In BaseHandler redefine the two methods for renderize templates and r…

…esponse json, also an util to read the ID of an item. Fix some security issues on the ngforms. Add some utils to testBase
ernestoalejo · Feb 2, 2013 · ff55f58 · ff55f58
1 parent dd93840
commit ff55f58
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 21 deletions.
diff --git a/handlers.py b/handlers.py
@@ -3,14 +3,37 @@
 from webapp2_extras import json
 
 import os
+import datetime
 
 
 class Base(webapp2.RequestHandler):
-  def render(self, name, *args, **kwargs):
-    template = jinja_environment.get_template(os.path.join("templates", 
-        ('%s.html' % name) ))
-    self.response.out.write(template.render(*args, **kwargs))
-
-  def json(self, value):
-    self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
-    self.response.out.write(json.encode(value))
+  @webapp2.cached_property
+  def jinja2(self):
+    return jinja2.get_jinja2(app=self.app)
+
+  def render(self, template, **kwargs):
+    self.response.headers.add('X-UA-Compatible', 'chrome=1')
+    self.response.headers.add('Content-Type', 'text/html; charset=utf-8')
+
+    resp = self.jinja2.render_template(template, **kwargs)
+    self.response.write(resp)
+
+  def json(self, data):
+    self.response.headers.add('Content-Type', 'application/json; charset=utf-8')
+    self.response.out.write(")]}',\n")
+
+    def serializer(obj):
+      if isinstance(obj, datetime.datetime):
+        return obj.isoformat()
+      return None
+
+    self.response.write(json.encode(data, default=serializer))
+
+  def long_id(self, num):
+    try:
+      n = long(num)
+      if n == 0:
+        self.abort(403, detail='valid numeric id expected')
+        return n
+    except ValueError:
+      self.abort(403, detail='numeric id expected')
diff --git a/ngforms.py b/ngforms.py
@@ -20,6 +20,9 @@ def validate(self):
     request = webapp2.get_request()
     data = json.decode(request.body)
 
+    if not isinstance(data, dict):
+      request.abort(403)
+
     for f in self.fields:
       try:
         value = data[f.id].strip()
@@ -42,7 +45,11 @@ def validations(self):
     raise NotImplemented()
 
   def field(self, id):
-    return field_values[id]
+    if isinstance(field_values[id], basestring):
+      return field_values[id]
+
+    request = webapp2.get_request()
+    request.abort(403)
 
 
 class Validation(object):

diff --git a/tests.py b/tests.py
@@ -8,17 +8,41 @@ class Base(unittest.TestCase):
   def setUp(self):
     self.testbed = testbed.Testbed()
     self.testbed.activate()
+
+    self.init()
+    self.addCleanup(self.finish)
+    self.addCleanup(self.testbed.deactivate)
+
+  def init(self):
+    pass
+
+  def finish(self):
+    pass
+
+  def login(self, admin=False):
+    pass
 
-    if 'init' in self.__class__.__dict__:
-      self.init()
-
-  def tearDown(self):
-    self.testbed.deactivate()
+  def init_datastore(self, full=True):
+    if full:
+      policy = datastore_stub_util.PseudoRandomHRConsistencyPolicy(probability=1)
+    else:
+      policy = datastore_stub_util.PseudoRandomHRConsistencyPolicy(probability=0)
+
+    self.testbed.init_datastore_v3_stub(consistency_policy=policy)
+    self.testbed.init_memcache_stub()
+
+  def init_taskqueue(self):
+    """Helper to init the taskqueue stub.
+ 
+    We abstract the fact that we should provide the root path to the application
+    in order to work correctly when reading cron.yaml. It provides an easy way
+    to access the stub from the tests too.
+    """
+    self.testbed.init_taskqueue_stub(root_path='.')
+    self.taskqueue = self.testbed.get_stub('taskqueue')
 
-  def login(self, admin=False):
-    self.testbed.setup_env(
-      USER_EMAIL='test@example.com',
-      USER_ID='123',
-      USER_IS_ADMIN='1' if admin else '0',
-      overwrite=True
-    )
+  def json_request(self, url, data):
+    r = webapp2.Request.blank(url)
+    r.method = 'POST'
+    r.body = json.encode(data)
+    return r