diff --git a/kallithea/tests/functional/test_my_account.py b/kallithea/tests/functional/test_my_account.py --- a/kallithea/tests/functional/test_my_account.py +++ b/kallithea/tests/functional/test_my_account.py @@ -1,13 +1,14 @@ # -*- coding: utf-8 -*- -from kallithea.model.db import User, UserFollowing, Repository, UserApiKeys +from tg.util.webtest import test_context + +from kallithea.lib import helpers as h +from kallithea.model.db import Repository, User, UserApiKeys, UserFollowing, UserSshKeys +from kallithea.model.meta import Session +from kallithea.model.user import UserModel from kallithea.tests.base import * from kallithea.tests.fixture import Fixture -from kallithea.lib import helpers as h -from kallithea.model.user import UserModel -from kallithea.model.meta import Session -from tg.util.webtest import test_context fixture = Fixture() @@ -54,7 +55,7 @@ class TestMyAccountController(TestContro response = self.app.get(url('my_account_emails')) response.mustcontain('No additional emails specified') response = self.app.post(url('my_account_emails'), - {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()}) + {'new_email': TEST_USER_REGULAR_EMAIL, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'This email address is already in use') def test_my_account_my_emails_add_missing_email_in_form(self): @@ -62,7 +63,7 @@ class TestMyAccountController(TestContro response = self.app.get(url('my_account_emails')) response.mustcontain('No additional emails specified') response = self.app.post(url('my_account_emails'), - {'_authentication_token': self.authentication_token()}) + {'_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'Please enter an email address') def test_my_account_my_emails_add_remove(self): @@ -71,7 +72,7 @@ class TestMyAccountController(TestContro response.mustcontain('No additional emails specified') response = self.app.post(url('my_account_emails'), - {'new_email': 'barz@example.com', '_authentication_token': self.authentication_token()}) + {'new_email': 'barz@example.com', '_session_csrf_secret_token': self.session_csrf_secret_token()}) response = self.app.get(url('my_account_emails')) @@ -84,7 +85,7 @@ class TestMyAccountController(TestContro response.mustcontain('' % email_id) response = self.app.post(url('my_account_emails_delete'), - {'del_email_id': email_id, '_authentication_token': self.authentication_token()}) + {'del_email_id': email_id, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'Removed email from user') response = self.app.get(url('my_account_emails')) response.mustcontain('No additional emails specified') @@ -119,7 +120,7 @@ class TestMyAccountController(TestContro params.update({'new_password': ''}) params.update({'extern_type': 'internal'}) params.update({'extern_name': self.test_user_1}) - params.update({'_authentication_token': self.authentication_token()}) + params.update({'_session_csrf_secret_token': self.session_csrf_secret_token()}) params.update(attrs) response = self.app.post(url('my_account'), params) @@ -148,7 +149,7 @@ class TestMyAccountController(TestContro # my account cannot make you an admin ! params['admin'] = False - params.pop('_authentication_token') + params.pop('_session_csrf_secret_token') assert params == updated_params def test_my_account_update_err_email_exists(self): @@ -163,7 +164,7 @@ class TestMyAccountController(TestContro firstname=u'NewName', lastname=u'NewLastname', email=new_email, - _authentication_token=self.authentication_token()) + _session_csrf_secret_token=self.session_csrf_secret_token()) ) response.mustcontain('This email address is already in use') @@ -180,7 +181,7 @@ class TestMyAccountController(TestContro firstname=u'NewName', lastname=u'NewLastname', email=new_email, - _authentication_token=self.authentication_token())) + _session_csrf_secret_token=self.session_csrf_secret_token())) response.mustcontain('An email address must contain a single @') from kallithea.model import validators @@ -206,7 +207,7 @@ class TestMyAccountController(TestContro usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS) user = User.get(usr['user_id']) response = self.app.post(url('my_account_api_keys'), - {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) + {'description': desc, 'lifetime': lifetime, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'API key successfully created') try: response = response.follow() @@ -222,7 +223,7 @@ class TestMyAccountController(TestContro usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS) user = User.get(usr['user_id']) response = self.app.post(url('my_account_api_keys'), - {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) + {'description': 'desc', 'lifetime': -1, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'API key successfully created') response = response.follow() @@ -231,7 +232,7 @@ class TestMyAccountController(TestContro assert 1 == len(keys) response = self.app.post(url('my_account_api_keys_delete'), - {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) + {'del_api_key': keys[0].api_key, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'API key successfully deleted') keys = UserApiKeys.query().all() assert 0 == len(keys) @@ -245,7 +246,51 @@ class TestMyAccountController(TestContro response.mustcontain('Expires: Never') response = self.app.post(url('my_account_api_keys_delete'), - {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) + {'del_api_key_builtin': api_key, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'API key successfully reset') response = response.follow() response.mustcontain(no=[api_key]) + + def test_my_account_add_ssh_key(self): + description = u'something' + public_key = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ== me@localhost' + fingerprint = u'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8' + + self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS) + response = self.app.post(url('my_account_ssh_keys'), + {'description': description, + 'public_key': public_key, + '_session_csrf_secret_token': self.session_csrf_secret_token()}) + self.checkSessionFlash(response, 'SSH key %s successfully added' % fingerprint) + + response = response.follow() + response.mustcontain(fingerprint) + user_id = response.session['authuser']['user_id'] + ssh_key = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).one() + assert ssh_key.fingerprint == fingerprint + assert ssh_key.description == description + Session().delete(ssh_key) + Session().commit() + + def test_my_account_remove_ssh_key(self): + description = u'' + public_key = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ== me@localhost' + fingerprint = u'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8' + + self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS) + response = self.app.post(url('my_account_ssh_keys'), + {'description': description, + 'public_key': public_key, + '_session_csrf_secret_token': self.session_csrf_secret_token()}) + self.checkSessionFlash(response, 'SSH key %s successfully added' % fingerprint) + response.follow() + user_id = response.session['authuser']['user_id'] + ssh_key = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).one() + assert ssh_key.description == u'me@localhost' + + response = self.app.post(url('my_account_ssh_keys_delete'), + {'del_public_key': ssh_key.public_key, + '_session_csrf_secret_token': self.session_csrf_secret_token()}) + self.checkSessionFlash(response, 'SSH key successfully deleted') + keys = UserSshKeys.query().all() + assert 0 == len(keys)