arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-06-28 06:41:43 +00:00
Code Issues Projects Releases Wiki Activity

feat: forbid form data in html

Browse Source 
It has been a while since all pages have moved to json instead of form
data, except for login page. This commit changes login to json data
instead of form one
This commit is contained in:
Evgenii Alekseev
2023-11-16 16:42:27 +02:00
parent de7184fc3a
commit 18d17d4d52
17 changed files with 72 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tests/ahriman/web/views/test_view_base.py
View File

@ -87,68 +87,6 @@ def test_get_non_empty() -> None:
BaseView.get_non_empty(lambda k: [], "key")
async def test_data_as_json(base: BaseView) -> None:
"""
must parse multi value form payload
"""
json = {"key1": "value1", "key2": ["value2", "value3"], "key3": ["value4", "value5", "value6"]}
async def get_data():
result = MultiDict()
for key, values in json.items():
if isinstance(values, list):
for value in values:
result.add(key, value)
else:
result.add(key, values)
return result
base._request = pytest.helpers.request(base.request.app, "", "", data=get_data)
assert await base.data_as_json([]) == json
async def test_data_as_json_with_list_keys(base: BaseView) -> None:
"""
must parse multi value form payload with forced list
"""
json = {"key1": "value1"}
async def get_data():
return json
base._request = pytest.helpers.request(base.request.app, "", "", data=get_data)
assert await base.data_as_json(["key1"]) == {"key1": ["value1"]}
async def test_extract_data_json(base: BaseView) -> None:
"""
must parse and return json
"""
json = {"key1": "value1", "key2": "value2"}
async def get_json():
return json
base._request = pytest.helpers.request(base.request.app, "", "", json=get_json)
assert await base.extract_data() == json
async def test_extract_data_post(base: BaseView) -> None:
"""
must parse and return form data
"""
json = {"key1": "value1", "key2": "value2"}
async def get_json():
raise ValueError()
async def get_data():
return json
base._request = pytest.helpers.request(base.request.app, "", "", json=get_json, data=get_data)
assert await base.extract_data() == json
async def test_head(client: TestClient) -> None:
"""
must implement head as get method

1
tests/ahriman/web/views/v1/service/test_view_v1_service_update.py
View File

@ -63,7 +63,6 @@ async def test_post_empty(client: TestClient, mocker: MockerFixture) -> None:
"""
must call raise 400 on invalid request
"""
mocker.patch("ahriman.web.views.base.BaseView.extract_data", side_effect=Exception())
update_mock = mocker.patch("ahriman.core.spawn.Spawn.packages_update")
response_schema = pytest.helpers.schema_response(UpdateView.post, code=400)

16
tests/ahriman/web/views/v1/user/test_view_v1_user_login.py
View File

@ -125,9 +125,6 @@ async def test_post(client_with_auth: TestClient, user: User, mocker: MockerFixt
response = await client_with_auth.post("/api/v1/login", json=payload)
assert response.ok
response = await client_with_auth.post("/api/v1/login", data=payload)
assert response.ok
remember_mock.assert_called()
@ -156,3 +153,16 @@ async def test_post_unauthorized(client_with_auth: TestClient, user: User, mocke
assert response.status == 401
assert not response_schema.validate(await response.json())
remember_mock.assert_not_called()
async def test_post_invalid_json(client_with_auth: TestClient, mocker: MockerFixture) -> None:
"""
must return unauthorized on invalid auth
"""
response_schema = pytest.helpers.schema_response(LoginView.post, code=400)
remember_mock = mocker.patch("aiohttp_security.remember")
response = await client_with_auth.post("/api/v1/login")
assert response.status == 400
assert not response_schema.validate(await response.json())
remember_mock.assert_not_called()