added XSRF protection to all forms and associated tests

[bluechips.git] / bluechips / tests / functional / test_user.py

diff --git a/bluechips/tests/functional/test_user.py b/bluechips/tests/functional/test_user.py
index b5c91364ec6c4c36169dd426a2a0439760788663..c27983b97457ee6077f2788a63b9593a70439b47 100644 (file)
--- a/bluechips/tests/functional/test_user.py
+++ b/bluechips/tests/functional/test_user.py
@@ -30,4 +30,8 @@ class TestUserController(TestController):
                 filter_by(username=unicode(config['fake_username'])).one()
         assert user.email == None
 
-
+    def test_xsrf_protection(self):
+        self.app.post(url_for(controller='user',
+                              action='update'),
+                      {'new_email': 'malicious@example.com'},
+                      status=403)