732 lines
27 KiB
Python
732 lines
27 KiB
Python
import pytest
|
|
import hashlib
|
|
|
|
from wcs.qommon.ident.password_accounts import PasswordAccount
|
|
from wcs.formdef import FormDef
|
|
from wcs.workflows import Workflow, EditableWorkflowStatusItem
|
|
from wcs.wf.jump import JumpWorkflowStatusItem
|
|
from wcs.categories import Category
|
|
from wcs.roles import Role, logged_users_role
|
|
from wcs.tracking_code import TrackingCode
|
|
from wcs import fields
|
|
from wcs.sessions import BasicSession
|
|
|
|
from utilities import get_app, login, create_temporary_pub, clean_temporary_pub, emails
|
|
|
|
def pytest_generate_tests(metafunc):
|
|
if 'pub' in metafunc.fixturenames:
|
|
metafunc.parametrize('pub', ['pickle', 'sql'], indirect=True)
|
|
|
|
@pytest.fixture
|
|
def pub(request):
|
|
pub = create_temporary_pub(sql_mode=(request.param == 'sql'))
|
|
pub.cfg['identification'] = {'methods': ['password']}
|
|
pub.cfg['misc'] = {'charset': 'utf-8'}
|
|
pub.write_cfg()
|
|
|
|
if Category.count() == 0:
|
|
cat = Category(name='foobar')
|
|
cat.store()
|
|
|
|
return pub
|
|
|
|
|
|
def teardown_module(module):
|
|
clean_temporary_pub()
|
|
|
|
|
|
def create_formdef():
|
|
FormDef.wipe()
|
|
formdef = FormDef()
|
|
formdef.name = 'test'
|
|
formdef.fields = []
|
|
formdef.store()
|
|
return formdef
|
|
|
|
def create_user(pub):
|
|
pub.user_class.wipe()
|
|
PasswordAccount.wipe()
|
|
|
|
user = pub.user_class()
|
|
user.email = 'foo@localhost'
|
|
user.store()
|
|
account = PasswordAccount(id='foo')
|
|
account.set_password('foo')
|
|
account.user_id = user.id
|
|
account.store()
|
|
return user
|
|
|
|
def test_home(pub):
|
|
create_formdef()
|
|
home = get_app(pub).get('/')
|
|
assert 'category-misc' in home.body
|
|
assert '<a class="" href="test/">test</a>' in home.body
|
|
|
|
def test_home_category(pub):
|
|
formdef = create_formdef()
|
|
formdef.category_id = 1
|
|
formdef.store()
|
|
home = get_app(pub).get('/')
|
|
assert 'category-foobar' in home.body
|
|
assert not 'category-misc' in home.body
|
|
assert '<a class="" href="foobar/test/">test</a>' in home.body
|
|
|
|
def test_home_disabled(pub):
|
|
formdef = create_formdef()
|
|
formdef.disabled = True
|
|
formdef.store()
|
|
home = get_app(pub).get('/')
|
|
assert not '<a href="test/">test</a>' in home.body
|
|
|
|
def test_home_inaccessible(pub):
|
|
formdef = create_formdef()
|
|
formdef.roles = ['xxx']
|
|
formdef.store()
|
|
home = get_app(pub).get('/')
|
|
assert home.status_int == 302
|
|
assert home.location == 'http://example.net/login'
|
|
|
|
def test_home_always_advertise(pub):
|
|
formdef = create_formdef()
|
|
formdef.roles = ['xxx']
|
|
formdef.always_advertise = True
|
|
formdef.store()
|
|
home = get_app(pub).get('/')
|
|
assert '<a href="test/">test</a>' in home.body
|
|
assert '<a href="test/">test</a><span> (authentication required)</span>' in home.body
|
|
|
|
def test_form_access(pub):
|
|
formdef = create_formdef()
|
|
get_app(pub).get('/test/', status=200)
|
|
|
|
Role.wipe()
|
|
role = Role(name='xxx')
|
|
role.store()
|
|
|
|
# check a formdef protected by a role cannot be accessed
|
|
formdef.roles = [role.id]
|
|
formdef.store()
|
|
# an unlogged user will ge ta redirect to login
|
|
resp = get_app(pub).get('/test/', status=302)
|
|
assert '/login' in resp.location
|
|
|
|
# while a logged-in user will get a 403
|
|
user = create_user(pub)
|
|
login(get_app(pub), username='foo', password='foo').get('/test/', status=403)
|
|
|
|
