Skip to content

Commit

Permalink
Merge pull request fedora-infra#2193 from bowlofeggs/tests-bodhi.serv…
Browse files Browse the repository at this point in the history 
…er.validators

Tests bodhi.server.validators
  • Loading branch information
@bowlofeggs
bowlofeggs authored Mar 9, 2018
2 parents 8ff3c7e + 4e335ff commit fc85ce7
Show file tree
Hide file tree
Showing 2 changed files with 154 additions and 6 deletions.
8 changes: 3 additions & 5 deletions bodhi/server/validators.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
# Copyright © 2007-2017 Red Hat, Inc. and others.
# Copyright © 2007-2018 Red Hat, Inc. and others.
#
# This file is part of Bodhi.
#
Expand Down Expand Up @@ -437,8 +437,6 @@ def validate_acls(request, **kwargs):
# with a pre-stored Build obj.
package = build.package
release = build.update.release
else:
raise NotImplementedError() # Should never get here.

# Now that we know the release and the package associated with this
# build, we can ask our ACL system about it..
Expand Down Expand Up @@ -1162,14 +1160,14 @@ def validate_captcha(request, **kwargs):
return

if 'captcha' not in request.session:
request.errors.add('session', 'captcha',
request.errors.add('cookies', 'captcha',
'Captcha cipher not in the session (replay).')
request.errors.status = HTTPBadRequest.code
return

if request.session['captcha'] != key:
request.errors.add(
'session', 'captcha', 'No captcha session cipher match (replay). %r %r' % (
'cookies', 'captcha', 'No captcha session cipher match (replay). %r %r' % (
request.session['captcha'], key))
request.errors.status = HTTPBadRequest.code
return
Expand Down
152 changes: 151 additions & 1 deletion bodhi/tests/server/test_validators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@

import mock
from cornice.errors import Errors
from pyramid import exceptions

from bodhi.server import validators
from bodhi.tests.server.base import BaseTestCase
from bodhi.server import models
from bodhi.server import captcha, models


class TestValidateCSRFToken(BaseTestCase):
Expand Down Expand Up @@ -239,3 +240,152 @@ def test_validate_acls_invalid_acl_system(self):
'description': 'guest does not have commit access to bodhi'
}]
assert mock_request.errors == error, mock_request.errors


class TestValidateCaptcha(BaseTestCase):
"""Test the validate_captcha() function."""

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_authenticated_user(self):
"""An authenticated user should not have to solve a captcha."""
request = mock.Mock()
request.errors = Errors()
request.errors.status = None
request.user = models.User.query.first()
request.validated = {}

validators.validate_captcha(request)

self.assertEqual(request.errors, [])
self.assertEqual(request.errors.status, None)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_captcha_does_not_match_key(self):
"""Assert an error when the captcha in the session does not match the key."""
request = mock.Mock()
request.errors = Errors()
request.session = {'captcha': 'some_other_key'}
request.user = None
request.validated = {'captcha_key': 'some_key', 'captcha_value': 'some_value'}

validators.validate_captcha(request)

self.assertEqual(
request.errors,
[{'location': 'cookies', 'name': 'captcha',
'description': ("No captcha session cipher match (replay). 'some_other_key' "
"'some_key'")}])
self.assertEqual(request.errors.status, exceptions.HTTPBadRequest.code)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_captcha_validate_fail(self):
"""Assert an error when the captcha fails validation."""
request = mock.Mock()
request.errors = Errors()
request.errors.status = None
request.registry.settings = validators.config
request.user = None
# We'll cheat since we know the captcha.secret and figure out the solution.
plainkey, value = captcha.math_generator(None, validators.config)
cipherkey = captcha.encrypt(plainkey, validators.config)
request.session = {'captcha': cipherkey}
# By adding a 0 onto the end of the value, we are wrong by 100!
request.validated = {'captcha_key': cipherkey, 'captcha_value': value + '0'}

validators.validate_captcha(request)

self.assertEqual(
request.errors,
[{'location': 'body', 'name': 'captcha_value',
'description': 'Incorrect response to the captcha.'}])
self.assertEqual(request.errors.status, exceptions.HTTPBadRequest.code)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_captcha_validate_success(self):
"""Assert an error when the captcha fails validation."""
request = mock.Mock()
request.errors = Errors()
request.errors.status = None
request.registry.settings = validators.config
request.user = None
# We'll cheat since we know the captcha.secret and figure out the solution.
plainkey, value = captcha.math_generator(None, validators.config)
cipherkey = captcha.encrypt(plainkey, validators.config)
request.session = {'captcha': cipherkey}
request.validated = {'captcha_key': cipherkey, 'captcha_value': value}

validators.validate_captcha(request)

self.assertEqual(request.errors, [])
self.assertEqual(request.errors.status, None)
self.assertTrue('captcha' not in request.session)

@mock.patch.dict('bodhi.server.validators.config', {'captcha.secret': ''})
def test_captcha_not_configured(self):
"""Assert that no errors are noted if captcha is not configured."""
request = mock.Mock()
request.errors = Errors()
request.errors.status = None
request.user = None
request.validated = {}

validators.validate_captcha(request)

self.assertEqual(request.errors, [])
self.assertEqual(request.errors.status, None)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_captcha_not_in_session(self):
"""Assert an error when the captcha isn't in the session."""
request = mock.Mock()
request.errors = Errors()
request.session = {}
request.user = None
request.validated = {'captcha_key': 'some_key', 'captcha_value': 'some_value'}

validators.validate_captcha(request)

self.assertEqual(
request.errors,
[{'location': 'cookies', 'name': 'captcha',
'description': 'Captcha cipher not in the session (replay).'}])
self.assertEqual(request.errors.status, exceptions.HTTPBadRequest.code)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_no_key(self):
"""Assert that an error is added to the request if the captcha key is missing."""
request = mock.Mock()
request.errors = Errors()
request.user = None
request.validated = {}

validators.validate_captcha(request)

self.assertEqual(
request.errors,
[{'location': 'body', 'name': 'captcha_key',
'description': 'You must provide a captcha_key.'}])
self.assertEqual(request.errors.status, exceptions.HTTPBadRequest.code)

@mock.patch.dict('bodhi.server.validators.config',
{'captcha.secret': '_fnIOv2bxXaz4FLECjUikl46VFn6HuJYzXjx_43XC1I='})
def test_no_value(self):
"""Assert that an error is added to the request if the captcha value is missing."""
request = mock.Mock()
request.errors = Errors()
request.user = None
request.validated = {'captcha_key': 'some_key'}

validators.validate_captcha(request)

self.assertEqual(
request.errors,
[{'location': 'body', 'name': 'captcha_value',
'description': 'You must provide a captcha_value.'}])
self.assertEqual(request.errors.status, exceptions.HTTPBadRequest.code)

0 comments on commit fc85ce7

Please sign in to comment.