diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-04 19:21:10 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-04 19:21:10 -0700 |
commit | fc443013d4a004d69c53be3286e33dd30921879e (patch) | |
tree | 7ae87d9be5ec06d0612203f153302c496c3743d4 /python/fatcat_web | |
parent | ab649adac04086817c69113fa075f1cb9bdc6d0f (diff) | |
download | fatcat-fc443013d4a004d69c53be3286e33dd30921879e.tar.gz fatcat-fc443013d4a004d69c53be3286e33dd30921879e.zip |
improve test coverage
Diffstat (limited to 'python/fatcat_web')
-rw-r--r-- | python/fatcat_web/routes.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py index 44216809..18c51d43 100644 --- a/python/fatcat_web/routes.py +++ b/python/fatcat_web/routes.py @@ -343,7 +343,8 @@ def editgroup_view(ident): @app.route('/editgroup/<ident>/annotation', methods=['POST']) @login_required def editgroup_create_annotation(ident): - app.csrf.protect() + if not app.testing: + app.csrf.protect() comment_markdown = request.form.get('comment_markdown') if not comment_markdown: app.log.info("empty comment field") @@ -368,7 +369,8 @@ def editgroup_create_annotation(ident): @app.route('/editgroup/<ident>/accept', methods=['POST']) @login_required def editgroup_accept(ident): - app.csrf.protect() + if not app.testing: + app.csrf.protect() # on behalf of user... user_api = auth_api(session['api_token']) try: @@ -385,7 +387,8 @@ def editgroup_accept(ident): @app.route('/editgroup/<ident>/unsubmit', methods=['POST']) @login_required def editgroup_unsubmit(ident): - app.csrf.protect() + if not app.testing: + app.csrf.protect() # on behalf of user... user_api = auth_api(session['api_token']) try: @@ -402,7 +405,8 @@ def editgroup_unsubmit(ident): @app.route('/editgroup/<ident>/submit', methods=['POST']) @login_required def editgroup_submit(ident): - app.csrf.protect() + if not app.testing: + app.csrf.protect() # on behalf of user... print("submitting...") user_api = auth_api(session['api_token']) @@ -618,7 +622,8 @@ def token_login(): @app.route('/auth/change_username', methods=['POST']) @login_required def change_username(): - app.csrf.protect() + if not app.testing: + app.csrf.protect() # show the user a list of login options if not 'username' in request.form: abort(400) |