#!/usr/bin/env python# -*- coding: utf-8 -*-import mockfrom flask import url_

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. import mock
4. from flask import url_for
5. from flask_testing import TestCase
6. import unittest
7.  
8. import common
9. from db import db_session, Journalist
10. import journalist
11.  
12. os.environ['SECUREDROP_ENV'] = 'test'
13.  
14. class TestJournalist(TestCase):
15. def create_app(self):
16. return journalist.app
17.  
18. def setUp(self):
19. common.shared_setup()
20. patcher = mock.patch('db.Journalist.verify_token')
21. self.addCleanup(patcher.stop)
22. self.mock_journalist_verify_token = patcher.start()
23. self.mock_journalist_verify_token.return_value = True
24. self.user_pw = "bar"
25. self.user = Journalist(username="foo",
26. password=self.user_pw)
27. db_session.add(self.user)
28. db_session.add(self.admin_user)
29. db_session.commit()
30.  
31. def tearDown(self):
32. common.shared_teardown()
33.  
34. def _login_user(self):
35. self.client.post(url_for('login'), data=dict(
36. username=self.user.username,
37. password=self.user_pw,
38. token='mocked'),
39. follow_redirects=True)
40.  
41. def _logout_user(self):
42. self.client.get(url_for('logout'),
43. follow_redirects=True)
44.  
45. def test_user_not_really_logged_out(self):
46. # Because self._ctx (the Flask request context) is only reset by the
47. # self._post_teardown and self._pre_setup methods provided by
48. # flask_testing.TestCase, self._ctx.g (the Flask g object) is not reset
49. # between requests. So even though we see the werkzeug.test.Client
50. # behaving properly (i.e., deleting its cookies when asked--although if
51. # you look at line 340 of the Flask session code it should be deleting
52. # the whole cookie, not just its contents--that's a different story),
53. # visitng a restricted page in the interface is still possible after
54. # logout.
55. self._login_user()
56. self.assertIn("js", repr(self.client.cookie_jar._cookies))
57. self._logout_user()
58. self.assertEqual(self.client.cookie_jar._cookies, {u'localhost.local': {'/': {}}})
59. res = self.client.get(url_for('index'))
60. self.assertIn("No documents have been submitted!", res.data)
61.  
62. if __name__ == "__main__":
63. unittest.main(verbosity=2)