# unless the user has the right role
|
|
user = create_user(pub)
|
|
user.roles = [role.id]
|
|
user.store()
|
|
login(get_app(pub), username='foo', password='foo').get('/test/', status=200)
|
|
|
|
# check admin has access, even without specific roles
|
|
user = create_user(pub)
|
|
user.roles = []
|
|
user.is_admin = True
|
|
user.store()
|
|
login(get_app(pub), username='foo', password='foo').get('/test/', status=200)
|
|
|
|
# check special "logged users" role
|
|
formdef.roles = [logged_users_role()]
|
|
formdef.store()
|
|
user = create_user(pub)
|
|
login(get_app(pub), username='foo', password='foo').get('/test/', status=403)
|
|
resp = get_app(pub).get('/test/', status=302) # redirect to login
|
|
|
|
# check "receiver" can also access the formdef
|
|
formdef = create_formdef()
|
|
formdef.roles = [-2]
|
|
formdef.workflow_roles = {'_receiver': role.id}
|
|
formdef.store()
|
|
user = create_user(pub)
|
|
user.roles = [role.id]
|
|
user.store()
|
|
login(get_app(pub), username='foo', password='foo').get('/test/', status=200)
|
|
|
|
def test_form_submit(pub):
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
page = get_app(pub).get('/test/')
|
|
next_page = page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
|
|
def test_form_submit_no_confirmation(pub):
|
|
formdef = create_formdef()
|
|
formdef.confirmation = False
|
|
formdef.store()
|
|
page = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
next_page = page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
|
|
def test_form_string_field_submit(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.store()
|
|
page = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
next_page = page.forms[0].submit('submit') # but the field is required
|
|
assert '<div class="error">required field</div>' in next_page.body
|
|
next_page.forms[0]['f0'] = 'foobar'
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
data_id = formdef.data_class().select()[0].id
|
|
data = formdef.data_class().get(data_id)
|
|
assert data.data == {'0': 'foobar'}
|
|
|
|
def test_form_multi_page(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
|
|
fields.StringField(id='1', label='string'),
|
|
fields.PageField(id='2', label='2nd page', type='page'),
|
|
fields.StringField(id='3', label='string 2')]
|
|
formdef.store()
|
|
page = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
page.forms[0]['f1'] = 'foo'
|
|
assert page.forms[0].fields['submit'][0].value_if_submitted() == 'Next'
|
|
next_page = page.forms[0].submit('submit')
|
|
assert next_page.forms[0]['previous']
|
|
next_page.forms[0]['f3'] = 'bar'
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
data_id = formdef.data_class().select()[0].id
|
|
data = formdef.data_class().get(data_id)
|
|
assert data.data == {'1': 'foo', '3': 'bar'}
|
|
|
|
def test_form_multi_page_condition(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
|
|
fields.StringField(id='1', label='string'),
|
|
fields.PageField(id='2', label='2nd page', type='page', condition='False'),
|
|
fields.StringField(id='3', label='string 2')]
|
|
formdef.store()
|
|
resp = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
resp.forms[0]['f1'] = 'foo'
|
|
resp = resp.forms[0].submit('submit') # should go straight to validation
|
|
assert 'Check values then click submit.' in resp.body
|
|
assert resp.forms[0]['previous']
|
|
resp = resp.forms[0].submit('previous')
|
|
assert resp.forms[0]['f1']
|
|
|
|
def test_form_multi_page_condition_select(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
