From 1216399d53b3f3163eccc2ea0aacaeaf23562373 Mon Sep 17 00:00:00 2001 From: moson-mo Date: Thu, 24 Nov 2022 22:23:37 +0100 Subject: [PATCH] fix(test): FastAPI 0.87.0 - error fixes FastAPI 0.87.0 switched to the httpx library for their TestClient * allow_redirects is deprecated and replaced by follow_redirects Signed-off-by: moson-mo --- test/test_accounts_routes.py | 78 ++++++--------- test/test_auth_routes.py | 28 +++--- test/test_homepage.py | 9 +- test/test_packages_routes.py | 45 +++++---- test/test_pkgbase_routes.py | 163 +++++++++++++++++-------------- test/test_requests.py | 31 +++--- test/test_routes.py | 8 +- test/test_trusted_user_routes.py | 82 +++++++--------- 8 files changed, 218 insertions(+), 226 deletions(-) diff --git a/test/test_accounts_routes.py b/test/test_accounts_routes.py index f44fd44e..44226627 100644 --- a/test/test_accounts_routes.py +++ b/test/test_accounts_routes.py @@ -70,6 +70,9 @@ def client() -> TestClient: # Necessary for forged login CSRF protection on the login route. Set here # instead of only on the necessary requests for convenience. client.headers.update(TEST_REFERER) + + # disable redirects for our tests + client.follow_redirects = False yield client @@ -104,9 +107,7 @@ def test_get_passreset_authed_redirects(client: TestClient, user: User): assert sid is not None with client as request: - response = request.get( - "/passreset", cookies={"AURSID": sid}, allow_redirects=False - ) + response = request.get("/passreset", cookies={"AURSID": sid}) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/" @@ -140,7 +141,7 @@ def test_get_passreset_translation(client: TestClient): def test_get_passreset_with_resetkey(client: TestClient): with client as request: - response = request.get("/passreset", data={"resetkey": "abcd"}) + response = request.get("/passreset", params={"resetkey": "abcd"}) assert response.status_code == int(HTTPStatus.OK) @@ -153,7 +154,6 @@ def test_post_passreset_authed_redirects(client: TestClient, user: User): "/passreset", cookies={"AURSID": sid}, data={"user": "blah"}, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.SEE_OTHER) @@ -323,7 +323,7 @@ def post_register(request, **kwargs): for k, v in args.items(): data[k] = v - return request.post("/register", data=data, allow_redirects=False) + return request.post("/register", data=data) def test_post_register(client: TestClient): @@ -737,7 +737,7 @@ def test_get_account_edit_unauthorized(client: TestClient, user: User): endpoint = f"/account/{user2.Username}/edit" with client as request: # Try to edit `test2` while authenticated as `test`. - response = request.get(endpoint, cookies={"AURSID": sid}, allow_redirects=False) + response = request.get(endpoint, cookies={"AURSID": sid}) assert response.status_code == int(HTTPStatus.SEE_OTHER) expected = f"/account/{user2.Username}" @@ -755,7 +755,6 @@ def test_post_account_edit(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -841,9 +840,7 @@ def test_post_account_edit_dev(client: TestClient, tu_user: User): endpoint = f"/account/{tu_user.Username}/edit" with client as request: - response = request.post( - endpoint, cookies={"AURSID": sid}, data=post_data, allow_redirects=False - ) + response = request.post(endpoint, cookies={"AURSID": sid}, data=post_data) assert response.status_code == int(HTTPStatus.OK) expected = "The account, test, " @@ -867,7 +864,6 @@ def test_post_account_edit_language(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -897,7 +893,6 @@ def test_post_account_edit_timezone(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -914,7 +909,6 @@ def test_post_account_edit_error_missing_password(client: TestClient, user: User "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.BAD_REQUEST) @@ -934,7 +928,6 @@ def test_post_account_edit_error_invalid_password(client: TestClient, user: User "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1039,9 +1032,7 @@ def test_post_account_edit_error_unauthorized(client: TestClient, user: User): endpoint = f"/account/{user2.Username}/edit" with client as request: # Attempt to edit 'test2' while logged in as 'test'. - response = request.post( - endpoint, cookies={"AURSID": sid}, data=post_data, allow_redirects=False - ) + response = request.post(endpoint, cookies={"AURSID": sid}, data=post_data) assert response.status_code == int(HTTPStatus.SEE_OTHER) expected = f"/account/{user2.Username}" @@ -1064,7 +1055,6 @@ def test_post_account_edit_ssh_pub_key(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -1077,7 +1067,6 @@ def test_post_account_edit_ssh_pub_key(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -1099,7 +1088,6 @@ def test_post_account_edit_missing_ssh_pubkey(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -1116,7 +1104,6 @@ def test_post_account_edit_missing_ssh_pubkey(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -1133,9 +1120,7 @@ def test_post_account_edit_invalid_ssh_pubkey(client: TestClient, user: User): } cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - response = request.post( - "/account/test/edit", data=data, cookies=cookies, allow_redirects=False - ) + response = request.post("/account/test/edit", data=data, cookies=cookies) assert response.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1157,7 +1142,6 @@ def test_post_account_edit_password(client: TestClient, user: User): "/account/test/edit", cookies={"AURSID": sid}, data=post_data, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -1197,7 +1181,7 @@ def test_post_account_edit_other_user_as_user(client: TestClient, user: User): endpoint = f"/account/{user2.Username}/edit" with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/account/{user2.Username}" @@ -1208,7 +1192,7 @@ def test_post_account_edit_self_type_as_tu(client: TestClient, tu_user: User): # We cannot see the Account Type field on our own edit page. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) assert "id_type" in resp.text @@ -1239,7 +1223,7 @@ def test_post_account_edit_other_user_type_as_tu( # As a TU, we can see the Account Type field for other users. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) assert "id_type" in resp.text @@ -1277,19 +1261,20 @@ def test_post_account_edit_other_user_suspend_as_tu(client: TestClient, tu_user: # apart from `tu_user`s during our testing. user_client = TestClient(app=app) user_client.headers.update(TEST_REFERER) + user_client.follow_redirects = False # Test that `user` can view their account edit page while logged in. user_cookies = {"AURSID": sid} with client as request: endpoint = f"/account/{user.Username}/edit" - resp = request.get(endpoint, cookies=user_cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=user_cookies) assert resp.status_code == HTTPStatus.OK cookies = {"AURSID": tu_user.login(Request(), "testPassword")} assert cookies is not None # This is useless, we create the dict here ^ # As a TU, we can see the Account for other users. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) # As a TU, we can modify other user's account types. data = { @@ -1299,12 +1284,13 @@ def test_post_account_edit_other_user_suspend_as_tu(client: TestClient, tu_user: "passwd": "testPassword", } with client as request: - resp = request.post(endpoint, data=data, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint, data=data) assert resp.status_code == int(HTTPStatus.OK) # Test that `user` no longer has a session. with user_client as request: - resp = request.get(endpoint, cookies=user_cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=user_cookies) assert resp.status_code == HTTPStatus.SEE_OTHER # Since user is now suspended, they should not be able to login. @@ -1341,9 +1327,7 @@ def test_get_account(client: TestClient, user: User): sid = user.login(request, "testPassword") with client as request: - response = request.get( - "/account/test", cookies={"AURSID": sid}, allow_redirects=False - ) + response = request.get("/account/test", cookies={"AURSID": sid}) assert response.status_code == int(HTTPStatus.OK) @@ -1353,16 +1337,14 @@ def test_get_account_not_found(client: TestClient, user: User): sid = user.login(request, "testPassword") with client as request: - response = request.get( - "/account/not_found", cookies={"AURSID": sid}, allow_redirects=False - ) + response = request.get("/account/not_found", cookies={"AURSID": sid}) assert response.status_code == int(HTTPStatus.NOT_FOUND) def test_get_account_unauthenticated(client: TestClient, user: User): with client as request: - response = request.get("/account/test", allow_redirects=False) + response = request.get("/account/test") assert response.status_code == int(HTTPStatus.UNAUTHORIZED) content = response.content.decode() @@ -1832,7 +1814,7 @@ def test_get_terms_of_service(client: TestClient, user: User): ) with client as request: - response = request.get("/tos", allow_redirects=False) + response = request.get("/tos") assert response.status_code == int(HTTPStatus.SEE_OTHER) request = Request() @@ -1842,12 +1824,12 @@ def test_get_terms_of_service(client: TestClient, user: User): # First of all, let's test that we get redirected to /tos # when attempting to browse authenticated without accepting terms. with client as request: - response = request.get("/", cookies=cookies, allow_redirects=False) + response = request.get("/", cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/tos" with client as request: - response = request.get("/tos", cookies=cookies, allow_redirects=False) + response = request.get("/tos", cookies=cookies) assert response.status_code == int(HTTPStatus.OK) with db.begin(): @@ -1856,7 +1838,7 @@ def test_get_terms_of_service(client: TestClient, user: User): ) with client as request: - response = request.get("/tos", cookies=cookies, allow_redirects=False) + response = request.get("/tos", cookies=cookies) # We accepted the term, there's nothing left to accept. assert response.status_code == int(HTTPStatus.SEE_OTHER) @@ -1865,7 +1847,7 @@ def test_get_terms_of_service(client: TestClient, user: User): term.Revision = 2 with client as request: - response = request.get("/tos", cookies=cookies, allow_redirects=False) + response = request.get("/tos", cookies=cookies) # This time, we have a modified term Revision that hasn't # yet been agreed to via AcceptedTerm update. assert response.status_code == int(HTTPStatus.OK) @@ -1874,7 +1856,7 @@ def test_get_terms_of_service(client: TestClient, user: User): accepted_term.Revision = term.Revision with client as request: - response = request.get("/tos", cookies=cookies, allow_redirects=False) + response = request.get("/tos", cookies=cookies) # We updated the term revision, there's nothing left to accept. assert response.status_code == int(HTTPStatus.SEE_OTHER) @@ -1931,7 +1913,7 @@ def test_post_terms_of_service(client: TestClient, user: User): # Now, see that GET redirects us to / with no terms left to accept. with client as request: - response = request.get("/tos", cookies=cookies, allow_redirects=False) + response = request.get("/tos", cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/" @@ -1946,7 +1928,7 @@ def test_account_comments_not_found(client: TestClient, user: User): def test_accounts_unauthorized(client: TestClient, user: User): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.get("/accounts", cookies=cookies, allow_redirects=False) + resp = request.get("/accounts", cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == "/" diff --git a/test/test_auth_routes.py b/test/test_auth_routes.py index 87ad86f6..150625cd 100644 --- a/test/test_auth_routes.py +++ b/test/test_auth_routes.py @@ -33,6 +33,9 @@ def client() -> TestClient: # Necessary for forged login CSRF protection on the login route. Set here # instead of only on the necessary requests for convenience. client.headers.update(TEST_REFERER) + + # disable redirects for our tests + client.follow_redirects = False yield client @@ -58,21 +61,20 @@ def test_login_logout(client: TestClient, user: User): response = request.get("/login") assert response.status_code == int(HTTPStatus.OK) - response = request.post("/login", data=post_data, allow_redirects=False) + response = request.post("/login", data=post_data) assert response.status_code == int(HTTPStatus.SEE_OTHER) # Simulate following the redirect location from above's response. response = request.get(response.headers.get("location")) assert response.status_code == int(HTTPStatus.OK) - response = request.post("/logout", data=post_data, allow_redirects=False) + response = request.post("/logout", data=post_data) assert response.status_code == int(HTTPStatus.SEE_OTHER) response = request.post( "/logout", data=post_data, cookies={"AURSID": response.cookies.get("AURSID")}, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.SEE_OTHER) @@ -94,7 +96,7 @@ def test_login_email(client: TestClient, user: user): post_data = {"user": user.Email, "passwd": "testPassword", "next": "/"} with client as request: - resp = request.post("/login", data=post_data, allow_redirects=False) + resp = request.post("/login", data=post_data) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert "AURSID" in resp.cookies @@ -119,14 +121,14 @@ def test_insecure_login(getboolean: mock.Mock, client: TestClient, user: User): # Perform a login request with the data matching our user. with client as request: - response = request.post("/login", data=post_data, allow_redirects=False) + response = request.post("/login", data=post_data) # Make sure we got the expected status out of it. assert response.status_code == int(HTTPStatus.SEE_OTHER) # Let's check what we got in terms of cookies for AURSID. # Make sure that a secure cookie got passed to us. - cookie = next(c for c in response.cookies if c.name == "AURSID") + cookie = next(c for c in response.cookies.jar if c.name == "AURSID") assert cookie.secure is False assert cookie.has_nonstandard_attr("HttpOnly") is False assert cookie.has_nonstandard_attr("SameSite") is True @@ -160,14 +162,14 @@ def test_secure_login(getboolean: mock.Mock, client: TestClient, user: User): # Perform a login request with the data matching our user. with client as request: - response = request.post("/login", data=post_data, allow_redirects=False) + response = request.post("/login", data=post_data) # Make sure we got the expected status out of it. assert response.status_code == int(HTTPStatus.SEE_OTHER) # Let's check what we got in terms of cookies for AURSID. # Make sure that a secure cookie got passed to us. - cookie = next(c for c in response.cookies if c.name == "AURSID") + cookie = next(c for c in response.cookies.jar if c.name == "AURSID") assert cookie.secure is True assert cookie.has_nonstandard_attr("HttpOnly") is True assert cookie.has_nonstandard_attr("SameSite") is True @@ -186,7 +188,7 @@ def test_authenticated_login(client: TestClient, user: User): with client as request: # Try to login. - response = request.post("/login", data=post_data, allow_redirects=False) + response = request.post("/login", data=post_data) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/" @@ -194,9 +196,7 @@ def test_authenticated_login(client: TestClient, user: User): # when requesting GET /login as an authenticated user. # Now, let's verify that we receive 403 Forbidden when we # try to get /login as an authenticated user. - response = request.get( - "/login", cookies=response.cookies, allow_redirects=False - ) + response = request.get("/login", cookies=response.cookies) assert response.status_code == int(HTTPStatus.OK) assert "Logged-in as: test" in response.text @@ -205,7 +205,7 @@ def test_unauthenticated_logout_unauthorized(client: TestClient): with client as request: # Alright, let's verify that attempting to /logout when not # authenticated returns 401 Unauthorized. - response = request.post("/logout", allow_redirects=False) + response = request.post("/logout") assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location").startswith("/login") @@ -232,7 +232,7 @@ def test_login_remember_me(client: TestClient, user: User): } with client as request: - response = request.post("/login", data=post_data, allow_redirects=False) + response = request.post("/login", data=post_data) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert "AURSID" in response.cookies diff --git a/test/test_homepage.py b/test/test_homepage.py index 521f71c4..1aad30f7 100644 --- a/test/test_homepage.py +++ b/test/test_homepage.py @@ -253,7 +253,8 @@ def test_homepage_dashboard_requests(redis, packages, user): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - response = request.get("/", cookies=cookies) + request.cookies = cookies + response = request.get("/") assert response.status_code == int(HTTPStatus.OK) root = parse_root(response.text) @@ -270,7 +271,8 @@ def test_homepage_dashboard_flagged_packages(redis, packages, user): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - response = request.get("/", cookies=cookies) + request.cookies = cookies + response = request.get("/") assert response.status_code == int(HTTPStatus.OK) # Check to see that the package showed up in the Flagged Packages table. @@ -293,7 +295,8 @@ def test_homepage_dashboard_flagged(user: User, user2: User, package: Package): # flagged co-maintained packages. comaint_cookies = {"AURSID": user2.login(Request(), "testPassword")} with client as request: - resp = request.get("/", cookies=comaint_cookies) + request.cookies = comaint_cookies + resp = request.get("/") assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) diff --git a/test/test_packages_routes.py b/test/test_packages_routes.py index 3b717783..29872cb8 100644 --- a/test/test_packages_routes.py +++ b/test/test_packages_routes.py @@ -65,7 +65,11 @@ def setup(db_test): @pytest.fixture def client() -> TestClient: """Yield a FastAPI TestClient.""" - yield TestClient(app=asgi.app) + client = TestClient(app=asgi.app) + + # disable redirects for our tests + client.follow_redirects = False + yield client def create_user(username: str) -> User: @@ -1142,7 +1146,6 @@ def test_packages_post_unknown_action(client: TestClient, user: User, package: P "/packages", data={"action": "unknown"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1159,7 +1162,6 @@ def test_packages_post_error(client: TestClient, user: User, package: Package): "/packages", data={"action": "stub"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1180,7 +1182,6 @@ def test_packages_post(client: TestClient, user: User, package: Package): "/packages", data={"action": "stub"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.OK) @@ -1203,7 +1204,8 @@ def test_packages_post_unflag( # Don't supply any packages. post_data = {"action": "unflag", "IDs": []} with client as request: - resp = request.post("/packages", data=post_data, cookies=cookies) + request.cookies = cookies + resp = request.post("/packages", data=post_data) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) expected = "You did not select any packages to unflag." @@ -1212,7 +1214,8 @@ def test_packages_post_unflag( # Unflag the package as `user`. post_data = {"action": "unflag", "IDs": [package.ID]} with client as request: - resp = request.post("/packages", data=post_data, cookies=cookies) + request.cookies = cookies + resp = request.post("/packages", data=post_data) assert resp.status_code == int(HTTPStatus.OK) assert package.PackageBase.Flagger is None successes = get_successes(resp.text) @@ -1229,7 +1232,8 @@ def test_packages_post_unflag( maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")} post_data = {"action": "unflag", "IDs": [package.ID]} with client as request: - resp = request.post("/packages", data=post_data, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.post("/packages", data=post_data) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) expected = "You did not select any packages to unflag." @@ -1387,7 +1391,8 @@ def test_packages_post_disown_as_maintainer( # Try to run the disown action with no IDs; get an error. cookies = {"AURSID": maintainer.login(Request(), "testPassword")} with client as request: - resp = request.post("/packages", data={"action": "disown"}, cookies=cookies) + request.cookies = cookies + resp = request.post("/packages", data={"action": "disown"}) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) expected = "You did not