0001-misc-create-session-substitution-variables-from-quer.patch
tests/test_form_pages.py | ||
---|---|---|
1 | 1 |
import pytest |
2 | 2 |
import hashlib |
3 |
import os |
|
3 | 4 | |
4 | 5 |
from wcs.qommon.ident.password_accounts import PasswordAccount |
5 | 6 |
from wcs.formdef import FormDef |
... | ... | |
884 | 885 |
'0_structured': [ |
885 | 886 |
{'id': '1', 'more': 'foo', 'text': 'un'}, |
886 | 887 |
{'id': '3', 'more': 'baz', 'text': 'trois'}]} |
888 | ||
889 |
def test_form_page_query_string_prefill(pub): |
|
890 |
formdef = create_formdef() |
|
891 |
formdef.data_class().wipe() |
|
892 |
formdef.fields = [fields.StringField(id='0', label='string', |
|
893 |
prefill={'type': 'formula', 'value': 'session_var_foo'})] |
|
894 |
formdef.store() |
|
895 | ||
896 |
# check it's empty if it doesn't exist |
|
897 |
resp = get_app(pub).get('/test/') |
|
898 |
assert resp.forms[0]['f0'].value == '' |
|
899 | ||
900 |
# check it's not set if it's not whitelisted |
|
901 |
resp = get_app(pub).get('/?session_var_foo=hello') |
|
902 |
resp = resp.click('test') |
|
903 |
assert resp.forms[0]['f0'].value == '' |
|
904 | ||
905 |
# check it works |
|
906 |
open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''[options] |
|
907 |
query_string_allowed_vars = foo,bar |
|
908 |
''') |
|
909 | ||
910 |
resp = get_app(pub).get('/?session_var_foo=hello') |
|
911 |
resp = resp.click('test') |
|
912 |
assert resp.forms[0]['f0'].value == 'hello' |
|
913 | ||
914 |
os.unlink(os.path.join(pub.app_dir, 'site-options.cfg')) |
wcs/qommon/sessions.py | ||
---|---|---|
80 | 80 |
ident_idp_token = None |
81 | 81 |
tempfiles = None |
82 | 82 |
jsonp_display_values = None |
83 |
extra_variables = None |
|
83 | 84 | |
84 | 85 |
username = None # only set on password authentication |
85 | 86 | |
... | ... | |
92 | 93 |
self.ident_idp_token or \ |
93 | 94 |
self.tempfiles or \ |
94 | 95 |
self.jsonp_display_values or \ |
96 |
self.extra_variables or \ |
|
95 | 97 |
CaptchaSession.has_info(self) or \ |
96 | 98 |
QuixoteSession.has_info(self) |
97 | 99 |
is_dirty = has_info |
... | ... | |
205 | 207 |
value.fp = open(filename) |
206 | 208 |
return value |
207 | 209 | |
210 |
def add_extra_variable(self, key, value): |
|
211 |
if not self.extra_variables: |
|
212 |
self.extra_variables = {} |
|
213 |
self.extra_variables[key] = value |
|
214 | ||
215 |
def start_request(self): |
|
216 |
# feed session with specific query string parameters |
|
217 |
request = get_request() |
|
218 |
if request.get_method() == 'GET' and request.form: |
|
219 |
query_string_allowed_vars = get_publisher().get_site_option( |
|
220 |
'query_string_allowed_vars') or '' |
|
221 |
query_string_allowed_vars = [x.strip() for x in |
|
222 |
query_string_allowed_vars.split(',')] |
|
223 |
for k, v in request.form.items(): |
|
224 |
if k.startswith('session_var_'): |
|
225 |
session_variable = str(k[len('session_var_'):]) |
|
226 |
if session_variable in query_string_allowed_vars: |
|
227 |
self.add_extra_variable(session_variable, v) |
|
228 |
del request.form[k] |
|
229 | ||
230 |
return QuixoteSession.start_request(self) |
|
231 | ||
232 |
def get_substitution_variables(self, prefix='session_var_'): |
|
233 |
d = {} |
|
234 |
if self.extra_variables: |
|
235 |
for k, v in self.extra_variables.items(): |
|
236 |
d[prefix + k] = v |
|
237 |
return d |
|
238 | ||
208 | 239 | |
209 | 240 |
class QommonSessionManager(QuixoteSessionManager): |
210 | 241 |
def start_request(self): |
wcs/root.py | ||
---|---|---|
283 | 283 |
if not hasattr(response, 'breadcrumb'): |
284 | 284 |
response.breadcrumb = [ ('', _('Home')) ] |
285 | 285 | |
286 |
get_publisher().substitutions.feed(get_session()) |
|
286 | 287 |
get_publisher().substitutions.feed(get_request().user) |
287 | 288 |
get_publisher().substitutions.feed(NamedDataSource) |
288 | 289 | |
289 |
- |