|
|
fields.ItemField(id='1', label='select', type='item',
|
|
required=True,
|
|
varname='foo', items=['Foo', 'Bar']),
|
|
fields.PageField(id='2', label='2nd page', type='page',
|
|
condition='var_foo == "Foo"'),
|
|
fields.PageField(id='3', label='3rd page', type='page',
|
|
condition='var_foo == "Bar"'),
|
|
fields.StringField(id='3', label='string 2')]
|
|
formdef.store()
|
|
formdef.data_class().wipe()
|
|
resp = get_app(pub).get('/test/')
|
|
assert not '2nd page' in resp.body
|
|
assert not '3rd page' in resp.body
|
|
resp.forms[0]['f1'] = 'Foo'
|
|
resp = resp.forms[0].submit('submit')
|
|
assert '2nd page' in resp.body
|
|
assert not '3rd page' in resp.body
|
|
assert '<li class="current"><span>2nd page</span>' in resp.body
|
|
|
|
resp = get_app(pub).get('/test/')
|
|
resp.forms[0]['f1'] = 'Bar'
|
|
resp = resp.forms[0].submit('submit')
|
|
assert not '2nd page' in resp.body
|
|
assert '3rd page' in resp.body
|
|
assert '<li class="current"><span>3rd page</span>' in resp.body
|
|
|
|
def test_form_submit_with_user(pub):
|
|
create_user(pub)
|
|
formdef = create_formdef()
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
formdef.data_class().wipe()
|
|
next_page = page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
# check the user received a copy by email
|
|
assert emails.emails.get('New form (test)')
|
|
assert emails.emails.get('New form (test)')['email_rcpt'] == ['foo@localhost']
|
|
|
|
def test_form_visit_existing(pub):
|
|
user = create_user(pub)
|
|
formdef = create_formdef()
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
formdef.data_class().wipe()
|
|
|
|
formdata = formdef.data_class()()
|
|
formdata.store()
|
|
|
|
formdata_user = formdef.data_class()()
|
|
formdata_user.user_id = user.id
|
|
formdata_user.store()
|
|
|
|
resp = get_app(pub).get('/test/%s/' % formdata.id)
|
|
assert resp.location == 'http://example.net/login'
|
|
|
|
resp = get_app(pub).get('/test/%s/' % formdata_user.id)
|
|
assert resp.location == 'http://example.net/login'
|
|
|
|
resp = login(get_app(pub), username='foo', password='foo').get('/test/%s/' % formdata_user.id)
|
|
assert 'The form has been recorded on' in resp
|
|
|
|
def test_form_auth(pub):
|
|
create_user(pub)
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
resp = get_app(pub).get('/test/auth')
|
|
assert resp.location == 'http://example.net/login/?ReturnUrl=http%3A//example.net/test/'
|
|
|
|
resp = login(get_app(pub), username='foo', password='foo').get('/test/auth')
|
|
assert resp.location == 'http://example.net/test/'
|
|
|
|
def test_form_tryauth(pub):
|
|
create_user(pub)
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
resp = get_app(pub).get('/test/tryauth')
|
|
assert resp.location == 'http://example.net/test/'
|
|
|
|
app = login(get_app(pub), username='foo', password='foo')
|
|
pub.cfg['identification'] = {'methods': ['idp']}
|
|
pub.write_cfg()
|
|
# if the user is logged in, the form should be presented
|
|
resp = app.get('/test/tryauth')
|
|
assert resp.location == 'http://example.net/test/'
|
|
|
|
# if the user is unlogged, there should be a passive redirection to SSO
|
|
resp = get_app(pub).get('/test/tryauth')
|
|
assert 'IsPassive=true' in resp.location
|
|
|
|
pub.cfg['identification'] = {'methods': ['password']}
|
|
pub.write_cfg()
|
|
|
|
def test_form_no_tracking_code(pub):
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.enable_tracking_codes = False
|
|
formdef.store()
|
|
