0001-misc-create-session-substitution-variables-from-quer.patch
| tests/test_form_pages.py | ||
|---|---|---|
| 1 | 1 |
import pytest |
| 2 | 2 |
import hashlib |
| 3 |
import os |
|
| 3 | 4 | |
| 4 | 5 |
from wcs.qommon.ident.password_accounts import PasswordAccount |
| 5 | 6 |
from wcs.formdef import FormDef |
| ... | ... | |
| 884 | 885 |
'0_structured': [ |
| 885 | 886 |
{'id': '1', 'more': 'foo', 'text': 'un'},
|
| 886 | 887 |
{'id': '3', 'more': 'baz', 'text': 'trois'}]}
|
| 888 | ||
| 889 |
def test_form_page_query_string_prefill(pub): |
|
| 890 |
user = create_user(pub) |
|
| 891 |
formdef = create_formdef() |
|
| 892 |
formdef.data_class().wipe() |
|
| 893 |
formdef.fields = [fields.StringField(id='0', label='string', |
|
| 894 |
prefill={'type': 'formula', 'value': 'session_var_foo'})]
|
|
| 895 |
formdef.store() |
|
| 896 | ||
| 897 |
# check it's empty if it doesn't exist |
|
| 898 |
resp = get_app(pub).get('/test/')
|
|
| 899 |
assert resp.forms[0]['f0'].value == '' |
|
| 900 | ||
| 901 |
# check it's not set if it's not whitelisted |
|
| 902 |
resp = get_app(pub).get('/?session_var_foo=hello')
|
|
| 903 |
resp = resp.click('test')
|
|
| 904 |
assert resp.forms[0]['f0'].value == '' |
|
| 905 | ||
| 906 |
# check it works |
|
| 907 |
open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''[options]
|
|
| 908 |
query_string_allowed_vars = foo,bar |
|
| 909 |
''') |
|
| 910 | ||
| 911 |
resp = get_app(pub).get('/?session_var_foo=hello')
|
|
| 912 |
resp = resp.click('test')
|
|
| 913 |
assert resp.forms[0]['f0'].value == 'hello' |
|
| 914 | ||
| 915 |
# check it survives a login |
|
| 916 |
resp = get_app(pub).get('/?session_var_foo=hello2')
|
|
| 917 |
resp = resp.click('Login')
|
|
| 918 |
resp = resp.follow() |
|
| 919 |
resp.forms[0]['username'] = 'foo' |
|
| 920 |
resp.forms[0]['password'] = 'foo' |
|
| 921 |
resp = resp.forms[0].submit() |
|
| 922 |
resp = resp.follow() |
|
| 923 |
resp = resp.click('test')
|
|
| 924 |
assert resp.forms[0]['f0'].value == 'hello2' |
|
| 925 | ||
| 926 |
# check repeated options are ignored |
|
| 927 |
resp = get_app(pub).get('/?session_var_foo=hello&session_var_foo=hello2')
|
|
| 928 |
resp = resp.click('test')
|
|
| 929 |
assert resp.forms[0]['f0'].value == '' |
|
| 930 | ||
| 931 |
os.unlink(os.path.join(pub.app_dir, 'site-options.cfg')) |
|
| wcs/qommon/sessions.py | ||
|---|---|---|
| 80 | 80 |
ident_idp_token = None |
| 81 | 81 |
tempfiles = None |
| 82 | 82 |
jsonp_display_values = None |
| 83 |
extra_variables = None |
|
| 83 | 84 | |
| 84 | 85 |
username = None # only set on password authentication |
| 85 | 86 | |
| ... | ... | |
| 92 | 93 |
self.ident_idp_token or \ |
| 93 | 94 |
self.tempfiles or \ |
| 94 | 95 |
self.jsonp_display_values or \ |
| 96 |
self.extra_variables or \ |
|
| 95 | 97 |
CaptchaSession.has_info(self) or \ |
| 96 | 98 |
QuixoteSession.has_info(self) |
| 97 | 99 |
is_dirty = has_info |
| ... | ... | |
| 205 | 207 |
value.fp = open(filename) |
| 206 | 208 |
return value |
| 207 | 209 | |
| 210 |
def add_extra_variable(self, key, value): |
|
| 211 |
if not self.extra_variables: |
|
| 212 |
self.extra_variables = {}
|
|
| 213 |
self.extra_variables[key] = value |
|
| 214 | ||
| 215 |
def start_request(self): |
|
| 216 |
# feed session with specific query string parameters |
|
| 217 |
request = get_request() |
|
| 218 |
if request.get_method() == 'GET' and request.form: |
|
| 219 |
query_string_allowed_vars = get_publisher().get_site_option( |
|
| 220 |
'query_string_allowed_vars') or '' |
|
| 221 |
query_string_allowed_vars = [x.strip() for x in |
|
| 222 |
query_string_allowed_vars.split(',')]
|
|
| 223 |
for k, v in request.form.items(): |
|
| 224 |
if k.startswith('session_var_'):
|
|
| 225 |
session_variable = str(k[len('session_var_'):])
|
|
| 226 |
if session_variable in query_string_allowed_vars and ( |
|
| 227 |
isinstance(v, str)): |
|
| 228 |
self.add_extra_variable(session_variable, v) |
|
| 229 |
del request.form[k] |
|
| 230 | ||
| 231 |
return QuixoteSession.start_request(self) |
|
| 232 | ||
| 233 |
def get_substitution_variables(self, prefix='session_var_'): |
|
| 234 |
d = {}
|
|
| 235 |
if self.extra_variables: |
|
| 236 |
for k, v in self.extra_variables.items(): |
|
| 237 |
d[prefix + k] = v |
|
| 238 |
return d |
|
| 239 | ||
| 208 | 240 | |
| 209 | 241 |
class QommonSessionManager(QuixoteSessionManager): |
| 210 | 242 |
def start_request(self): |
| wcs/root.py | ||
|---|---|---|
| 283 | 283 |
if not hasattr(response, 'breadcrumb'): |
| 284 | 284 |
response.breadcrumb = [ ('', _('Home')) ]
|
| 285 | 285 | |
| 286 |
get_publisher().substitutions.feed(get_session()) |
|
| 286 | 287 |
get_publisher().substitutions.feed(get_request().user) |
| 287 | 288 |
get_publisher().substitutions.feed(NamedDataSource) |
| 288 | 289 | |
| 289 |
- |
|