0001-forms-force-authentication-on-user-drafts-37095.patch

Nicolas Roche, 20 novembre 2019 15:17

Voir les différences: en ligne côte à côte

Subject: [PATCH] forms: force authentication on user drafts (#37095)

 tests/test_form_pages.py | 49 ++++++++++++++++++++++++++++++++++++++++
 wcs/forms/root.py        |  2 +-
 2 files changed, 50 insertions(+), 1 deletion(-)

         resp = resp.form.submit('button_x2').follow()
         assert '<span class="status">Status2' in resp.text
     def test_form_recall_logged_in_draft_using_tracking_code(pub):
         user = create_user(pub)
         formdef = create_formdef()
         formdef.fields = [
             fields.StringField(id='0', label='string',
                 prefill={'type': 'string',
                          'value': 'here_1:{{form_user_email}}'}),
             fields.CommentField(id='1', type='comment',
                 label='here_2:{{form_user_email}}'),
+        ]
         formdef.enable_tracking_codes = True
         formdef.store()
         resp = login(get_app(pub), username='foo', password='foo').get('/test/')
         formdef.data_class().wipe()
         assert '<h3>Tracking code</h3>' in resp.text
         tracking_code = get_displayed_tracking_code(resp)
         assert tracking_code is not None
         assert 'here_1:foo@localhost' in resp.text
         assert 'here_2:foo@localhost' in resp.text
         resp = resp.forms[0].submit('submit')
         assert formdef.data_class().count() == 1
         formdata_id = formdef.data_class().select()[0].id
         # anonymous user must authenticate to restore user related drafts
         pub.session_manager.session_class.wipe()
         resp = get_app(pub).get('/')
         resp.forms[0]['code'] = tracking_code
         resp = resp.forms[0].submit()
         assert resp.location == 'http://example.net/code/%s/load' % tracking_code
         resp = resp.follow()
         assert resp.location == 'http://example.net/test/%s' % formdata_id
         resp = resp.follow()
         assert resp.location.startswith('http://example.net/login/?next=')
         # authenticated user retrieve form_user variables valuated
         resp = login(get_app(pub), username='foo', password='foo').get('/')
         resp.forms[0]['code'] = tracking_code
         resp = resp.forms[0].submit()
         assert resp.location == 'http://example.net/code/%s/load' % tracking_code
         resp = resp.follow()
         assert resp.location == 'http://example.net/test/%s' % formdata_id
         resp = resp.follow()
         assert resp.location.startswith('http://example.net/test/?mt=')
         resp = resp.follow()
         resp = resp.forms[1].submit('previous')
         assert 'here_1:foo@localhost' in resp.text
         assert 'here_2:foo@localhost' in resp.text

             # restore draft
             session = get_session()
             if not (get_request().is_in_backoffice() and filled.backoffice_submission):
                 if session.is_anonymous_submitter(filled):
                 if not filled.user_id and session.is_anonymous_submitter(filled):
                     pass
                 elif session.user:
                     if str(session.user) != str(filled.user_id):
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-forms-force-authentication-on-user-drafts-37095.patch