fix tests to work with auto csrf protection

plone · Mar 12, 2014 · 4ce286a · davisagli · Mar 12, 2014 · 4ce286a
1 parent 0e9303c
commit 4ce286a
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 11 deletions.
diff --git a/plone/app/users/tests/email_login.txt b/plone/app/users/tests/email_login.txt
@@ -78,7 +78,7 @@ Testing email address as login name
     True
 
     The form should be using CSRF protection
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
 
     Check that user name is not displayed.

diff --git a/plone/app/users/tests/flexible_user_registration.txt b/plone/app/users/tests/flexible_user_registration.txt
@@ -7,7 +7,12 @@ Testing the flexible user registration
     >>> import hmac
     >>> from hashlib import sha1
     >>> def getAuth():
-    ...     secret = getUtility(IKeyManager)[u'_system'].current
+    ...     manager = getUtility(IKeyManager)
+    ...     try:
+    ...         ring = manager[u'_forms']
+    ...     except:
+    ...         ring = manager[u'_system']
+    ...     secret = ring.current
     ...     return hmac.new(secret, 'admin', sha1).hexdigest()
 
 
@@ -46,8 +51,7 @@ Check that the site admin has a link to the configlet in the control panel.
     >>> 'home_page' in user_registration_fields.displayOptions
     False
 
-The form should be using CSRF protection
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
 
 Let's add home_page to the list of registration form fields.
@@ -108,7 +112,16 @@ get all required fields on registration form.
     >>> 'Registration form' in browser.contents
     True
     >>> browser.contents
-    '...User Name...Password...Confirm password...Full Name...E-mail...'
+    '...User Name...'
+    >>> browser.contents
+    '...Password...'
+    >>> browser.contents
+    '...Confirm password...'
+    >>> browser.contents
+    '...Full Name...'
+    >>> browser.contents
+    '...E-mail...'
+
 
 Check render register form in 'Use Email As Login' mode.
 

diff --git a/plone/app/users/tests/password.txt b/plone/app/users/tests/password.txt
@@ -30,7 +30,7 @@ Now we should be able to access the change password form:
 
 Let's try to change the password:
 
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
     >>> self.browser.getControl('Current password').value = 'secret'
     >>> self.browser.getControl('New password').value = 'super-secret'

diff --git a/plone/app/users/tests/personal_preferences.txt b/plone/app/users/tests/personal_preferences.txt
@@ -45,7 +45,7 @@ We have two controls, one for the start page and one for the language:
 
 The form should be using CSRF protection:
 
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
 
 Now we click the cancel button:

diff --git a/plone/app/users/tests/personal_preferences_prefs_user_details.txt b/plone/app/users/tests/personal_preferences_prefs_user_details.txt
@@ -36,7 +36,7 @@ We have these controls in the form:
 
 The form should be using CSRF protection:
 
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
 
 

diff --git a/plone/app/users/tests/test_new_user.py b/plone/app/users/tests/test_new_user.py
@@ -1,4 +1,7 @@
 from plone.app.users.tests.base import BaseTestCase
+from plone.protect import authenticator as auth
+import hmac
+from hashlib import sha1 as sha
 
 
 class TestNewUser(BaseTestCase):
@@ -8,7 +11,13 @@ def test_new_user_as_site_administrator(self):
             'siteadmin', 'secret', ['Site Administrator'], []
         )
         self.browser.addHeader('Authorization', 'Basic siteadmin:secret')
-        self.browser.open('http://nohost/plone/new-user')
+        # XXX need to use auth token here because there is one case of write
+        # on read for portlets that isn't hit here...
+        ring = auth._getKeyring('siteadmin')
+        secret = ring.random()
+        token = hmac.new(secret, 'siteadmin', sha).hexdigest()
+        self.browser.open('http://nohost/plone/new-user?_authenticator=%s' % (
+            token))
         self.browser.getControl('User Name').value = 'newuser'
         self.browser.getControl('E-mail').value = 'newuser@example.com'
         self.browser.getControl('Password').value = 'foobar'

diff --git a/plone/app/users/tests/userdata.txt b/plone/app/users/tests/userdata.txt
@@ -43,7 +43,7 @@ We have these controls in the form:
 
 The form should be using CSRF protection:
 
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>
 
 

diff --git a/plone/app/users/tests/userdata_prefs_user_details.txt b/plone/app/users/tests/userdata_prefs_user_details.txt
@@ -33,7 +33,7 @@ We have these controls in the form:
 
 The form should be using CSRF protection:
 
-    >>> self.browser.getControl(name='_authenticator')
+    >>> self.browser.getControl(name='_authenticator', index=0)
     <Control name='_authenticator' type='hidden'>