fix #32
This commit is contained in:
Matthew Scragg
parent
325c735f4e
commit
2d6f368ff1
9 changed files with 63 additions and 34 deletions
|
|
@ -0,0 +1,12 @@
|
|||
from realms import login_manager
|
||||
from flask import request, flash, redirect
|
||||
from flask.ext.login import login_url
|
||||
|
||||
|
||||
@login_manager.unauthorized_handler
|
||||
def unauthorized():
|
||||
if request.method == 'GET':
|
||||
flash('Please log in to access this page')
|
||||
return redirect(login_url('auth.login', request.url))
|
||||
else:
|
||||
return dict(error=True, message="Please log in for access."), 403
|
||||
|
|
@ -71,22 +71,19 @@ class User(Model, UserMixin):
|
|||
|
||||
@staticmethod
|
||||
def get_by_username(username):
|
||||
return User.query.filter_by(username=username).first()
|
||||
return User.query().filter_by(username=username).first()
|
||||
|
||||
@staticmethod
|
||||
def get_by_email(email):
|
||||
return User.query.filter_by(email=email).first()
|
||||
return User.query().filter_by(email=email).first()
|
||||
|
||||
@staticmethod
|
||||
def signer(salt):
|
||||
"""
|
||||
Signed with app secret salted with sha256 of password hash of user (client secret)
|
||||
"""
|
||||
return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
|
||||
|
||||
@staticmethod
|
||||
def auth(email, password):
|
||||
user = User.query.filter_by(email=email).first()
|
||||
user = User.get_by_email(email)
|
||||
|
||||
if not user:
|
||||
# User doesn't exist
|
||||
|
|
|
|||
|
|
@ -6,7 +6,11 @@ from realms.lib.test import BaseTest
|
|||
|
||||
|
||||
class WikiBaseTest(BaseTest):
|
||||
def write_page(self, name, message=None, content=None):
|
||||
def update_page(self, name, message=None, content=None):
|
||||
return self.client.post(url_for('wiki.page_write', name=name),
|
||||
data=dict(message=message, content=content))
|
||||
|
||||
def create_page(self, name, message=None, content=None):
|
||||
return self.client.post(url_for('wiki.page_write', name=name),
|
||||
data=dict(message=message, content=content))
|
||||
|
||||
|
|
@ -22,7 +26,7 @@ class UtilTest(WikiBaseTest):
|
|||
class WikiTest(WikiBaseTest):
|
||||
def test_routes(self):
|
||||
self.assert_200(self.client.get(url_for("wiki.create")))
|
||||
self.write_page('test', message='test message', content='testing')
|
||||
self.create_page('test', message='test message', content='testing')
|
||||
|
||||
for route in ['page', 'edit', 'history']:
|
||||
rv = self.client.get(url_for("wiki.%s" % route, name='test'))
|
||||
|
|
@ -31,7 +35,7 @@ class WikiTest(WikiBaseTest):
|
|||
self.assert_200(self.client.get(url_for('wiki.index')))
|
||||
|
||||
def test_write_page(self):
|
||||
self.assert_200(self.write_page('test', message='test message', content='testing'))
|
||||
self.assert_200(self.create_page('test', message='test message', content='testing'))
|
||||
|
||||
rv = self.client.get(url_for('wiki.page', name='test'))
|
||||
self.assert_200(rv)
|
||||
|
|
@ -54,8 +58,8 @@ class WikiTest(WikiBaseTest):
|
|||
self.assert_status(rv, 302)
|
||||
|
||||
def test_revert(self):
|
||||
rv1 = self.write_page('test', message='test message', content='testing_old')
|
||||
self.write_page('test', message='test message', content='testing_new')
|
||||
rv1 = self.create_page('test', message='test message', content='testing_old')
|
||||
self.update_page('test', message='test message', content='testing_new')
|
||||
data = json.loads(rv1.data)
|
||||
self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha']))
|
||||
self.client.get(url_for('wiki.page', name='test'))
|
||||
|
|
@ -66,6 +70,14 @@ class WikiTest(WikiBaseTest):
|
|||
self.assert_403(self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha'])))
|
||||
self.app.config['WIKI_LOCKED_PAGES'] = []
|
||||
|
||||
def test_anon(self):
|
||||
rv1 = self.create_page('test', message='test message', content='testing_old')
|
||||
self.update_page('test', message='test message', content='testing_new')
|
||||
data = json.loads(rv1.data)
|
||||
self.app.config['ALLOW_ANON'] = False
|
||||
self.assert_403(self.update_page('test', message='test message', content='testing_again'))
|
||||
self.assert_403(self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha'])))
|
||||
|
||||
|
||||
class RelativePathTest(WikiTest):
|
||||
def configure(self):
|
||||
|
|
|
|||
|
|
@ -32,6 +32,9 @@ def revert():
|
|||
commit = request.form.get('commit')
|
||||
message = request.form.get('message', "Reverting %s" % cname)
|
||||
|
||||
if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous:
|
||||
return dict(error=True, message="Anonymous posting not allowed"), 403
|
||||
|
||||
if cname in current_app.config.get('WIKI_LOCKED_PAGES'):
|
||||
return dict(error=True, message="Page is locked"), 403
|
||||
|
||||
|
|
@ -104,6 +107,9 @@ def page_write(name):
|
|||
if not cname:
|
||||
return dict(error=True, message="Invalid name")
|
||||
|
||||
if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous:
|
||||
return dict(error=True, message="Anonymous posting not allowed"), 403
|
||||
|
||||
if request.method == 'POST':
|
||||
# Create
|
||||
if cname in current_app.config.get('WIKI_LOCKED_PAGES'):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue