I don't know enought to answer, I can only give an example of how I tested
forms with auth tokens.
This is a few months ago now, so I'm a bit fuzzy on why I did it like this
and hope others have better examples.
In routing.py:
map.connect('authToken', '/accounts/authtoken',
controller='accounts', action='authToken')
That authToken action uses authentication_token()
from webhelpers.pylonslib.secure_form
In the test two requests happen, one to get the form and one to get the auth
token.
....
def test_exampletest(self):
#1 get form
response = self.app.get(url('urlThatReturnsTheForm'))
resendForm = response.forms.get('FormName')
resendForm.set(u'fieldName', 'ValueToSet')
#2 get auth token, and put in it the form
authTokenResponse = self.app.get(url('authToken'))
resendForm.set(u'_authentication_token', authTokenResponse.body)
response3 = resendForm.submit()
....
If I remember correctly, the reason why there is a route just for getting
the auth token is because some times a user would submit a form with an
error or hit the back button and return to the form with a now stale auth
token, so some javascript was used to always get a new token whenever a form
was shown.
Just my two cents, I think others on here might have better suggestions.
Ian
On Tue, Oct 5, 2010 at 1:12 PM, Ryan <[email protected]> wrote:
> I'm using:
> from pylons.decorators.secure import authenticate_form
>
> And the decorator:
> @authenticate_form
>
> I started off decorating both the action the renders the form (edit),
> and the action that handles the form (update). But that prevented the
> form from even loading (403 on account of CSF), so I moved the
> decorator exclusively to the handler action.
>
> Seems to work, but I have a question: I don't understanding how merely
> importing authenticate_form and decorating my update action magically
> creates an "_authentication_token" hidden field on the form rendered
> by the non-decorated edit action. Can someone explain?
>
> Second question: While the authenticity token works, my functional
> tests now fail. Can someone give an example of how to functionally
> test a form that uses authenticity tokens?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<pylons-discuss%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
