From 33698fcfdeebdc38658e5f34dadce0b90f3c611a Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Mon, 10 Jan 2011 10:16:34 -0800 Subject: [PATCH 1/2] Remove old debugging code for validToken. --- lib/WebGUI/Session/Form.pm | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/WebGUI/Session/Form.pm b/lib/WebGUI/Session/Form.pm index 85a6a0fd5..e96db196c 100644 --- a/lib/WebGUI/Session/Form.pm +++ b/lib/WebGUI/Session/Form.pm @@ -186,10 +186,7 @@ the one in this user's current session. sub validToken { my ($self) = @_; my $session = $self->session; - $session->log->info('HTTP method: '. $session->request->method); - $session->log->info('CSRF token: '. $session->scratch->get('webguiCsrfToken')); return 0 unless $session->request->method eq 'POST'; - $session->log->info('Web token: '. $self->param('webguiCsrfToken')); return 0 unless $self->param('webguiCsrfToken') eq $session->scratch->get('webguiCsrfToken'); return 1; } From dfffaf307ce390134bb320029064c2d1747fb4dd Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Mon, 10 Jan 2011 10:16:55 -0800 Subject: [PATCH 2/2] Add a test for tripping maximum assets to make sure it works. We will depend on the live tests for www_editSave to determine the opposite case. --- t/Asset/maximum_assets.t | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 t/Asset/maximum_assets.t diff --git a/t/Asset/maximum_assets.t b/t/Asset/maximum_assets.t new file mode 100644 index 000000000..bc36fd0f9 --- /dev/null +++ b/t/Asset/maximum_assets.t @@ -0,0 +1,57 @@ +#------------------------------------------------------------------- +# WebGUI is Copyright 2001-2009 Plain Black Corporation. +#------------------------------------------------------------------- +# Please read the legal notices (docs/legal.txt) and the license +# (docs/license.txt) that came with this distribution before using +# this software. +#------------------------------------------------------------------- +# http://www.plainblack.com info@plainblack.com +#------------------------------------------------------------------- + +use FindBin; +use strict; +use lib "$FindBin::Bin/../lib"; + +use WebGUI::Test; +use WebGUI::Session; +use WebGUI::Asset; + +use Test::More; +use Test::Deep; +use Clone qw/clone/; + +plan tests => 1; + +my $session = WebGUI::Test->session; + +##Set the maximum assets to 5 +WebGUI::Test->originalConfig('maximumAssets'); +$session->config->set('maximumAssets', 5); + +my $rootAsset = WebGUI::Asset->getRoot($session); + +##Override the user function style template so we can examine its output easily + #1234567890123456789012# +my $templateId = 'USER_STYLE_OVERRIDE___'; +my $templateMock = Test::MockObject->new({}); +$templateMock->set_isa('WebGUI::Asset::Template'); +$templateMock->set_always('getId', $templateId); +my $templateVars; +$templateMock->mock('process', sub { $templateVars = clone($_[1]); } ); +$session->setting->set('userFunctionStyleId', $templateId); + +##Have to have a user who can add assets to the root node +$session->user({userId => 3}); +$session->request->method('POST'); +$session->request->setup_body({ + webguiCsrfToken => $session->scratch->get('webguiCsrfToken'), + assetId => 'new', +}); +{ + WebGUI::Test->mockAssetId($templateId, $templateMock); + $rootAsset->www_editSave; + like $templateVars->{'body.content'}, qr/limited the number of assets/, 'tripped maximumAssets'; + my $count = $session->db->quickScalar('select count(*) from asset'); +} + +