summaryrefslogtreecommitdiffstats
path: root/python/fatcat_web/routes.py
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-04-04 19:21:10 -0700
committerBryan Newbold <bnewbold@robocracy.org>2019-04-04 19:21:10 -0700
commitfc443013d4a004d69c53be3286e33dd30921879e (patch)
tree7ae87d9be5ec06d0612203f153302c496c3743d4 /python/fatcat_web/routes.py
parentab649adac04086817c69113fa075f1cb9bdc6d0f (diff)
downloadfatcat-fc443013d4a004d69c53be3286e33dd30921879e.tar.gz
fatcat-fc443013d4a004d69c53be3286e33dd30921879e.zip
improve test coverage
Diffstat (limited to 'python/fatcat_web/routes.py')
-rw-r--r--python/fatcat_web/routes.py15
1 files changed, 10 insertions, 5 deletions
diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py
index 44216809..18c51d43 100644
--- a/python/fatcat_web/routes.py
+++ b/python/fatcat_web/routes.py
@@ -343,7 +343,8 @@ def editgroup_view(ident):
@app.route('/editgroup/<ident>/annotation', methods=['POST'])
@login_required
def editgroup_create_annotation(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
comment_markdown = request.form.get('comment_markdown')
if not comment_markdown:
app.log.info("empty comment field")
@@ -368,7 +369,8 @@ def editgroup_create_annotation(ident):
@app.route('/editgroup/<ident>/accept', methods=['POST'])
@login_required
def editgroup_accept(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
user_api = auth_api(session['api_token'])
try:
@@ -385,7 +387,8 @@ def editgroup_accept(ident):
@app.route('/editgroup/<ident>/unsubmit', methods=['POST'])
@login_required
def editgroup_unsubmit(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
user_api = auth_api(session['api_token'])
try:
@@ -402,7 +405,8 @@ def editgroup_unsubmit(ident):
@app.route('/editgroup/<ident>/submit', methods=['POST'])
@login_required
def editgroup_submit(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
print("submitting...")
user_api = auth_api(session['api_token'])
@@ -618,7 +622,8 @@ def token_login():
@app.route('/auth/change_username', methods=['POST'])
@login_required
def change_username():
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# show the user a list of login options
if not 'username' in request.form:
abort(400)