aboutsummaryrefslogtreecommitdiffstats
path: root/t/app
diff options
context:
space:
mode:
Diffstat (limited to 't/app')
-rw-r--r--t/app/controller/alert_new.t12
-rw-r--r--t/app/controller/auth.t2
-rw-r--r--t/app/controller/moderate.t76
-rw-r--r--t/app/controller/photo.t7
-rw-r--r--t/app/controller/report_updates.t80
5 files changed, 66 insertions, 111 deletions
diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index 777d733e2..06932f70a 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -7,6 +7,10 @@ use FixMyStreet::App;
my $mech = FixMyStreet::TestMech->new;
+$mech->log_in_ok('test@example.com');
+$mech->get_ok('/alert/subscribe?id=1');
+my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/;
+
foreach my $test (
{
email => 'test@example.com',
@@ -71,7 +75,7 @@ foreach my $test (
$mech->delete_user($user);
}
- $mech->get_ok( $test->{uri} );
+ $mech->get_ok( $test->{uri} . "&token=$csrf" );
$mech->content_contains( $test->{content} );
$user =
@@ -113,7 +117,7 @@ foreach my $test (
my $existing_id = $alert->id;
my $existing_token = $url_token;
- $mech->get_ok( $test->{uri} );
+ $mech->get_ok( $test->{uri} . "&token=$csrf" );
$email = $mech->get_email;
ok $email, 'got a second email';
@@ -165,7 +169,7 @@ foreach my $test (
# clear existing data so we can be sure we're creating it
ok $alert->delete() if $alert && !$test->{exist};
- $mech->get_ok( '/alert/subscribe?type=local&rznvy=test-new@example.com&feed=area:1000:A_Location' );
+ $mech->get_ok( '/alert/subscribe?type=local&rznvy=test-new@example.com&feed=area:1000:A_Location&token=' . $csrf );
$alert = FixMyStreet::App->model('DB::Alert')->find(
{
@@ -262,7 +266,7 @@ for my $test (
FixMyStreet::App->model('DB::Abuse')
->find_or_create( { email => $test->{email} } );
- $mech->get_ok( $test->{uri} );
+ $mech->get_ok( $test->{uri} . "&token=$csrf" );
$mech->content_contains( $test->{content} );
$user =
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 235a3af7e..9b3d9468a 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -128,7 +128,7 @@ $mech->not_logged_in_ok;
ok my $form = $mech->form_name('change_password'),
"found change password form";
is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ], #
- [ 'confirm', 'new_password' ],
+ [ 'confirm', 'new_password', 'token' ],
"check we got expected fields (ie not old_password)";
# check the various ways the form can be wrong
diff --git a/t/app/controller/moderate.t b/t/app/controller/moderate.t
index b79f50e73..38216c708 100644
--- a/t/app/controller/moderate.t
+++ b/t/app/controller/moderate.t
@@ -8,6 +8,7 @@ use FixMyStreet::App;
use Data::Dumper;
my $mech = FixMyStreet::TestMech->new;
+$mech->host('www.example.org');
my $BROMLEY_ID = 2482;
my $body = $mech->create_body_ok( $BROMLEY_ID, 'Bromley Council' );
@@ -92,11 +93,12 @@ my %problem_prepopulated = (
subtest 'Problem moderation' => sub {
subtest 'Post modify title and text' => sub {
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->get_ok($REPORT_URL);
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_title => 'Good good',
problem_detail => 'Good good improved',
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$report->discard_changes;
@@ -105,11 +107,11 @@ subtest 'Problem moderation' => sub {
};
subtest 'Revert title and text' => sub {
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_revert_title => 1,
problem_revert_detail => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$report->discard_changes;
@@ -120,18 +122,18 @@ subtest 'Problem moderation' => sub {
subtest 'Make anonymous' => sub {
$mech->content_lacks('Reported anonymously');
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_show_name => 0,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_contains('Reported anonymously');
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_show_name => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_lacks('Reported anonymously');
@@ -140,18 +142,18 @@ subtest 'Problem moderation' => sub {
subtest 'Hide photo' => sub {
$mech->content_contains('Photo of this report');
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_show_photo => 0,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_lacks('Photo of this report');
- $mech->post_ok('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_show_photo => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_contains('Photo of this report');
@@ -160,10 +162,10 @@ subtest 'Problem moderation' => sub {
subtest 'Hide report' => sub {
$mech->clear_emails_ok;
- my $resp = $mech->post('/moderate/report/' . $report->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_hide => 1,
- });
+ }});
$mech->base_unlike( qr{/report/}, 'redirected to front page' );
$report->discard_changes;
@@ -185,22 +187,23 @@ $mech->content_lacks('Posted anonymously', 'sanity check');
subtest 'Problem 2' => sub {
my $REPORT2_URL = '/report/' . $report2->id ;
- $mech->post_ok('/moderate/report/' . $report2->id, {
+ $mech->get_ok($REPORT2_URL);
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_title => 'Good good',
problem_detail => 'Good good improved',
- });
+ }});
$mech->base_like( qr{\Q$REPORT2_URL\E} );
$report2->discard_changes;
is $report2->title, 'Good [...] good';
is $report2->detail, 'Good [...] good [...]improved';
- $mech->post_ok('/moderate/report/' . $report2->id, {
+ $mech->submit_form_ok({ with_fields => {
%problem_prepopulated,
problem_revert_title => 1,
problem_revert_detail => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT2_URL\E} );
$report2->discard_changes;
@@ -229,13 +232,12 @@ my $update = create_update();
subtest 'updates' => sub {
- my $MODERATE_UPDATE_URL = sprintf '/moderate/report/%d/update/%d', $report->id, $update->id;
-
subtest 'Update modify text' => sub {
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->get_ok($REPORT_URL);
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_detail => 'update good good good',
