lucaspalomodevelop/eventcally
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/eventcally.git synced 2026-03-13 00:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #556 from eventcally/issues/555

Browse Source 
Security updates #555
This commit is contained in:
Daniel Grams 2023-10-31 22:57:59 +01:00 committed by GitHub
commit 705bb4bf0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
requirements.txt
View File

@ -19,7 +19,7 @@ blinker==1.4
cached-property==1.5.2 cached-property==1.5.2
cachetools==5.3.0 cachetools==5.3.0
celery==5.2.7 celery==5.2.7
certifi==2022.12.7 certifi==2023.7.22
cffi==1.14.4 cffi==1.14.4
cfgv==3.2.0 cfgv==3.2.0
chardet==3.0.4 chardet==3.0.4
@ -30,7 +30,7 @@ click-repl==0.2.0
colour==0.1.5 colour==0.1.5
coverage==5.5 coverage==5.5
coveralls==3.3.1 coveralls==3.3.1
cryptography==41.0.3 cryptography==41.0.4
decorator==5.1.0 decorator==5.1.0
distlib==0.3.6 distlib==0.3.6
dnspython==2.0.0 dnspython==2.0.0
@ -47,7 +47,7 @@ Flask-Bootstrap==3.3.7.1
Flask-Cors==3.0.10 Flask-Cors==3.0.10
Flask-Dance==6.2.0 Flask-Dance==6.2.0
Flask-gzip==0.2 Flask-gzip==0.2
Flask-Login==0.6.2 Flask-Login==0.6.3
Flask-Mail==0.9.1 Flask-Mail==0.9.1
flask-marshmallow==0.15.0 flask-marshmallow==0.15.0
Flask-Migrate==4.0.4 Flask-Migrate==4.0.4
@ -56,7 +56,7 @@ Flask-QRcode==3.1.0
Flask-RESTful==0.3.9 Flask-RESTful==0.3.9
Flask-Security-Too==5.1.2 Flask-Security-Too==5.1.2
Flask-SQLAlchemy==3.0.3 Flask-SQLAlchemy==3.0.3
Flask-WTF==1.1.1 Flask-WTF==1.2.1
GeoAlchemy2==0.13.1 GeoAlchemy2==0.13.1
googlemaps==4.10.0 googlemaps==4.10.0
greenlet==2.0.2 greenlet==2.0.2
@ -87,7 +87,7 @@ packaging==23.0
passlib==1.7.4 passlib==1.7.4
pathspec==0.11.0 pathspec==0.11.0
pilkit==2.0 pilkit==2.0
Pillow==9.5.0 Pillow==10.0.1
pipdeptree==2.7.0 pipdeptree==2.7.0
pkginfo==1.9.6 pkginfo==1.9.6
platformdirs==3.1.0 platformdirs==3.1.0
@ -133,7 +133,7 @@ toml==0.10.2
tomli==2.0.1 tomli==2.0.1
typed-ast==1.5.4 typed-ast==1.5.4
typing_extensions==4.5.0 typing_extensions==4.5.0
urllib3==1.26.5 urllib3==1.26.18
URLObject==2.4.3 URLObject==2.4.3
validators==0.20.0 validators==0.20.0
vine==5.0.0 vine==5.0.0
@ -141,7 +141,7 @@ virtualenv==20.21.0
visitor==0.1.3 visitor==0.1.3
wcwidth==0.2.6 wcwidth==0.2.6
webargs==7.0.1 webargs==7.0.1
Werkzeug==2.2.3 Werkzeug==3.0.1
wimpy==0.6 wimpy==0.6
WTForms==3.0.1 WTForms==3.0.1
WTForms-SQLAlchemy==0.3 WTForms-SQLAlchemy==0.3

