diff --git a/plone/app/users/tests/email_login.txt b/plone/app/users/tests/email_login.txt index 9f9e8a53..9f321031 100644 --- a/plone/app/users/tests/email_login.txt +++ b/plone/app/users/tests/email_login.txt @@ -78,7 +78,7 @@ Testing email address as login name True The form should be using CSRF protection - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) Check that user name is not displayed. diff --git a/plone/app/users/tests/flexible_user_registration.txt b/plone/app/users/tests/flexible_user_registration.txt index 92542496..06e86392 100644 --- a/plone/app/users/tests/flexible_user_registration.txt +++ b/plone/app/users/tests/flexible_user_registration.txt @@ -7,7 +7,12 @@ Testing the flexible user registration >>> import hmac >>> from hashlib import sha1 >>> def getAuth(): - ... secret = getUtility(IKeyManager)[u'_system'].current + ... manager = getUtility(IKeyManager) + ... try: + ... ring = manager[u'_forms'] + ... except: + ... ring = manager[u'_system'] + ... secret = ring.current ... return hmac.new(secret, 'admin', sha1).hexdigest() @@ -46,8 +51,7 @@ Check that the site admin has a link to the configlet in the control panel. >>> 'home_page' in user_registration_fields.displayOptions False -The form should be using CSRF protection - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) Let's add home_page to the list of registration form fields. @@ -108,7 +112,16 @@ get all required fields on registration form. >>> 'Registration form' in browser.contents True >>> browser.contents - '...User Name...Password...Confirm password...Full Name...E-mail...' + '...User Name...' + >>> browser.contents + '...Password...' + >>> browser.contents + '...Confirm password...' + >>> browser.contents + '...Full Name...' + >>> browser.contents + '...E-mail...' + Check render register form in 'Use Email As Login' mode. diff --git a/plone/app/users/tests/password.txt b/plone/app/users/tests/password.txt index 222c39de..109cd7f1 100644 --- a/plone/app/users/tests/password.txt +++ b/plone/app/users/tests/password.txt @@ -30,7 +30,7 @@ Now we should be able to access the change password form: Let's try to change the password: - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) >>> self.browser.getControl('Current password').value = 'secret' >>> self.browser.getControl('New password').value = 'super-secret' diff --git a/plone/app/users/tests/personal_preferences.txt b/plone/app/users/tests/personal_preferences.txt index 5cf95f7a..8af1bed9 100644 --- a/plone/app/users/tests/personal_preferences.txt +++ b/plone/app/users/tests/personal_preferences.txt @@ -45,7 +45,7 @@ We have two controls, one for the start page and one for the language: The form should be using CSRF protection: - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) Now we click the cancel button: diff --git a/plone/app/users/tests/personal_preferences_prefs_user_details.txt b/plone/app/users/tests/personal_preferences_prefs_user_details.txt index a68cbc04..ab4296cb 100644 --- a/plone/app/users/tests/personal_preferences_prefs_user_details.txt +++ b/plone/app/users/tests/personal_preferences_prefs_user_details.txt @@ -36,7 +36,7 @@ We have these controls in the form: The form should be using CSRF protection: - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) diff --git a/plone/app/users/tests/test_new_user.py b/plone/app/users/tests/test_new_user.py index 238d55e3..b80cd529 100644 --- a/plone/app/users/tests/test_new_user.py +++ b/plone/app/users/tests/test_new_user.py @@ -1,4 +1,7 @@ from plone.app.users.tests.base import BaseTestCase +from plone.protect import authenticator as auth +import hmac +from hashlib import sha1 as sha class TestNewUser(BaseTestCase): @@ -8,7 +11,13 @@ def test_new_user_as_site_administrator(self): 'siteadmin', 'secret', ['Site Administrator'], [] ) self.browser.addHeader('Authorization', 'Basic siteadmin:secret') - self.browser.open('http://nohost/plone/new-user') + # XXX need to use auth token here because there is one case of write + # on read for portlets that isn't hit here... + ring = auth._getKeyring('siteadmin') + secret = ring.random() + token = hmac.new(secret, 'siteadmin', sha).hexdigest() + self.browser.open('http://nohost/plone/new-user?_authenticator=%s' % ( + token)) self.browser.getControl('User Name').value = 'newuser' self.browser.getControl('E-mail').value = 'newuser@example.com' self.browser.getControl('Password').value = 'foobar' diff --git a/plone/app/users/tests/userdata.txt b/plone/app/users/tests/userdata.txt index af5aea67..cfc0518b 100644 --- a/plone/app/users/tests/userdata.txt +++ b/plone/app/users/tests/userdata.txt @@ -43,7 +43,7 @@ We have these controls in the form: The form should be using CSRF protection: - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0) diff --git a/plone/app/users/tests/userdata_prefs_user_details.txt b/plone/app/users/tests/userdata_prefs_user_details.txt index 1f85248f..b9d74c87 100644 --- a/plone/app/users/tests/userdata_prefs_user_details.txt +++ b/plone/app/users/tests/userdata_prefs_user_details.txt @@ -33,7 +33,7 @@ We have these controls in the form: The form should be using CSRF protection: - >>> self.browser.getControl(name='_authenticator') + >>> self.browser.getControl(name='_authenticator', index=0)