX Project 2'
data = dict(
name=name,
short_name='xxxx-project-2',
description='description',
owner_id=admin.id,
long_description='Long Description\n================',
password='hello',
info=dict(
task_presenter='test123',
data_classification=dict(input_data="L4 - public", output_data="L4 - public"),
kpi=0.5,
product="abc",
subproduct="def",
))

newdata = json.dumps(data)
res = self.app.post('/api/project?api_key=' + admin.api_key,
data=newdata)
project = project_repo.get_by(name=name)
assert res.status_code == 200, "Project created"

# Admin can not update project task presenter with too large payload
too_large = '1_EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5_1'
data = dict(info=dict(task_presenter=too_large))
newdata = json.dumps(data)
res = self.app.put(
'/api/project/{}?api_key={}'.format(project.id, admin.api_key),
data=newdata)
res_data = json.loads(res.data)

# Verify failed to update.
assert res.status_code == 400, "BadRequest"
assert res_data['action'] == 'PUT', res_data
assert "content exceeds " + str(current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB')) + " MB" in res_data['exception_msg'], res_data


@with_context
def test_project_update_api_too_large(self):
"""Test API project task presenter on PUT with too large payload"""
from flask import current_app
current_app.config['TASK_PRESENTER_MAX_SIZE_MB'] = 0.001
user = UserFactory.create(id=500)
project = ProjectFactory.create(
short_name='test_project',
name='Test Project',
info={
'total': 150,
'task_presenter': 'foo',
'data_classification': dict(input_data="L4 - public", output_data="L4 - public"),
'kpi': 0.5,
'product': 'abc',
'subproduct': 'def',
},
owner=user)
tasks = TaskFactory.create_batch(2, project=project, n_answers=2)
headers = [('Authorization', user.api_key)]

too_large = '1_EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5_1'
data = dict(
info=dict(task_presenter=too_large)
)
datajson = json.dumps(data)

# Call API method to update the project task presenter.
res = self.app.put('/api/project/{}'.format(project.id), data=datajson, headers=headers, follow_redirects=True)
res_data = json.loads(res.data)

# Verify failed to update.
assert res.status_code == 400, "BadRequest"
assert res_data['action'] == 'PUT', res_data
assert "content exceeds " + str(current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB')) + " MB" in res_data['exception_msg'], res_data
47 changes: 47 additions & 0 deletions test/test_web.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3400,6 +3400,53 @@ def test_task_presenter(self):
res = self.app.get('/project/%s/task/%s/%s' % (project_short_name, task.id, user.id))
assert b'TaskPresenter' in res.data

@with_context
@patch('pybossa.view.projects.uploader.upload_file', return_value=True)
def test_task_presenter_editor_too_large(self, mock):
"""Test WEB task presenter editor fails on too large task presenter html"""
from flask import current_app
current_app.config['TASK_PRESENTER_MAX_SIZE_MB'] = 0.001
too_large = '1_EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5EOqi0apgy0cd8IPREKDe9yhtT1RTXZDASgwdyDzmK6a2FeQgc2XgkknSOG7EHbBZAUh3EWo86iAC8a8P3F0I9K9Ko44AdodZSeN0T8UAzVCMj6C1nxTEG4TYmVqRJw8MFjDYAt2xuc5Wr2rhggokcJxMgzzf0Dt32nr4aWIxklF07Y6ic7zWNkZJ1Jt4dwQxZtwMBQH7FFcHmDzsZ8ZTgth5QvpE7MQOa8hnzztFB7YGQxptQx09Qj314kCk0UGbJMO3WZHCl5f9KJzJlEsjuMk5TX9ZkbQlBfR4CRTMLVSt1n3jYvbjmMKaPV678sZCSfGj7do3ljOVuqfXYIsuWajObbmGKR1WOWFNb47EYAB3YHlrEvCL7kv52boc2KAgh5HihtP2wrfMAOXAms1eOmcG2UsDQ802JtcIlVNvyU3mJ87RkRcAy2R3oUaMWmyhI8DLvbPFU1AaIm597TTjKKxrMeivcs56QelXulHdPS8kCReFwkOPJzTxfHPf6QobmbIyvqV9n8HDb8rz9Zh50Rqz5HoYIFipZ9wJxNUxFY7wj10h1waTGRaUp7DMqfsHqwhaGiLql8ey0jamQvU9ZQRDxRPdYcXzaqy6asNvebPwMxwSCUHeH98zxwpNid1fQs0wzMidxPi1yyHyBxCRggV5TtLdo8icQCXhMN1kZqYlc0looL0ROXBKbAlXHMbx5CjULYRybz6PuT2ROi6FOwEhbaxZVQ5b1TTsDUjOukyrYmLtWj0rL3ee6EUnRQezwSc0CZLKXj4ezy2m2atWqqW6fTEcKKbr2XlWB1T91HwD4mHk45OfyuMeqvMJtoAH9U9jubsRTTQQNKake03ghj0SmRls8yDnTqg7uLiySpwyS93by6D50DxQYZJuYQWxOaQ9rlxXy2KSem309ua62V9ZGDIXiMW7BiqyWCPrgJTSOPL2w2YrSH9OGoFXccICIKaXRgZgxIZLfbYeyZrQzjAbESzM8wKhbNOpuRq5_1'

# Initialize a project.
self.create()
self.delete_task_runs()

# Set the user password and admin.
user = db.session.query(User).get(2)
user.set_password('1234')
user.admin = True
user_repo.save(user)

# Create a project and task.
project = db.session.query(Project).first()
project.allow_anonymous_contributors = True
db.session.add(project)
db.session.commit()

# Sign-in as an admin user.
csrf = self.get_csrf('/account/signin')
res = self.signin(email=user.email_addr, password='1234', csrf=csrf)



res = self.app.post('/project/' + project.short_name + '/tasks/taskpresentereditor',
data={'editor': too_large, 'task-presenter': ''},
headers={'X-CSRFToken': csrf},
follow_redirects=True)

# Verify failed to update.
assert "content exceeds " + str(current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB')) + " MB" in str(res.data), res.data

res = self.app.post('/project/' + project.short_name + '/tasks/taskpresentereditor',
data={'guidelines': too_large, 'task-guidelines': ''},
headers={'X-CSRFToken': csrf},
follow_redirects=True)

# Verify failed to update.
assert "content exceeds " + str(current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB')) + " MB" in str(res.data), res.data


@with_context
def test_task_presenter_with_allow_taskrun_edit_works(self):
"""Test WEB with taskrun edit permitted, get expected task based on user access"""
Expand Down

0 comments on commit ace19fe

Please sign in to comment.