resp = get_app(pub).get('/test/')
|
|
assert not '<h3>Tracking code</h3>' in resp.body
|
|
|
|
def test_form_tracking_code(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.enable_tracking_codes = True
|
|
formdef.store()
|
|
resp = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
assert '<h3>Tracking code</h3>' in resp.body
|
|
resp.forms[0]['f0'] = 'foobar'
|
|
resp = resp.forms[0].submit('submit')
|
|
tracking_code = None
|
|
for a_tag in resp.html.findAll('a'):
|
|
if 'code/' in a_tag['href']:
|
|
tracking_code = a_tag.text
|
|
break
|
|
assert tracking_code is not None
|
|
|
|
assert formdef.data_class().count() == 1
|
|
assert formdef.data_class().select()[0].is_draft()
|
|
assert formdef.data_class().select()[0].tracking_code == tracking_code
|
|
assert formdef.data_class().select()[0].data['0'] == 'foobar'
|
|
formdata_id = formdef.data_class().select()[0].id
|
|
|
|
# check we can load the formdata as a draft
|
|
resp = get_app(pub).get('/')
|
|
resp.forms[0]['code'] = tracking_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
|
resp = resp.follow()
|
|
assert resp.location.startswith('http://example.net/test/?mt=')
|
|
resp = resp.follow()
|
|
resp = resp.forms[0].submit('previous')
|
|
assert resp.forms[0]['f0'].value == 'foobar'
|
|
|
|
# check submitted form keeps the tracking code
|
|
resp.forms[0]['f0'] = 'barfoo'
|
|
resp = resp.forms[0].submit('submit') # -> confirmation page
|
|
resp = resp.forms[0].submit('submit') # -> done
|
|
resp = resp.follow()
|
|
assert 'barfoo' in resp.body
|
|
assert formdef.data_class().count() == 1 # check the draft one has been removed
|
|
assert formdef.data_class().select()[0].tracking_code == tracking_code
|
|
assert formdef.data_class().select()[0].status == 'wf-new'
|
|
assert formdef.data_class().select()[0].data['0'] == 'barfoo'
|
|
formdata_id = formdef.data_class().select()[0].id
|
|
|
|
# check we can still go back to it
|
|
app = get_app(pub)
|
|
resp = app.get('/')
|
|
resp.forms[0]['code'] = tracking_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
|
resp = resp.follow()
|
|
resp = resp.follow()
|
|
assert 'form_comment' in resp.body # makes sure user is treated as submitter
|
|
resp.forms[0]['comment'] = 'hello world'
|
|
session_id = app.cookies.values()[0].strip('"')
|
|
session = BasicSession.get(session_id)
|
|
resp.forms[0]['captcha$q'] = session.get_captcha_token(resp.forms[0]['captcha$token'].value)['answer']
|
|
resp = resp.forms[0].submit()
|
|
assert formdef.data_class().get(formdata_id).evolution[-1].comment == 'hello world'
|
|
|
|
|
|
def test_form_tracking_code_as_user(pub):
|
|
user = create_user(pub)
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.enable_tracking_codes = True
|
|
formdef.store()
|
|
|
|
resp = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
formdef.data_class().wipe()
|
|
assert '<h3>Tracking code</h3>' in resp.body
|
|
resp.forms[0]['f0'] = 'foobar'
|
|
resp = resp.forms[0].submit('submit')
|
|
tracking_code = None
|
|
for a_tag in resp.html.findAll('a'):
|
|
if 'code/' in a_tag['href']:
|
|
tracking_code = a_tag.text
|
|
break
|
|
assert tracking_code is not None
|
|
|
|
assert formdef.data_class().count() == 1
|
|
assert formdef.data_class().select()[0].is_draft()
|
|
assert formdef.data_class().select()[0].tracking_code == tracking_code
|
|
assert formdef.data_class().select()[0].data['0'] == 'foobar'
|
|
formdata_id = formdef.data_class().select()[0].id
|
|
|
|
# check we can load the formdata as a draft
|
