# CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares)
app = authkit.authorize.middleware(app, BlueChipUser())
- app = DummyAuthenticate(app, app_conf)
# Routing/Session/Cache Middleware
app = RoutesMiddleware(app, config['routes.map'])
static_app = StaticURLParser(config['pylons.paths']['static_files'])
app = Cascade([static_app, app])
app = AuthBasicHandler(app, 'BlueChips', authenticate)
+ app = DummyAuthenticate(app, app_conf)
return app
u1 = bluechips.model.User(u'root', u'Charlie Root', True)
u1.email = u'charlie@example.com'
+ u1.password = u'charliepass'
u2 = bluechips.model.User(u'ben', u'Ben Bitdiddle', True)
u3 = bluechips.model.User(u'gotta', u'Gotta Lisp', True)
u4 = bluechips.model.User(u'rich', u'Rich Scheme', True)
assert shares[4] == Currency('12.34')
- def test_edit(self):
+ def test_edit_and_delete(self):
user = meta.Session.query(model.User).\
filter_by(name=u'Charlie Root').one()
e = model.Expenditure(user, 53812, u'Lemon bundt cake', None)
order_by(model.Expenditure.id.desc()).first()
assert e.description == u'Updated bundt cake'
+ response = self.app.get(url_for(controller='spend',
+ action='delete',
+ id=e.id))
+ response = response.form.submit('delete').follow()
+ response.mustcontain('Expenditure', 'deleted')
+
+ def test_delete_nonexistent(self):
+ self.app.get(url_for(controller='spend',
+ action='delete',
+ id=124344),
+ status=404)
+
+ def test_destroy_nonexistent(self):
+ response = self.app.get(url_for(controller='spend',
+ action='edit'))
+ params = self.sample_params.copy()
+ params[token_key] = response.form[token_key].value
+ self.app.post(url_for(controller='spend',
+ action='destroy',
+ id=124344),
+ params=params,
+ status=404)
+
+ def test_delete_xsrf_protection(self):
+ self.app.post(url_for(controller='spend',
+ action='destroy',
+ id=1),
+ params={'delete': 'Delete'},
+ status=403)
+
def test_edit_zero_value(self):
user = meta.Session.query(model.User).\
filter_by(name=u'Charlie Root').one()
def test_update_nonexistent(self):
response = self.app.get(url_for(controller='spend',
action='edit'))
- params = self.sample_post.copy()
+ params = self.sample_params.copy()
params[token_key] = response.form[token_key].value
self.app.post(url_for(controller='spend',
action='update',
def test_xsrf_protection(self):
self.app.post(url_for(controller='spend',
action='update'),
- params=self.sample_post,
+ params=self.sample_params,
status=403)
def test_all_zero_shares_fails(self):
- params = self.sample_post.copy()
+ params = self.sample_params.copy()
for ii in range(4):
params['shares-%d.amount' % ii] = '0'
v = ExpenditureSchema()
pass
def setUp(self):
- self.sample_post = {
+ self.sample_params = {
'spender_id': '1',
'amount': '44.12',
'date': '10/5/2008',
assert t.date == today
assert t.description == u'A test transfer from Rich to Ben'
- def test_edit(self):
+ def test_edit_and_delete(self):
user_rich = meta.Session.query(model.User).\
filter_by(name=u'Rich Scheme').one()
user_ben = meta.Session.query(model.User).\
order_by(model.Transfer.id.desc()).first()
assert t.description == u'A new description'
+ response = self.app.get(url_for(controller='transfer',
+ action='delete',
+ id=t.id))
+ response = response.form.submit('delete').follow()
+ response.mustcontain('Transfer', 'deleted')
+
def test_edit_nonexistent(self):
response = self.app.get(url_for(controller='transfer',
action='edit',
assert (dict(response.headers)['location'] ==
url_for(controller='transfer', action='edit', qualified=True))
+ def test_delete_nonexistent(self):
+ self.app.get(url_for(controller='transfer',
+ action='delete',
+ id=124244),
+ status=404)
+
+ def test_destroy_nonexistent(self):
+ response = self.app.get(url_for(controller='transfer',
+ action='edit'))
+ params = self.sample_params.copy()
+ params[token_key] = response.form[token_key].value
+ self.app.post(url_for(controller='transfer',
+ action='destroy',
+ id=124344),
+ params=params,
+ status=404)
+
+ def test_delete_xsrf_protection(self):
+ self.app.post(url_for(controller='transfer',
+ action='destroy',
+ id=1),
+ params={'delete': 'Delete'},
+ status=403)
+
def setUp(self):
self.sample_params = {
'debtor_id': '1',
--- /dev/null
+from unittest import TestCase
+from bluechips.lib import permissions
+
+class TestReorderingSettle(TestCase):
+ def test_authenticate(self):
+ assert permissions.authenticate({}, u'root', u'charliepass')
+ assert not permissions.authenticate({}, u'root', u'blah')
+ assert not permissions.authenticate({}, u'blah', u'charliepass')
+ assert not permissions.authenticate({}, u'blah', u'blah')