diff --git a/imaginaerraum_door_admin/webapp.py b/imaginaerraum_door_admin/webapp.py index 8b60a20..f203b04 100644 --- a/imaginaerraum_door_admin/webapp.py +++ b/imaginaerraum_door_admin/webapp.py @@ -411,35 +411,39 @@ def delete_token(token): """ tokens = current_app.door.get_tokens() - if token in tokens: - token_to_delete = tokens[token] - - # set up form for confirming deletion - form = ConfirmDeleteForm() - form.name_confirm.data = token_to_delete['name'] - - if request.method == 'GET': - # return page asking the user to confirm delete - return render_template('delete.html', token=token_to_delete, form=form) - elif form.validate(): - # form validation successful -> can delete the token - tokens.pop(token) - try: - current_app.door.store_tokens(tokens) - current_app.logger.info(f"Token {token} was deleted from database by admin user {current_user.username}") - except Exception as e: - flash(f"Error during store_tokens. Exception: {e}") - flash(f"Token {token} wurde gelöscht!") - return redirect('/tokens') - else: - # form validation failed -> return to token overview and flash message - flash( - f"Der eingegebene Name stimmt nicht überein. Der Token {token} von {token_to_delete['name']} wurde nicht gelöscht.") - return redirect('/tokens') - else: + if token not in tokens: flash(f'Ungültiger Token {token} für Löschung.') return redirect('/tokens') + token_to_delete = tokens[token] + + # set up form for confirming deletion + form = ConfirmDeleteForm() + form.name_confirm.data = token_to_delete['name'] + + if request.method == 'GET': + # return page asking the user to confirm delete + return render_template('delete.html', token=token_to_delete, form=form) + elif form.validate(): + # form validation successful -> can delete the token + tokens.pop(token) + try: + current_app.door.store_tokens(tokens) + current_app.logger.info(f"Token {token} was deleted from database " + f"by admin user {current_user.username}") + except Exception as e: + flash(f"Error during store_tokens. Exception: {e}") + flash(f"Token {token} wurde gelöscht!") + return redirect('/tokens') + else: + # form validation failed -> return to token overview and flash message + flash( + f"Der eingegebene Name stimmt nicht überein. Error: {form.errors}" + f"Der Token {token} von {token_to_delete['name']} wurde nicht " + "gelöscht." + ) + return redirect('/tokens') + @door_app.route('/deactivate-token/') @roles_required('admin') @@ -452,13 +456,17 @@ def deactivate_token(token): The token to deactivate. """ tokens = current_app.door.get_tokens() - if token in tokens: - tokens[token]['inactive'] = True - try: - current_app.door.store_tokens(tokens) - current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}") - except Exception as e: - flash(f"Error during store_tokens. Exception: {e}") + + if token not in tokens: + flash(f'Ungültiger Token {token} für Deaktivierung.') + return redirect('/tokens') + + tokens[token]['inactive'] = True + try: + current_app.door.store_tokens(tokens) + current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}") + except Exception as e: + flash(f"Error during store_tokens. Exception: {e}") return redirect('/tokens') diff --git a/tests/test_webinterface.py b/tests/test_webinterface.py index d40a929..e1e4878 100644 --- a/tests/test_webinterface.py +++ b/tests/test_webinterface.py @@ -6,6 +6,7 @@ from flask_security.utils import find_user from imaginaerraum_door_admin.door_handle import DoorHandle import re import secrets +import pathlib def test_login(browser, live_server): @@ -336,6 +337,11 @@ def test_register_token(client_authenticated, mocker): assert 'Elves' in page_src assert 'legolas@mirkwood.me' in page_src + # check that the token is created in the token file + token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '042979fa181280' in token_data + assert 'Legolas' in token_data + def test_edit_token(client_authenticated): # test with invalid token @@ -373,4 +379,66 @@ def test_edit_token(client_authenticated): assert 'Dwarves' in page_src assert 'balin@erebor.me' in page_src - pass + # check that the token is changed in the token file + token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '04538cfa186280' in token_data + assert 'Balin' in token_data + + +def test_delete_token(client_authenticated): + token_data = pathlib.Path( + client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '04538cfa186280' in token_data + + # test with invalid token + response = client_authenticated.get(f"/delete-token/nosuchtoken", + follow_redirects=True) + page_src = response.data.decode() + assert 'Ungültiger Token' in page_src + + # test using a valid token from the token file + response = client_authenticated.get(f"/delete-token/043a81fa186280", + follow_redirects=True) + csrf_token = extract_csrf_token(response) + + # try deleting without form data + response = client_authenticated.post(f"/delete-token/043a81fa186280", + follow_redirects=True) + page_src = response.data.decode() + assert "wurde nicht gelöscht" in page_src + + payload = { + 'name': 'Bilbo', + 'csrf_token': csrf_token + } + response = client_authenticated.post(f"/delete-token/043a81fa186280", + data=payload, + follow_redirects=True) + page_src = response.data.decode() + print(page_src) + assert "wurde gelöscht" in page_src + + # check that the token is now gone from the token file + token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '043a81fa186280' not in token_data + + +def test_deactivate_token(client_authenticated): + token_data = pathlib.Path( + client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '04387cfa186280' in token_data + + # test with invalid token + response = client_authenticated.get(f"/deactivate-token/nosuchtoken", + follow_redirects=True) + page_src = response.data.decode() + assert 'Ungültiger Token' in page_src + + # deactivate token + response = client_authenticated.get(f"/deactivate-token/04387cfa186280", + follow_redirects=True) + + # check that the token is now gone from the token file + token_data = pathlib.Path( + client_authenticated.application.config['TOKEN_FILE']).read_text() + assert '#04387cfa186280' in token_data \ No newline at end of file