|
resp = login(get_app(pub), username='foo', password='foo').get('/')
|
|
resp.forms[0]['code'] = tracking_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
|
resp = resp.follow()
|
|
assert resp.location.startswith('http://example.net/test/?mt=')
|
|
resp = resp.follow()
|
|
resp = resp.forms[0].submit('previous')
|
|
assert resp.forms[0]['f0'].value == 'foobar'
|
|
|
|
# check submitted form keeps the tracking code
|
|
resp.forms[0]['f0'] = 'barfoo'
|
|
resp = resp.forms[0].submit('submit') # -> confirmation page
|
|
resp = resp.forms[0].submit('submit') # -> done
|
|
resp = resp.follow()
|
|
assert 'barfoo' in resp.body
|
|
assert formdef.data_class().count() == 1 # check the draft one has been removed
|
|
assert formdef.data_class().select()[0].tracking_code == tracking_code
|
|
assert str(formdef.data_class().select()[0].user_id) == str(user.id)
|
|
assert formdef.data_class().select()[0].status == 'wf-new'
|
|
assert formdef.data_class().select()[0].data['0'] == 'barfoo'
|
|
formdata_id = formdef.data_class().select()[0].id
|
|
|
|
# check we can still go back to it
|
|
resp = login(get_app(pub), username='foo', password='foo').get('/')
|
|
resp.forms[0]['code'] = tracking_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
|
resp = resp.follow()
|
|
resp = resp.follow()
|
|
assert 'form_comment' in resp.body # makes sure user is treated as submitter
|
|
resp.forms[0]['comment'] = 'hello world'
|
|
resp = resp.forms[0].submit()
|
|
assert formdef.data_class().get(formdata_id).evolution[-1].comment == 'hello world'
|
|
|
|
# and check we can also get back to it as anonymous
|
|
app = get_app(pub)
|
|
resp = app.get('/')
|
|
resp.forms[0]['code'] = tracking_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
|
resp = resp.follow()
|
|
resp = resp.follow()
|
|
assert 'form_comment' in resp.body # makes sure user is treated as submitter
|
|
|
|
|
|
def test_form_tracking_code_email(pub):
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.enable_tracking_codes = True
|
|
formdef.store()
|
|
|
|
formdata = formdef.data_class()()
|
|
formdata.data = {'0': 'foobar'}
|
|
formdata.tracking_code = 'ABCDEF'
|
|
formdata.store()
|
|
|
|
resp = get_app(pub).get('/test/code/ABCDEF/')
|
|
assert '<h2>Keep your tracking code</h2>' in resp.body
|
|
resp.forms[0]['email'] = 'foo@localhost'
|
|
resp = resp.forms[0].submit()
|
|
assert emails.emails.get('Tracking Code reminder')
|
|
assert 'ABCDEF' in emails.emails.values()[0]['payload']
|
|
assert resp.location == 'http://example.net/test/code/ABCDEF/load'
|
|
|
|
def test_form_invalid_tracking_code(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.StringField(id='0', label='string')]
|
|
formdef.enable_tracking_codes = True
|
|
formdef.store()
|
|
|
|
# create a secondary formdef, to always have the tracking code form
|
|
# displayed on homepage
|
|
formdef2 = FormDef()
|
|
formdef2.name = 'test2'
|
|
formdef2.fields = []
|
|
formdef2.enable_tracking_codes = True
|
|
formdef2.store()
|
|
|
|
resp = get_app(pub).get('/')
|
|
|
|
formdata = formdef.data_class()()
|
|
formdata.data = {'0': 'foobar'}
|
|
formdata.store()
|
|
|
|
# check we can go back to it
|
|
formdef.data_class().wipe()
|
|
|
|
code = pub.tracking_code_class()
|
|
code.formdata = formdata
|
|
code.store()
|
|
|
|
resp.forms[0]['code'] = code.id
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % code.id
|
|
resp = resp.follow()
|
|
assert resp.location == 'http://example.net/test/%s' % formdata.id
|
|
