class TestUserController(TestController):
- def test_index(self):
- response = self.app.get(url_for(controller='user'))
+ def test_email(self):
+ response = self.app.get(url_for(controller='user', action='email'))
# Test response...
response.mustcontain('Email Notifications', 'User Settings')
form = response.form
assert user.email == 'test@example.com'
def test_clear_email(self):
- response = self.app.get(url_for(controller='user'))
+ response = self.app.get(url_for(controller='user', action='email'))
form = response.form
form['new_email'] = ''
response = form.submit().follow()
filter_by(username=unicode(config['fake_username'])).one()
assert user.email == None
-
+ def test_xsrf_protection(self):
+ self.app.post(url_for(controller='user',
+ action='update'),
+ {'new_email': 'malicious@example.com'},
+ status=403)