18
tests/utils.py
View File

@ -5,6 +5,7 @@ from urllib.parse import parse_qs, urlsplit
import googlemaps import googlemaps
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
from flask import g, url_for from flask import g, url_for
from flask_login import login_url
from sqlalchemy.exc import IntegrityError from sqlalchemy.exc import IntegrityError
@ -312,13 +313,24 @@ class UtilActions(object):
return self.get_ok(self.get_url(endpoint, **values)) return self.get_ok(self.get_url(endpoint, **values))
def assert_response_redirect(self, response, endpoint, **values): def assert_response_redirect(self, response, endpoint, **values):
assert response.status_code == 302 redirect_url = self.get_url(endpoint, **values)
self.assert_response_redirect_to_url(response, redirect_url)
def assert_response_redirect_to_url(self, response, redirect_url):
absolute_url = "http://localhost" + redirect_url
response_location = response.headers["Location"] response_location = response.headers["Location"]
redirect_url = self.get_url(endpoint, **values)
absolute_url = "http://localhost" + redirect_url
assert response_location == redirect_url or response_location == absolute_url assert response_location == redirect_url or response_location == absolute_url
def assert_response_redirect_to_login(self, response, next_url):
assert response.status_code == 302
with self._client:
with self._app.test_request_context():
redirect_url = login_url("security.login", next_url)
self.assert_response_redirect_to_url(response, redirect_url)
def assert_response_contains_alert(self, response, category, message=None): def assert_response_contains_alert(self, response, category, message=None):
assert response.status_code == 200 assert response.status_code == 200

2
tests/views/test_admin_unit_member_invitation.py
View File

@ -224,7 +224,7 @@ def test_read_new_member_not_authenticated(client, app, utils, seeder):
url = "/invitations/%d" % invitation_id url = "/invitations/%d" % invitation_id
response = client.get(url) response = client.get(url)
utils.assert_response_redirect(response, "security.login", next=url) utils.assert_response_redirect_to_login(response, url)
@pytest.mark.parametrize("user_exists", [True, False]) @pytest.mark.parametrize("user_exists", [True, False])

4
tests/views/test_manage.py
View File

@ -18,7 +18,7 @@ def test_index_withValidCookie(client, seeder, app, utils):
with app.app_context(): with app.app_context():
encoded = encode_cookie(str(admin_unit_id)) encoded = encode_cookie(str(admin_unit_id))
client.set_cookie("localhost", "manage_admin_unit_id", encoded) client.set_cookie("manage_admin_unit_id", encoded)
response = utils.get_endpoint("manage") response = utils.get_endpoint("manage")
utils.assert_response_redirect(response, "manage_admin_unit", id=admin_unit_id) utils.assert_response_redirect(response, "manage_admin_unit", id=admin_unit_id)
@ -26,7 +26,7 @@ def test_index_withValidCookie(client, seeder, app, utils):
def test_index_withInvalidCookie(client, seeder: Seeder, utils: UtilActions): def test_index_withInvalidCookie(client, seeder: Seeder, utils: UtilActions):
user_id, admin_unit_id = seeder.setup_base() user_id, admin_unit_id = seeder.setup_base()
client.set_cookie("localhost", "manage_admin_unit_id", "invalid") client.set_cookie("manage_admin_unit_id", "invalid")
response = utils.get_endpoint("manage") response = utils.get_endpoint("manage")
utils.assert_response_redirect(response, "manage_admin_units") utils.assert_response_redirect(response, "manage_admin_units")

3
tests/views/test_user.py
View File

@ -27,8 +27,9 @@ def test_organization_invitation_not_authenticated(client, app, utils, seeder):
seeder.create_user("invited@test.de") seeder.create_user("invited@test.de")
url = utils.get_url("user_organization_invitation", id=invitation_id) url = utils.get_url("user_organization_invitation", id=invitation_id)
response = client.get(url) response = client.get(url)
utils.assert_response_redirect(response, "security.login", next=url) utils.assert_response_redirect_to_login(response, url)
@pytest.mark.parametrize("user_exists", [True, False]) @pytest.mark.parametrize("user_exists", [True, False])