resp = resp.follow()
|
|
|
|
# check we get a not found error message on non-existent code
|
|
fake_code = TrackingCode().get_new_id()
|
|
resp = get_app(pub).get('/')
|
|
resp.forms[0]['code'] = fake_code
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % fake_code
|
|
resp = resp.follow(status=404)
|
|
|
|
# check we also get an error if tracking code access is disabled after the
|
|
# fact
|
|
formdef.enable_tracking_codes = False
|
|
formdef.store()
|
|
resp = get_app(pub).get('/')
|
|
resp.forms[0]['code'] = code.id
|
|
resp = resp.forms[0].submit()
|
|
assert resp.location == 'http://example.net/code/%s/load' % code.id
|
|
resp = resp.follow(status=404)
|
|
|
|
def form_password_field_submit(pub, password):
|
|
password = unicode(password).encode(pub.site_charset)
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PasswordField(id='0', label='password',
|
|
formats=['sha1', 'md5', 'cleartext'])]
|
|
formdef.store()
|
|
page = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
next_page = page.forms[0].submit('submit') # but the field is required
|
|
assert '<div class="error">required field</div>' in next_page.body
|
|
next_page.forms[0]['f0$pwd1'] = password
|
|
next_page.forms[0]['f0$pwd2'] = password
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
assert formdef.data_class().count() == 1
|
|
data_id = formdef.data_class().select()[0].id
|
|
data = formdef.data_class().get(data_id)
|
|
assert data.data == {'0': {
|
|
'sha1': hashlib.sha1(password).hexdigest(),
|
|
'md5': hashlib.md5(password).hexdigest(),
|
|
'cleartext': unicode(password, 'utf-8'),
|
|
}}
|
|
|
|
def test_form_password_field_submit(pub):
|
|
form_password_field_submit(pub, 'foobar')
|
|
form_password_field_submit(pub, u'foobar\u00eb')
|
|
|
|
def test_form_multi_page_formdef_count_condition(pub):
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
|
|
fields.StringField(id='1', label='string'),
|
|
fields.PageField(id='2', label='2nd page', type='page',
|
|
condition='form_objects.count > 0'),
|
|
fields.StringField(id='3', label='string 2')]
|
|
formdef.store()
|
|
|
|
resp = get_app(pub).get('/test/')
|
|
formdef.data_class().wipe()
|
|
resp.forms[0]['f1'] = 'foo'
|
|
resp = resp.forms[0].submit('submit') # should go straight to validation
|
|
assert 'Check values then click submit.' in resp.body
|
|
|
|
# add a formdata this will make the second page appear.
|
|
formdef.data_class()().store()
|
|
|
|
resp = get_app(pub).get('/test/')
|
|
resp.forms[0]['f1'] = 'foo'
|
|
resp = resp.forms[0].submit('submit') # should NOT go straight to validation
|
|
assert 'Check values then click submit.' not in resp.body
|
|
|
|
def test_form_multi_page_post_edit(pub):
|
|
user = create_user(pub)
|
|
|
|
formdef = create_formdef()
|
|
formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
|
|
fields.StringField(id='1', label='string'),
|
|
fields.PageField(id='2', label='2nd page', type='page'),
|
|
fields.StringField(id='3', label='string 2')]
|
|
formdef.store()
|
|
|
|
workflow = Workflow(name='test')
|
|
st1 = workflow.add_status('Status1', 'st1')
|
|
editable = EditableWorkflowStatusItem()
|
|
editable.id = '_editable'
|
|
editable.by = ['_submitter', '_receiver']
|
|
st1.items.append(editable)
|
|
editable.parent = st1
|
|
workflow.store()
|
|
|
|
formdef.workflow_id = workflow.id
|
|
formdef.store()
|
|
|
|
formdef.data_class().wipe()
|
|
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
page.forms[0]['f1'] = 'foo'
|
|
