external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(routers.trusted_user): use creds to determine authorization

Browse source 
Closes #237

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-01-05 21:47:45 -08:00
parent 9d221604b4
commit 059733cb8c
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
4 changed files with 71 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

8
test/test_accounts_routes.py
View file

@ -1857,3 +1857,11 @@ def test_account_comments_not_found(client: TestClient, user: User):
with client as request:
resp = request.get("/account/non-existent/comments", cookies=cookies)
assert resp.status_code == int(HTTPStatus.NOT_FOUND)
def test_accounts_unauthorized(client: TestClient, user: User):
cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
resp = request.get("/accounts", cookies=cookies, allow_redirects=False)
assert resp.status_code == int(HTTPStatus.SEE_OTHER)
assert resp.headers.get("location") == "/"