Projet

Général

Profil

0001-misc-disable-verification-after-tracking-code-for-th.patch

Thomas Noël, 21 avril 2022 17:21

Télécharger (2,73 ko)

Voir les différences: 

Subject: [PATCH] misc: disable verification after tracking code, for the
 submitter (#64437)


 tests/form_pages/test_all.py | 35 +++++++++++++++++++++++++++++++++++
 wcs/forms/root.py            |  3 +++
 2 files changed, 38 insertions(+)
tests/form_pages/test_all.py
2072 2072 
    assert resp.forms[1]['f0'].value == 'barfoo'
2073 2073 

  		




  2074
  2074
  
    

  		




  
  2075
  
    
def test_form_tracking_code_email_and_verification(pub, emails, nocache):

  		




  
  2076
  
    
    formdef = create_formdef()

  		




  
  2077
  
    
    formdef.fields = [

  		




  
  2078
  
    
        fields.StringField(id='0', label='string1', required=False),

  		




  
  2079
  
    
        fields.StringField(id='1', label='string2', required=False),

  		




  
  2080
  
    
        fields.DateField(id='2', label='date', required=False),

  		




  
  2081
  
    
    ]

  		




  
  2082
  
    
    formdef.enable_tracking_codes = True

  		




  
  2083
  
    
    formdef.tracking_code_verify_fields = ['0', '1', '2']

  		




  
  2084
  
    
    formdef.store()

  		




  
  2085
  
    

  		




  
  2086
  
    
    app = get_app(pub)

  		




  
  2087
  
    
    resp = app.get('/test/')

  		




  
  2088
  
    
    resp.form['f0'] = 'barfoo'

  		




  
  2089
  
    
    # autosave will be made using javascript in real world

  		




  
  2090
  
    
    app.post('/test/autosave', params=resp.form.submit_fields())

  		




  
  2091
  
    

  		




  
  2092
  
    
    tracking_code = get_displayed_tracking_code(resp)

  		




  
  2093
  
    
    assert tracking_code is not None

  		




  
  2094
  
    

  		




  
  2095
  
    
    resp = app.get('/test/code/%s/' % tracking_code)

  		




  
  2096
  
    
    assert '<h2>Keep your tracking code</h2>' in resp.text

  		




  
  2097
  
    
    resp.forms[0]['email'] = 'foo@localhost'

  		




  
  2098
  
    
    resp = resp.forms[0].submit()

  		




  
  2099
  
    
    assert emails.get('Tracking Code reminder')

  		




  
  2100
  
    
    assert tracking_code in emails.get('Tracking Code reminder')['payload']

  		




  
  2101
  
    
    assert resp.location == 'http://example.net/test/code/%s/load' % tracking_code

  		




  
  2102
  
    

  		




  
  2103
  
    
    # returns to the form, without verification: formdata is mine

  		




  
  2104
  
    
    resp = resp.follow()

  		




  
  2105
  
    
    resp = resp.follow()

  		




  
  2106
  
    
    resp = resp.follow()

  		




  
  2107
  
    
    assert resp.forms[1]['f0'].value == 'barfoo'

  		




  
  2108
  
    

  		




  
  2109
  
    

  		




  2075
  2110
  
    
def test_form_tracking_code_email_antibot(pub, emails, nocache):

  		




  2076
  2111
  
    
    formdef = create_formdef()

  		




  2077
  2112
  
    
    formdef.data_class().wipe()

  		












  

    
      wcs/forms/root.py
    
  





  182
  182
  
    
        if get_request().is_from_bot():

  		




  183
  183
  
    
            raise errors.AccessForbiddenError()

  		




  184
  184
  
    

  		




  
  185
  
    
        if formdata.is_submitter(get_request().user):

  		




  
  186
  
    
            return redirect(formdata.get_url())

  		




  
  187
  
    

  		




  185
  188
  
    
        verify_fields = []

  		




  186
  189
  
    
        for field in formdata.formdef.fields:

  		




  187
  190
  
    
            if field.id in (formdata.formdef.tracking_code_verify_fields or []):

  		




  188
  
  
    
-