0001-misc-create-session-substitution-variables-from-quer.patch
tests/test_form_pages.py | ||
---|---|---|
1 | 1 |
import pytest |
2 | 2 |
import hashlib |
3 |
import os |
|
3 | 4 | |
4 | 5 |
from wcs.qommon.ident.password_accounts import PasswordAccount |
5 | 6 |
from wcs.formdef import FormDef |
... | ... | |
884 | 885 |
'0_structured': [ |
885 | 886 |
{'id': '1', 'more': 'foo', 'text': 'un'}, |
886 | 887 |
{'id': '3', 'more': 'baz', 'text': 'trois'}]} |
888 | ||
889 |
def test_form_page_query_string_prefill(pub): |
|
890 |
user = create_user(pub) |
|
891 |
formdef = create_formdef() |
|
892 |
formdef.data_class().wipe() |
|
893 |
formdef.fields = [fields.StringField(id='0', label='string', |
|
894 |
prefill={'type': 'formula', 'value': 'session_var_foo'})] |
|
895 |
formdef.store() |
|
896 | ||
897 |
# check it's empty if it doesn't exist |
|
898 |
resp = get_app(pub).get('/test/') |
|
899 |
assert resp.forms[0]['f0'].value == '' |
|
900 | ||
901 |
# check it's not set if it's not whitelisted |
|
902 |
resp = get_app(pub).get('/?session_var_foo=hello') |
|
903 |
resp = resp.click('test') |
|
904 |
assert resp.forms[0]['f0'].value == '' |
|
905 | ||
906 |
# check it works |
|
907 |
open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''[options] |
|
908 |
query_string_allowed_vars = foo,bar |
|
909 |
''') |
|
910 | ||
911 |
resp = get_app(pub).get('/?session_var_foo=hello') |
|
912 |
resp = resp.click('test') |
|
913 |
assert resp.forms[0]['f0'].value == 'hello' |
|
914 | ||
915 |
# check it survives a login |
|
916 |
resp = get_app(pub).get('/?session_var_foo=hello2') |
|
917 |
resp = resp.click('Login') |
|
918 |
resp = resp.follow() |
|
919 |
resp.forms[0]['username'] = 'foo' |
|
920 |
resp.forms[0]['password'] = 'foo' |
|
921 |
resp = resp.forms[0].submit() |
|
922 |
resp = resp.follow() |
|
923 |
resp = resp.click('test') |
|
924 |
assert resp.forms[0]['f0'].value == 'hello2' |
|
925 | ||
926 |
# check repeated options are ignored |
|
927 |
resp = get_app(pub).get('/?session_var_foo=hello&session_var_foo=hello2') |
|
928 |
resp = resp.click('test') |
|
929 |
assert resp.forms[0]['f0'].value == '' |
|
930 | ||
931 |
os.unlink(os.path.join(pub.app_dir, 'site-options.cfg')) |
wcs/qommon/sessions.py | ||
---|---|---|
80 | 80 |
ident_idp_token = None |
81 | 81 |
tempfiles = None |
82 | 82 |
jsonp_display_values = None |
83 |
extra_variables = None |
|
83 | 84 | |
84 | 85 |
username = None # only set on password authentication |
85 | 86 | |
... | ... | |
92 | 93 |
self.ident_idp_token or \ |
93 | 94 |
self.tempfiles or \ |
94 | 95 |
self.jsonp_display_values or \ |
96 |
self.extra_variables or \ |
|
95 | 97 |
CaptchaSession.has_info(self) or \ |
96 | 98 |
QuixoteSession.has_info(self) |
97 | 99 |
is_dirty = has_info |
... | ... | |
205 | 207 |
value.fp = open(filename) |
206 | 208 |
return value |
207 | 209 | |
210 |
def add_extra_variable(self, key, value): |
|
211 |
if not self.extra_variables: |
|
212 |
self.extra_variables = {} |
|
213 |
self.extra_variables[key] = value |
|
214 | ||
215 |
def start_request(self): |
|
216 |
# feed session with specific query string parameters |
|
217 |
request = get_request() |
|
218 |
if request.get_method() == 'GET' and request.form: |
|
219 |
query_string_allowed_vars = get_publisher().get_site_option( |
|
220 |
'query_string_allowed_vars') or '' |
|
221 |
query_string_allowed_vars = [x.strip() for x in |
|
222 |
query_string_allowed_vars.split(',')] |
|
223 |
for k, v in request.form.items(): |
|
224 |
if k.startswith('session_var_'): |
|
225 |
session_variable = str(k[len('session_var_'):]) |
|
226 |
if session_variable in query_string_allowed_vars and ( |
|
227 |
isinstance(v, str)): |
|
228 |
self.add_extra_variable(session_variable, v) |
|
229 |
del request.form[k] |
|
230 | ||
231 |
return QuixoteSession.start_request(self) |
|
232 | ||
233 |
def get_substitution_variables(self, prefix='session_var_'): |
|
234 |
d = {} |
|
235 |
if self.extra_variables: |
|
236 |
for k, v in self.extra_variables.items(): |
|
237 |
d[prefix + k] = v |
|
238 |
return d |
|
239 | ||
208 | 240 | |
209 | 241 |
class QommonSessionManager(QuixoteSessionManager): |
210 | 242 |
def start_request(self): |
wcs/root.py | ||
---|---|---|
283 | 283 |
if not hasattr(response, 'breadcrumb'): |
284 | 284 |
response.breadcrumb = [ ('', _('Home')) ] |
285 | 285 | |
286 |
get_publisher().substitutions.feed(get_session()) |
|
286 | 287 |
get_publisher().substitutions.feed(get_request().user) |
287 | 288 |
get_publisher().substitutions.feed(NamedDataSource) |
288 | 289 | |
289 |
- |