select any packages to disown." @@ -1396,9 +1401,8 @@ def test_packages_post_disown_as_maintainer( # Try to disown `package` without giving the confirm argument. with client as request: - resp = request.post( - "/packages", data={"action": "disown", "IDs": [package.ID]}, cookies=cookies - ) + request.cookies = cookies + resp = request.post("/packages", data={"action": "disown", "IDs": [package.ID]}) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) assert package.PackageBase.Maintainer is not None errors = get_errors(resp.text) @@ -1411,10 +1415,10 @@ def test_packages_post_disown_as_maintainer( # Now, try to disown `package` without credentials (as `user`). user_cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: + request.cookies = user_cookies resp = request.post( "/packages", data={"action": "disown", "IDs": [package.ID], "confirm": True}, - cookies=user_cookies, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) assert package.PackageBase.Maintainer is not None @@ -1424,10 +1428,10 @@ def test_packages_post_disown_as_maintainer( # Now, let's really disown `package` as `maintainer`. with client as request: + request.cookies = cookies resp = request.post( "/packages", data={"action": "disown", "IDs": [package.ID], "confirm": True}, - cookies=cookies, ) assert package.PackageBase.Maintainer is None @@ -1463,9 +1467,8 @@ def test_packages_post_delete( # First, let's try to use the delete action with no packages IDs. user_cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.post( - "/packages", data={"action": "delete"}, cookies=user_cookies - ) + request.cookies = user_cookies + resp = request.post("/packages", data={"action": "delete"}) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) expected = "You did not select any packages to delete." @@ -1473,10 +1476,10 @@ def test_packages_post_delete( # Now, let's try to delete real packages without supplying "confirm". with client as request: + request.cookies = user_cookies resp = request.post( "/packages", data={"action": "delete", "IDs": [package.ID]}, - cookies=user_cookies, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) @@ -1488,10 +1491,10 @@ def test_packages_post_delete( # And again, with everything, but `user` doesn't have permissions. with client as request: + request.cookies = user_cookies resp = request.post( "/packages", data={"action": "delete", "IDs": [package.ID], "confirm": True}, - cookies=user_cookies, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) @@ -1503,10 +1506,10 @@ def test_packages_post_delete( # an invalid package ID. tu_cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: + request.cookies = tu_cookies resp = request.post( "/packages", data={"action": "delete", "IDs": [0], "confirm": True}, - cookies=tu_cookies, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) errors = get_errors(resp.text) @@ -1516,10 +1519,10 @@ def test_packages_post_delete( # Whoo. Now, let's finally make a valid request as `tu_user` # to delete `package`. with client as request: + request.cookies = tu_cookies resp = request.post( "/packages", data={"action": "delete", "IDs": [package.ID], "confirm": True}, - cookies=tu_cookies, ) assert resp.status_code == int(HTTPStatus.OK) successes = get_successes(resp.text) @@ -1541,7 +1544,7 @@ def test_account_comments_unauthorized(client: TestClient, user: User): leverage existing fixtures.""" endpoint = f"/account/{user.Username}/comments" with client as request: - resp = request.get(endpoint, allow_redirects=False) + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location").startswith("/login") diff --git a/test/test_pkgbase_routes.py b/test/test_pkgbase_routes.py index 18c11626..dd92d72d 100644 --- a/test/test_pkgbase_routes.py +++ b/test/test_pkgbase_routes.py @@ -59,7 +59,11 @@ def setup(db_test): @pytest.fixture def client() -> TestClient: """Yield a FastAPI TestClient.""" - yield TestClient(app=asgi.app) + client = TestClient(app=asgi.app) + + # disable redirects for our tests + client.follow_redirects = False + yield client def create_user(username: str) -> User: @@ -245,7 +249,7 @@ def test_pkgbase_not_found(client: TestClient): def test_pkgbase_redirect(client: TestClient, package: Package): with client as request: - resp = request.get(f"/pkgbase/{package.Name}", allow_redirects=False) + resp = request.get(f"/pkgbase/{package.Name}") assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/packages/{package.Name}" @@ -256,7 +260,7 @@ def test_pkgbase(client: TestClient, package: Package): expected = [package.Name, second.Name] with client as request: - resp = request.get(f"/pkgbase/{package.Name}", allow_redirects=False) + resp = request.get(f"/pkgbase/{package.Name}") assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -287,7 +291,7 @@ def test_pkgbase_maintainer( ) with client as request: - resp = request.get(f"/pkgbase/{package.Name}") + resp = request.get(f"/pkgbase/{package.Name}", follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -308,7 +312,7 @@ def test_pkgbase_voters(client: TestClient, tu_user: User, package: Package): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) # We should've gotten one link to the voter, tu_user. @@ -327,7 +331,7 @@ def test_pkgbase_voters_unauthorized(client: TestClient, user: User, package: Pa db.create(PackageVote, User=user, PackageBase=pkgbase, VoteTS=now) with client as request: - resp = request.get(endpoint, allow_redirects=False) + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -420,7 +424,7 @@ def test_pkgbase_comments( assert resp.headers.get("location")[:prefix_len] == expected_prefix with client as request: - resp = request.get(resp.headers.get("location")) + resp = request.get(resp.headers.get("location"), follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -461,7 +465,7 @@ def test_pkgbase_comments( assert resp.status_code == int(HTTPStatus.SEE_OTHER) with client as request: - resp = request.get(resp.headers.get("location")) + resp = request.get(resp.headers.get("location"), follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -527,7 +531,8 @@ def test_pkgbase_comment_delete( pkgbasename = package.PackageBase.Name endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/delete" with client as request: - resp = request.post(endpoint, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) expected = f"/pkgbase/{pkgbasename}" @@ -537,12 +542,14 @@ def test_pkgbase_comment_delete( maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")} endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/undelete" with client as request: - resp = request.post(endpoint, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.UNAUTHORIZED) # And move on to undeleting it. with client as request: - resp = request.post(endpoint, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) @@ -670,7 +677,7 @@ def test_pkgbase_comaintainers_not_found(client: TestClient, maintainer: User): cookies = {"AURSID": maintainer.login(Request(), "testPassword")} endpoint = "/pkgbase/fake/comaintainers" with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.NOT_FOUND) @@ -678,7 +685,7 @@ def test_pkgbase_comaintainers_post_not_found(client: TestClient, maintainer: Us cookies = {"AURSID": maintainer.login(Request(), "testPassword")} endpoint = "/pkgbase/fake/comaintainers" with client as request: - resp = request.post(endpoint, cookies=cookies, allow_redirects=False) + resp = request.post(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.NOT_FOUND) @@ -689,7 +696,7 @@ def test_pkgbase_comaintainers_unauthorized( endpoint = f"/pkgbase/{pkgbase.Name}/comaintainers" cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -701,7 +708,7 @@ def test_pkgbase_comaintainers_post_unauthorized( endpoint = f"/pkgbase/{pkgbase.Name}/comaintainers" cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.post(endpoint, cookies=cookies, allow_redirects=False) + resp = request.post(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -713,9 +720,7 @@ def test_pkgbase_comaintainers_post_invalid_user( endpoint = f"/pkgbase/{pkgbase.Name}/comaintainers" cookies = {"AURSID": maintainer.login(Request(), "testPassword")} with client as request: - resp = request.post( - endpoint, data={"users": "\nfake\n"}, cookies=cookies, allow_redirects=False - ) + resp = request.post(endpoint, data={"users": "\nfake\n"}, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -737,7 +742,6 @@ def test_pkgbase_comaintainers( endpoint, data={"users": f"\n{user.Username}\n{maintainer.Username}\n"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -748,7 +752,6 @@ def test_pkgbase_comaintainers( endpoint, data={"users": f"\n{user.Username}\n{maintainer.Username}\n"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -757,7 +760,7 @@ def test_pkgbase_comaintainers( # let's perform a GET request to make sure that the backend produces # the user we added in the users textarea. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -766,14 +769,12 @@ def test_pkgbase_comaintainers( # Finish off by removing all the comaintainers. with client as request: - resp = request.post( - endpoint, data={"users": str()}, cookies=cookies, allow_redirects=False - ) + resp = request.post(endpoint, data={"users": str()}, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -856,7 +857,6 @@ def test_pkgbase_request_post_merge_not_found_error( "comments": "We want to merge this.", }, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.OK) @@ -880,7 +880,6 @@ def test_pkgbase_request_post_merge_no_merge_into_error( "comments": "We want to merge this.", }, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.OK) @@ -904,7 +903,6 @@ def test_pkgbase_request_post_merge_self_error( "comments": "We want to merge this.", }, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.OK) @@ -927,26 +925,28 @@ def test_pkgbase_flag( # Get the flag page. with client as request: - resp = request.get(endpoint, cookies=cookies) + request.cookies = cookies + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.OK) # Now, let's check the /pkgbase/{name}/flag-comment route. flag_comment_endpoint = f"/pkgbase/{pkgbase.Name}/flag-comment" with client as request: - resp = request.get( - flag_comment_endpoint, cookies=cookies, allow_redirects=False - ) + request.cookies = cookies + resp = request.get(flag_comment_endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" # Try to flag it without a comment. with client as request: - resp = request.post(endpoint, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) # Flag it with a valid comment. with client as request: - resp = request.post(endpoint, data={"comments": "Test"}, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint, data={"comments": "Test"}) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgbase.Flagger == user assert pkgbase.FlaggerComment == "Test" @@ -957,15 +957,15 @@ def test_pkgbase_flag( # Now, let's check the /pkgbase/{name}/flag-comment route. flag_comment_endpoint = f"/pkgbase/{pkgbase.Name}/flag-comment" with client as request: - resp = request.get( - flag_comment_endpoint, cookies=cookies, allow_redirects=False - ) + request.cookies = cookies + resp = request.get(flag_comment_endpoint) assert resp.status_code == int(HTTPStatus.OK) # Now try to perform a get; we should be redirected because # it's already flagged. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + request.cookies = cookies + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) with db.begin(): @@ -982,27 +982,29 @@ def test_pkgbase_flag( user2_cookies = {"AURSID": user2.login(Request(), "testPassword")} endpoint = f"/pkgbase/{pkgbase.Name}/unflag" with client as request: - resp = request.post(endpoint, cookies=user2_cookies) + request.cookies = user2_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgbase.Flagger == user # Now, test that the 'maintainer' user can. maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")} with client as request: - resp = request.post(endpoint, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgbase.Flagger is None # Flag it again. with client as request: - resp = request.post( - f"/pkgbase/{pkgbase.Name}/flag", data={"comments": "Test"}, cookies=cookies - ) + request.cookies = cookies + resp = request.post(f"/pkgbase/{pkgbase.Name}/flag", data={"comments": "Test"}) assert resp.status_code == int(HTTPStatus.SEE_OTHER) # Now, unflag it for real. with client as request: - resp = request.post(endpoint, cookies=cookies) + request.cookies = cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgbase.Flagger is None @@ -1113,7 +1115,7 @@ def test_pkgbase_disown_as_maint_with_comaint( maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")} with client as request: resp = request.post( - endp, data=post_data, cookies=maint_cookies, allow_redirects=True + endp, data=post_data, cookies=maint_cookies, follow_redirects=True ) assert resp.status_code == int(HTTPStatus.OK) @@ -1145,52 +1147,62 @@ def test_pkgbase_disown( # GET as a normal user, which is rejected for lack of credentials. with client as request: - resp = request.get(endpoint, cookies=user_cookies, allow_redirects=False) + request.cookies = user_cookies + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) # GET as a comaintainer. with client as request: - resp = request.get(endpoint, cookies=comaint_cookies, allow_redirects=False) + request.cookies = comaint_cookies + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.OK) # Ensure that the comaintainer can see "Disown Package" link with client as request: - resp = request.get(pkgbase_endp, cookies=comaint_cookies) + request.cookies = comaint_cookies + resp = request.get(pkgbase_endp, follow_redirects=True) assert "Disown Package" in resp.text # GET as the maintainer. with client as request: - resp = request.get(endpoint, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.get(endpoint) assert resp.status_code == int(HTTPStatus.OK) # Ensure that the maintainer can see "Disown Package" link with client as request: - resp = request.get(pkgbase_endp, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.get(pkgbase_endp, follow_redirects=True) assert "Disown Package" in resp.text # POST as a normal user, which is rejected for lack of credentials. with client as request: - resp = request.post(endpoint, cookies=user_cookies) + request.cookies = user_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.SEE_OTHER) # POST as the comaintainer without "confirm". with client as request: - resp = request.post(endpoint, cookies=comaint_cookies) + request.cookies = comaint_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) # POST as the maintainer without "confirm". with client as request: - resp = request.post(endpoint, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.post(endpoint) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) # POST as the comaintainer with "confirm". with client as request: - resp = request.post(endpoint, data={"confirm": True}, cookies=comaint_cookies) + request.cookies = comaint_cookies + resp = request.post(endpoint, data={"confirm": True}) assert resp.status_code == int(HTTPStatus.SEE_OTHER) # POST as the maintainer with "confirm". with client as request: - resp = request.post(endpoint, data={"confirm": True}, cookies=maint_cookies) + request.cookies = maint_cookies + resp = request.post(endpoint, data={"confirm": True}) assert resp.status_code == int(HTTPStatus.SEE_OTHER) @@ -1207,21 +1219,21 @@ def test_pkgbase_adopt( # Adopt the package base. with client as request: - resp = request.post(endpoint, cookies=cookies, allow_redirects=False) + resp = request.post(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert package.PackageBase.Maintainer == maintainer # Try to adopt it when it already has a maintainer; nothing changes. user_cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.post(endpoint, cookies=user_cookies, allow_redirects=False) + resp = request.post(endpoint, cookies=user_cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert package.PackageBase.Maintainer == maintainer # Steal the package as a TU. tu_cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - resp = request.post(endpoint, cookies=tu_cookies, allow_redirects=False) + resp = request.post(endpoint, cookies=tu_cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert package.PackageBase.Maintainer == tu_user @@ -1233,7 +1245,7 @@ def test_pkgbase_delete_unauthorized(client: TestClient, user: User, package: Pa # Test GET. with client as request: - resp = request.get(endpoint, cookies=cookies, allow_redirects=False) + resp = request.get(endpoint, cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == f"/pkgbase/{pkgbase.Name}" @@ -1308,7 +1320,6 @@ def test_packages_post_unknown_action(client: TestClient, user: User, package: P "/packages", data={"action": "unknown"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1325,7 +1336,6 @@ def test_packages_post_error(client: TestClient, user: User, package: Package): "/packages", data={"action": "stub"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.BAD_REQUEST) @@ -1346,7 +1356,6 @@ def test_packages_post(client: TestClient, user: User, package: Package): "/packages", data={"action": "stub"}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.OK) @@ -1521,7 +1530,7 @@ def test_pkgbase_merge_post( def test_pkgbase_keywords(client: TestClient, user: User, package: Package): endpoint = f"/pkgbase/{package.PackageBase.Name}" with client as request: - resp = request.get(endpoint) + resp = request.get(endpoint, follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -1532,13 +1541,16 @@ def test_pkgbase_keywords(client: TestClient, user: User, package: Package): cookies = {"AURSID": maint.login(Request(), "testPassword")} post_endpoint = f"{endpoint}/keywords" with client as request: + request.cookies = cookies resp = request.post( - post_endpoint, data={"keywords": "abc test"}, cookies=cookies + post_endpoint, + data={"keywords": "abc test"}, ) assert resp.status_code == int(HTTPStatus.SEE_OTHER) with client as request: - resp = request.get(resp.headers.get("location")) + request.cookies = {} + resp = request.get(resp.headers.get("location"), follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -1552,7 +1564,8 @@ def test_pkgbase_keywords(client: TestClient, user: User, package: Package): def test_pkgbase_empty_keywords(client: TestClient, user: User, package: Package): endpoint = f"/pkgbase/{package.PackageBase.Name}" with client as request: - resp = request.get(endpoint) + request.cookies = {} + resp = request.get(endpoint, follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -1563,15 +1576,16 @@ def test_pkgbase_empty_keywords(client: TestClient, user: User, package: Package cookies = {"AURSID": maint.login(Request(), "testPassword")} post_endpoint = f"{endpoint}/keywords" with client as request: + request.cookies = cookies resp = request.post( post_endpoint, data={"keywords": "abc test foo bar "}, - cookies=cookies, ) assert resp.status_code == int(HTTPStatus.SEE_OTHER) with client as request: - resp = request.get(resp.headers.get("location")) + request.cookies = {} + resp = request.get(resp.headers.get("location"), follow_redirects=True) assert resp.status_code == int(HTTPStatus.OK) root = parse_root(resp.text) @@ -1608,12 +1622,12 @@ def test_independent_user_unflag(client: TestClient, user: User, package: Packag pkgbase = package.PackageBase cookies = {"AURSID": flagger.login(Request(), "testPassword")} with client as request: + request.cookies = cookies endp = f"/pkgbase/{pkgbase.Name}/flag" response = request.post( endp, data={"comments": "This thing needs a flag!"