next_page = page.forms[0].submit('submit')
|
|
next_page.forms[0]['f3'] = 'barXYZ'
|
|
next_page = next_page.forms[0].submit('submit')
|
|
next_page = next_page.forms[0].submit('submit')
|
|
next_page = next_page.follow()
|
|
assert 'The form has been recorded' in next_page.body
|
|
|
|
data_id = formdef.data_class().select()[0].id
|
|
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/%s/' % data_id)
|
|
assert 'button_editable-button' in page.body
|
|
assert 'barXYZ' in page.body
|
|
|
|
resp = page.forms[0].submit('button_editable')
|
|
assert resp.location == 'http://example.net/test/%s/wfedit' % data_id
|
|
resp = resp.follow()
|
|
assert resp.forms[0]['f1'].value == 'foo'
|
|
resp.forms[0]['f1'] = 'foo2'
|
|
|
|
resp = resp.forms[0].submit('submit')
|
|
assert resp.forms[0]['f3'].value == 'barXYZ'
|
|
resp = resp.forms[0].submit('previous')
|
|
assert resp.forms[0]['f1'].value == 'foo2'
|
|
resp = resp.forms[0].submit('submit')
|
|
assert 'Save Changes' in resp.body
|
|
resp = resp.forms[0].submit('submit')
|
|
assert resp.location == 'http://example.net/test/%s/' % data_id
|
|
resp = resp.follow()
|
|
assert 'foo2' in resp.body # modified value is there
|
|
assert 'barXYZ' in resp.body # unchanged value is still there
|
|
|
|
|
|
def test_form_count_dispatching(pub):
|
|
user = create_user(pub)
|
|
|
|
formdef = create_formdef()
|
|
formdef.fields = []
|
|
formdef.store()
|
|
|
|
workflow = Workflow(name='test')
|
|
st1 = workflow.add_status('Status1', 'st1')
|
|
jump = JumpWorkflowStatusItem()
|
|
jump.condition = 'form_objects.count_status_st2 < 1'
|
|
jump.status = 'st2'
|
|
st1.items.append(jump)
|
|
jump.parent = st1
|
|
st2 = workflow.add_status('Status2', 'st2')
|
|
workflow.store()
|
|
|
|
formdef.workflow_id = workflow.id
|
|
formdef.store()
|
|
|
|
formdef.data_class().wipe()
|
|
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
page = page.forms[0].submit('submit') # form page
|
|
page = page.forms[0].submit('submit') # confirmation page
|
|
page = page.follow()
|
|
assert 'The form has been recorded' in page.body # success
|
|
|
|
assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st1')) == 0
|
|
assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st2')) == 1
|
|
|
|
page = login(get_app(pub), username='foo', password='foo').get('/test/')
|
|
page = page.forms[0].submit('submit') # form page
|
|
page = page.forms[0].submit('submit') # confirmation page
|
|
page = page.follow()
|
|
assert 'The form has been recorded' in page.body # success
|
|
|
|
assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st2')) == 1
|
|
assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st1')) == 1
|
|
|
|
def test_preview_form(pub):
|
|
user = create_user(pub)
|
|
|
|
formdef = create_formdef()
|
|
formdef.data_class().wipe()
|
|
formdef.fields = []
|
|
formdef.disabled = True
|
|
formdef.store()
|
|
|
|
# check the preview page is not accessible to regular users
|
|
get_app(pub).get('/preview/test/', status=403)
|
|
|
|
# check it's accessible to admins
|
|
user.is_admin = True
|
|
user.store()
|
|
page = login(get_app(pub), username='foo', password='foo').get('/preview/test/')
|
|
|
|
# check no formdata gets stored
|
|
next_page = page.forms[0].submit('submit')
|
|
assert 'Check values then click submit.' in next_page.body
|
|
next_page = next_page.forms[0].submit('submit')
|
|
assert next_page.status_int == 302
|
|
assert next_page.location == 'http://example.net/preview/test/'
|
|
assert formdef.data_class().count() == 0
|