pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atst/tests/routes/test_users.py
graham-dds 82ef8f3574 Add fn to ensure a url matches an app url pattern 
In some functions, we redirect a user based on a parameter in a query
string.  This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed  as the next parameter isn't malicious.
2020-01-29 13:24:12 -05:00

44 lines
1.3 KiB
Python
Raw Blame History

from flask import url_for
from atst.domain.users import Users
from tests.factories import UserFactory
def test_user_can_view_profile(user_session, client):
user = UserFactory.create()
user_session(user)
response = client.get(url_for("users.user"))
assert user.email in response.data.decode()
def test_user_can_update_profile(user_session, client):
user = UserFactory.create()
user_session(user)
new_data = {**user.to_dictionary(), "first_name": "chad", "last_name": "vader"}
new_data["date_latest_training"] = new_data["date_latest_training"].strftime(
"%m/%d/%Y"
)
client.post(url_for("users.update_user"), data=new_data)
updated_user = Users.get_by_dod_id(user.dod_id)
assert updated_user.first_name == "chad"
assert updated_user.last_name == "vader"
def test_user_is_redirected_when_updating_profile(user_session, client):
user = UserFactory.create()
user_session(user)
next_url = "/home"
user_data = user.to_dictionary()
user_data["date_latest_training"] = user_data["date_latest_training"].strftime(
"%m/%d/%Y"
)
response = client.post(
url_for("users.update_user", next=next_url),
data=user_data,
follow_redirects=False,
)
assert response.status_code == 302
assert response.location.endswith(next_url)
Reference in New Issue View Git Blame Copy Permalink