}, - cookies=cookies, - allow_redirects=True, + follow_redirects=True, ) assert response.status_code == HTTPStatus.OK @@ -1622,7 +1636,8 @@ def test_independent_user_unflag(client: TestClient, user: User, package: Packag # page when browsing as that `flagger` user. with client as request: endp = f"/pkgbase/{pkgbase.Name}" - response = request.get(endp, cookies=cookies, allow_redirects=True) + request.cookies = cookies + response = request.get(endp, follow_redirects=True) assert response.status_code == HTTPStatus.OK # Assert that the "Unflag package" link appears in the DOM. @@ -1633,7 +1648,8 @@ def test_independent_user_unflag(client: TestClient, user: User, package: Packag # Now, unflag the package by "clicking" the "Unflag package" link. with client as request: endp = f"/pkgbase/{pkgbase.Name}/unflag" - response = request.post(endp, cookies=cookies, allow_redirects=True) + request.cookies = cookies + response = request.post(endp, follow_redirects=True) assert response.status_code == HTTPStatus.OK # For the last time, let's check the GET response. The package should @@ -1641,7 +1657,8 @@ def test_independent_user_unflag(client: TestClient, user: User, package: Packag # should be missing. with client as request: endp = f"/pkgbase/{pkgbase.Name}" - response = request.get(endp, cookies=cookies, allow_redirects=True) + request.cookies = cookies + response = request.get(endp, follow_redirects=True) assert response.status_code == HTTPStatus.OK # Assert that the "Unflag package" link does not appear in the DOM. diff --git a/test/test_requests.py b/test/test_requests.py index 6475fae6..1d681d58 100644 --- a/test/test_requests.py +++ b/test/test_requests.py @@ -29,7 +29,11 @@ def setup(db_test) -> None: @pytest.fixture def client() -> TestClient: """Yield a TestClient.""" - yield TestClient(app=asgi.app) + client = TestClient(app=asgi.app) + + # disable redirects for our tests + client.follow_redirects = False + yield client def create_user(username: str, email: str) -> User: @@ -321,7 +325,8 @@ def test_request_post_deletion_autoaccept( endpoint = f"/pkgbase/{pkgbase.Name}/request" data = {"comments": "Test request.", "type": "deletion"} with client as request: - resp = request.post(endpoint, data=data, cookies=auser.cookies) + request.cookies = auser.cookies + resp = request.post(endpoint, data=data) assert resp.status_code == int(HTTPStatus.SEE_OTHER) pkgreq = ( @@ -642,7 +647,8 @@ def test_request_post_orphan_autoaccept( "comments": "Test request.", } with client as request: - resp = request.post(endpoint, data=data, cookies=auser.cookies) + request.cookies = auser.cookies + resp = request.post(endpoint, data=data) assert resp.status_code == int(HTTPStatus.SEE_OTHER) pkgreq = pkgbase.requests.first() @@ -715,7 +721,7 @@ def test_pkgreq_by_id_not_found(): def test_requests_unauthorized(client: TestClient): with client as request: - resp = request.get("/requests", allow_redirects=False) + resp = request.get("/requests") assert resp.status_code == int(HTTPStatus.SEE_OTHER) @@ -879,9 +885,7 @@ def test_requests_selfmade( def test_requests_close(client: TestClient, user: User, pkgreq: PackageRequest): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.get( - f"/requests/{pkgreq.ID}/close", cookies=cookies, allow_redirects=False - ) + resp = request.get(f"/requests/{pkgreq.ID}/close", cookies=cookies) assert resp.status_code == int(HTTPStatus.OK) @@ -890,9 +894,7 @@ def test_requests_close_unauthorized( ): cookies = {"AURSID": maintainer.login(Request(), "testPassword")} with client as request: - resp = request.get( - f"/requests/{pkgreq.ID}/close", cookies=cookies, allow_redirects=False - ) + resp = request.get(f"/requests/{pkgreq.ID}/close", cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == "/" @@ -906,7 +908,6 @@ def test_requests_close_post_unauthorized( f"/requests/{pkgreq.ID}/close", data={"reason": ACCEPTED_ID}, cookies=cookies, - allow_redirects=False, ) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.headers.get("location") == "/" @@ -915,9 +916,7 @@ def test_requests_close_post_unauthorized( def test_requests_close_post(client: TestClient, user: User, pkgreq: PackageRequest): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.post( - f"/requests/{pkgreq.ID}/close", cookies=cookies, allow_redirects=False - ) + resp = request.post(f"/requests/{pkgreq.ID}/close", cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgreq.Status == REJECTED_ID @@ -930,9 +929,7 @@ def test_requests_close_post_rejected( ): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - resp = request.post( - f"/requests/{pkgreq.ID}/close", cookies=cookies, allow_redirects=False - ) + resp = request.post(f"/requests/{pkgreq.ID}/close", cookies=cookies) assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert pkgreq.Status == REJECTED_ID diff --git a/test/test_routes.py b/test/test_routes.py index 78b0a65b..b4bc30ee 100644 --- a/test/test_routes.py +++ b/test/test_routes.py @@ -20,7 +20,11 @@ def setup(db_test): @pytest.fixture def client() -> TestClient: - yield TestClient(app=app) + client = TestClient(app=app) + + # disable redirects for our tests + client.follow_redirects = False + yield client @pytest.fixture @@ -66,7 +70,7 @@ def test_favicon(client: TestClient): """Test the favicon route at '/favicon.ico'.""" with client as request: response1 = request.get("/static/images/favicon.ico") - response2 = request.get("/favicon.ico") + response2 = request.get("/favicon.ico", follow_redirects=True) assert response1.status_code == int(HTTPStatus.OK) assert response1.content == response2.content diff --git a/test/test_trusted_user_routes.py b/test/test_trusted_user_routes.py index 203008e3..dc468808 100644 --- a/test/test_trusted_user_routes.py +++ b/test/test_trusted_user_routes.py @@ -81,7 +81,11 @@ def setup(db_test): def client(): from aurweb.asgi import app - yield TestClient(app=app) + client = TestClient(app=app) + + # disable redirects for our tests + client.follow_redirects = False + yield client @pytest.fixture @@ -151,7 +155,7 @@ def proposal(user, tu_user): def test_tu_index_guest(client): headers = {"referer": config.get("options", "aur_location") + "/tu"} with client as request: - response = request.get("/tu", allow_redirects=False, headers=headers) + response = request.get("/tu", headers=headers) assert response.status_code == int(HTTPStatus.SEE_OTHER) params = filters.urlencode({"next": "/tu"}) @@ -162,7 +166,7 @@ def test_tu_index_unauthorized(client: TestClient, user: User): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: # Login as a normal user, not a TU. - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/" @@ -173,7 +177,7 @@ def test_tu_empty_index(client, tu_user): # Make a default get request to /tu. cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == int(HTTPStatus.OK) # Parse lxml root. @@ -226,7 +230,6 @@ def test_tu_index(client, tu_user): "/tu", cookies=cookies, params={"cby": "BAD!", "pby": "blah"}, - allow_redirects=False, ) assert response.status_code == int(HTTPStatus.OK) @@ -292,7 +295,7 @@ def test_tu_index(client, tu_user): def test_tu_stats(client: TestClient, tu_user: User): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == HTTPStatus.OK root = parse_root(response.text) @@ -313,7 +316,7 @@ def test_tu_stats(client: TestClient, tu_user: User): tu_user.InactivityTS = time.utcnow() with client as request: - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == HTTPStatus.OK