- }) or die $mech->content;
+ }}) or die $mech->content;
$mech->base_like( qr{\Q$REPORT_URL\E} );
$update->discard_changes;
@@ -243,10 +245,10 @@ subtest 'updates' => sub {
};
subtest 'Revert text' => sub {
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_revert_detail => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$update->discard_changes;
@@ -258,18 +260,18 @@ subtest 'updates' => sub {
$mech->content_lacks('Posted anonymously')
or die sprintf '%d (%d)', $update->id, $report->comments->count;
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_show_name => 0,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_contains('Posted anonymously');
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_show_name => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_lacks('Posted anonymously');
@@ -283,18 +285,18 @@ subtest 'updates' => sub {
$mech->content_contains('Photo of this report')
or die $mech->content;
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_show_photo => 0,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_lacks('Photo of this report');
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_show_photo => 1,
- });
+ }});
$mech->base_like( qr{\Q$REPORT_URL\E} );
$mech->content_contains('Photo of this report');
@@ -303,10 +305,10 @@ subtest 'updates' => sub {
subtest 'Hide comment' => sub {
$mech->content_contains('update good good bad good');
- $mech->post_ok( $MODERATE_UPDATE_URL, {
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_hide => 1,
- });
+ }});
$mech->content_lacks('update good good bad good');
};
@@ -316,11 +318,11 @@ subtest 'updates' => sub {
my $update2 = create_update();
subtest 'Update 2' => sub {
- my $MODERATE_UPDATE2_URL = sprintf '/moderate/report/%d/update/%d', $report->id, $update2->id;
- $mech->post_ok( $MODERATE_UPDATE2_URL, {
+ $mech->get_ok($REPORT_URL);
+ $mech->submit_form_ok({ with_fields => {
%update_prepopulated,
update_detail => 'update good good good',
- }) or die $mech->content;
+ }}) or die $mech->content;
$update2->discard_changes;
is $update2->text, 'update good good [...] good',
diff --git a/t/app/controller/photo.t b/t/app/controller/photo.t
index 425e3c4df..4cec82c44 100644
--- a/t/app/controller/photo.t
+++ b/t/app/controller/photo.t
@@ -40,11 +40,15 @@ subtest "Check multiple upload worked" => sub {
# submit the main form
# can't post_ok as we lose the Content_Type header
# (TODO rewrite with HTTP::Request::Common and request_ok)
+ $mech->get_ok('/report/new?lat=53.4031156&lon=-2.9840579');
+ my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/;
+
$mech->post( '/report/new',
Content_Type => 'form-data',
Content =>
{
submit_problem => 1,
+ token => $csrf,
title => 'Test',
lat => 53.4031156, lon => -2.9840579, # in Liverpool
pc => 'L1 4LN',
@@ -57,9 +61,6 @@ subtest "Check multiple upload worked" => sub {
email => 'test@example.com',
phone => '',
category => 'Street lighting',
- #password_sign_in => '',
- #password_register => '',
- #remember_me => undef,
}
);
ok $mech->success, 'Made request with multiple photo upload';
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 7b4bf7854..2a3c7c0b3 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -510,20 +510,14 @@ subtest 'check non authority user cannot change set state' => sub {
$user->update;
$mech->get_ok("/report/$report_id");
- $mech->post_ok( "/report/update", {
- submit_update => 1,
- id => $report_id,
- name => $user->name,
- may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
- update => 'this is a forbidden update',
- state => 'fixed - council',
+ $mech->submit_form_ok( {
+ form_id => 'form_update_form',
+ fields => {
+ may_show_name => 1,
+ update => 'this is a forbidden update',
+ state => 'fixed - council',
},
- 'submitted with state',
- );
+ }, 'submitted with state');
is $mech->uri->path, "/report/update", "at /report/update";
@@ -540,20 +534,14 @@ for my $state ( qw/unconfirmed hidden partial/ ) {
$user->update;
$mech->get_ok("/report/$report_id");
- $mech->post_ok( "/report/update", {
- submit_update => 1,
- id => $report_id,
- name => $user->name,
- may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
- update => 'this is a forbidden update',
- state => $state,
+ $mech->submit_form_ok( {
+ form_id => 'form_update_form',
+ fields => {
+ may_show_name => 1,
+ update => 'this is a forbidden update',
+ state => $state,
},
- 'submitted with state',
- );
+ }, 'submitted with state');
is $mech->uri->path, "/report/update", "at /report/update";
@@ -570,10 +558,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to investigating',
state => 'investigating',
},
@@ -584,10 +568,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to in progress',
state => 'in progress',
},
@@ -598,10 +578,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to fixed',
state => 'fixed',
},
@@ -612,10 +588,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to action scheduled',
state => 'action scheduled',
},
@@ -626,10 +598,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to unable to fix',
state => 'unable to fix',
},
@@ -640,10 +608,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to internal referral',
state => 'internal referral',
},
@@ -655,10 +619,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to not responsible',
state => 'not responsible',
},
@@ -670,10 +630,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to duplicate',
state => 'duplicate',
},
@@ -685,10 +641,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to internal referral',
state => 'internal referral',
},
@@ -700,10 +652,6 @@ for my $test (
fields => {
name => $user->name,
may_show_name => 1,
- add_alert => undef,
- photo1 => '',
- photo2 => '',
- photo3 => '',
update => 'Set state to fixed',
state => 'fixed',
},
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 12:56:11 +0000