root = parse_root(response.text) @@ -361,7 +364,7 @@ def test_tu_index_table_paging(client, tu_user): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == int(HTTPStatus.OK) # Parse lxml.etree root. @@ -391,9 +394,7 @@ def test_tu_index_table_paging(client, tu_user): # Now, get the next page of current votes. offset = 10 # Specify coff=10 with client as request: - response = request.get( - "/tu", cookies=cookies, params={"coff": offset}, allow_redirects=False - ) + response = request.get("/tu", cookies=cookies, params={"coff": offset}) assert response.status_code == int(HTTPStatus.OK) old_rows = rows @@ -420,9 +421,7 @@ def test_tu_index_table_paging(client, tu_user): offset = 20 # Specify coff=10 with client as request: - response = request.get( - "/tu", cookies=cookies, params={"coff": offset}, allow_redirects=False - ) + response = request.get("/tu", cookies=cookies, params={"coff": offset}) assert response.status_code == int(HTTPStatus.OK) # Do it again, we only have five left. @@ -471,7 +470,7 @@ def test_tu_index_sorting(client, tu_user): # Make a default request to /tu. cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get("/tu", cookies=cookies, allow_redirects=False) + response = request.get("/tu", cookies=cookies) assert response.status_code == int(HTTPStatus.OK) # Get lxml handles of the document. @@ -498,9 +497,7 @@ def test_tu_index_sorting(client, tu_user): # Make another request; one that sorts the current votes # in ascending order instead of the default descending order. with client as request: - response = request.get( - "/tu", cookies=cookies, params={"cby": "asc"}, allow_redirects=False - ) + response = request.get("/tu", cookies=cookies, params={"cby": "asc"}) assert response.status_code == int(HTTPStatus.OK) # Get lxml handles of the document. @@ -573,7 +570,8 @@ def test_tu_index_last_votes( def test_tu_proposal_not_found(client, tu_user): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get("/tu", params={"id": 1}, cookies=cookies) + request.cookies = cookies + response = request.get("/tu", params={"id": 1}, follow_redirects=True) assert response.status_code == int(HTTPStatus.NOT_FOUND) @@ -583,14 +581,12 @@ def test_tu_proposal_unauthorized( cookies = {"AURSID": user.login(Request(), "testPassword")} endpoint = f"/tu/{proposal[2].ID}" with client as request: - response = request.get(endpoint, cookies=cookies, allow_redirects=False) + response = request.get(endpoint, cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/tu" with client as request: - response = request.post( - endpoint, cookies=cookies, data={"decision": False}, allow_redirects=False - ) + response = request.post(endpoint, cookies=cookies, data={"decision": False}) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/tu" @@ -606,7 +602,9 @@ def test_tu_running_proposal( proposal_id = voteinfo.ID cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: - response = request.get(f"/tu/{proposal_id}", cookies=cookies) + response = request.get( + f"/tu/{proposal_id}", cookies=cookies, follow_redirects=True + ) assert response.status_code == int(HTTPStatus.OK) # Alright, now let's continue on to verifying some markup. @@ -676,7 +674,9 @@ def test_tu_running_proposal( # Make another request now that we've voted. with client as request: - response = request.get("/tu", params={"id": voteinfo.ID}, cookies=cookies) + response = request.get( + "/tu", params={"id": voteinfo.ID}, cookies=cookies, follow_redirects=True + ) assert response.status_code == int(HTTPStatus.OK) # Parse our new root. @@ -734,9 +734,7 @@ def test_tu_proposal_vote_not_found(client, tu_user): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: data = {"decision": "Yes"} - response = request.post( - "/tu/1", cookies=cookies, data=data, allow_redirects=False - ) + response = request.post("/tu/1", cookies=cookies, data=data) assert response.status_code == int(HTTPStatus.NOT_FOUND) @@ -777,9 +775,7 @@ def test_tu_proposal_vote_unauthorized( cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: data = {"decision": "Yes"} - response = request.post( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.post(f"/tu/{voteinfo.ID}", cookies=cookies, data=data) assert response.status_code == int(HTTPStatus.UNAUTHORIZED) root = parse_root(response.text) @@ -788,9 +784,7 @@ def test_tu_proposal_vote_unauthorized( with client as request: data = {"decision": "Yes"} - response = request.get( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.get(f"/tu/{voteinfo.ID}", cookies=cookies, params=data) assert response.status_code == int(HTTPStatus.OK) root = parse_root(response.text) @@ -808,9 +802,7 @@ def test_tu_proposal_vote_cant_self_vote(client, proposal): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: data = {"decision": "Yes"} - response = request.post( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.post(f"/tu/{voteinfo.ID}", cookies=cookies, data=data) assert response.status_code == int(HTTPStatus.BAD_REQUEST) root = parse_root(response.text) @@ -819,9 +811,7 @@ def test_tu_proposal_vote_cant_self_vote(client, proposal): with client as request: data = {"decision": "Yes"} - response = request.get( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.get(f"/tu/{voteinfo.ID}", cookies=cookies, params=data) assert response.status_code == int(HTTPStatus.OK) root = parse_root(response.text) @@ -840,9 +830,7 @@ def test_tu_proposal_vote_already_voted(client, proposal): cookies = {"AURSID": tu_user.login(Request(), "testPassword")} with client as request: data = {"decision": "Yes"} - response = request.post( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.post(f"/tu/{voteinfo.ID}", cookies=cookies, data=data) assert response.status_code == int(HTTPStatus.BAD_REQUEST) root = parse_root(response.text) @@ -851,9 +839,7 @@ def test_tu_proposal_vote_already_voted(client, proposal): with client as request: data = {"decision": "Yes"} - response = request.get( - f"/tu/{voteinfo.ID}", cookies=cookies, data=data, allow_redirects=False - ) + response = request.get(f"/tu/{voteinfo.ID}", cookies=cookies, params=data) assert response.status_code == int(HTTPStatus.OK) root = parse_root(response.text) @@ -884,12 +870,12 @@ def test_tu_addvote_unauthorized( ): cookies = {"AURSID": user.login(Request(), "testPassword")} with client as request: - response = request.get("/addvote", cookies=cookies, allow_redirects=False) + response = request.get("/addvote", cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/tu" with client as request: - response = request.post("/addvote", cookies=cookies, allow_redirects=False) + response = request.post("/addvote", cookies=cookies) assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.headers.get("location") == "/tu"