8 files changed, 180 insertions, 16 deletions

diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
index 40961eca..153c6e53 100644
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@@ -168,7 +168,7 @@ def test_register_views(test_app):
     ## Make sure user is logged in
     request = template.TEMPLATE_TEST_CONTEXT[
         'mediagoblin/user_pages/user.html']['request']
-    assert request.session['user_id'] == unicode(new_user['_id'])
+    assert request.session['user_id'] == unicode(new_user._id)
 
     ## Make sure we get email confirmation, and try verifying
     assert len(mail.EMAIL_TEST_INBOX) == 1
@@ -185,7 +185,7 @@ def test_register_views(test_app):
 
     ### user should have these same parameters
     assert parsed_get_params['userid'] == [
-        unicode(new_user['_id'])]
+        unicode(new_user._id)]
     assert parsed_get_params['token'] == [
         new_user['verification_key']]
 
@@ -193,7 +193,7 @@ def test_register_views(test_app):
     template.clear_test_template_context()
     response = test_app.get(
         "/auth/verify_email/?userid=%s&token=total_bs" % unicode(
-            new_user['_id']))
+            new_user._id))
     response.follow()
     context = template.TEMPLATE_TEST_CONTEXT[
         'mediagoblin/user_pages/user.html']
@@ -269,7 +269,7 @@ def test_register_views(test_app):
 
     # user should have matching parameters
     new_user = mg_globals.database.User.find_one({'username': 'happygirl'})
-    assert parsed_get_params['userid'] == [unicode(new_user['_id'])]
+    assert parsed_get_params['userid'] == [unicode(new_user._id)]
     assert parsed_get_params['token'] == [new_user['fp_verification_key']]
 
     ### The forgotten password token should be set to expire in ~ 10 days
@@ -280,7 +280,7 @@ def test_register_views(test_app):
     template.clear_test_template_context()
     response = test_app.get(
         "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
-            new_user['_id']), status=400)
+            new_user._id), status=400)
     assert response.status == '400 Bad Request'
 
     ## Try using an expired token to change password, shouldn't work
@@ -412,7 +412,7 @@ def test_authentication_views(test_app):
     # Make sure user is in the session
     context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
     session = context['request'].session
-    assert session['user_id'] == unicode(test_user['_id'])
+    assert session['user_id'] == unicode(test_user._id)
 
     # Successful logout
     # -----------------
diff --git a/mediagoblin/tests/test_csrf_middleware.py b/mediagoblin/tests/test_csrf_middleware.py
index cf03fe58..691f10b9 100644
--- a/mediagoblin/tests/test_csrf_middleware.py
+++ b/mediagoblin/tests/test_csrf_middleware.py
@@ -26,12 +26,14 @@ from mediagoblin import mg_globals
 @setup_fresh_app
 def test_csrf_cookie_set(test_app):
 
+    cookie_name = mg_globals.app_config['csrf_cookie_name']
+    
     # get login page
     response = test_app.get('/auth/login/')
 
     # assert that the mediagoblin nonce cookie has been set
     assert 'Set-Cookie' in response.headers
-    assert 'mediagoblin_nonce' in response.cookies_set
+    assert cookie_name in response.cookies_set
 
     # assert that we're also sending a vary header
     assert response.headers.get('Vary', False) == 'Cookie'
diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py
new file mode 100644
index 00000000..3637b046
--- /dev/null
+++ b/mediagoblin/tests/test_edit.py
@@ -0,0 +1,112 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from mediagoblin import mg_globals
+from mediagoblin.tests.tools import setup_fresh_app
+from mediagoblin.tools import template
+from mediagoblin.auth.lib import bcrypt_check_password, \
+                                 bcrypt_gen_password_hash
+
+
+@setup_fresh_app
+def test_change_password(test_app):
+    """Test changing password correctly and incorrectly"""
+    # set up new user
+    test_user = mg_globals.database.User()
+    test_user['username'] = u'chris'
+    test_user['email'] = u'chris@example.com'
+    test_user['email_verified'] = True
+    test_user['status'] = u'active'
+    test_user['pw_hash'] = bcrypt_gen_password_hash('toast')
+    test_user.save()
+
+    test_app.post(
+        '/auth/login/', {
+            'username': u'chris',
+            'password': 'toast'})
+
+    # test that the password can be changed
+    # template.clear_test_template_context()
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'',
+            'url': u'',
+            'old_password': 'toast',
+            'new_password': '123456',
+            'confirm_password': '123456'})
+
+    # test_user has to be fetched again in order to have the current values
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert bcrypt_check_password('123456', test_user['pw_hash'])
+
+    # test that the password cannot be changed if the given old_password
+    # is wrong
+    # template.clear_test_template_context()
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'',
+            'url': u'',
+            'old_password': 'toast',
+            'new_password': '098765',
+            'confirm_password': '098765'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert not bcrypt_check_password('098765', test_user['pw_hash'])
+
+
+@setup_fresh_app
+def change_bio_url(test_app):
+    """Test changing bio and URL"""
+    # set up new user
+    test_user = mg_globals.database.User()
+    test_user['username'] = u'chris'
+    test_user['email'] = u'chris@example.com'
+    test_user['email_verified'] = True
+    test_user['status'] = u'active'
+    test_user['pw_hash'] = bcrypt_gen_password_hash('toast')
+    test_user.save()
+
+    # test changing the bio and the URL properly
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'I love toast!',
+            'url': u'http://dustycloud.org/'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert test_user['bio'] == u'I love toast!'
+    assert test_user['url'] == u'http://dustycloud.org/'
+
+    # test changing the bio and the URL inproperly
+    too_long_bio = 150 * 'T' + 150 * 'o' + 150 * 'a' + 150 * 's' + 150* 't'
+
+    test_app.post(
+        '/edit/profile/', {
+            # more than 500 characters
+            'bio': too_long_bio,
+            'url': 'this-is-no-url'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/edit/edit_profile.html']
+    form = context['edit_profile_form']
+
+    assert form.bio.errors == [u'Field must be between 0 and 500 characters long.']
+    assert form.url.errors == [u'Improperly formed URL']
+
+    # test changing the url inproperly
diff --git a/mediagoblin/tests/test_mgoblin_app.ini b/mediagoblin/tests/test_mgoblin_app.ini
index ab32cccc..f979e810 100644
--- a/mediagoblin/tests/test_mgoblin_app.ini
+++ b/mediagoblin/tests/test_mgoblin_app.ini
@@ -1,5 +1,5 @@
 [mediagoblin]
-direct_remote_path = /mgoblin_static/
+direct_remote_path = /test_static/
 email_sender_address = "notice@mediagoblin.example.org"
 email_debug_mode = true
 db_name = __mediagoblin_tests__
diff --git a/mediagoblin/tests/test_migrations.py b/mediagoblin/tests/test_migrations.py
index fc2449f7..e7cef0a1 100644
--- a/mediagoblin/tests/test_migrations.py
+++ b/mediagoblin/tests/test_migrations.py
@@ -23,6 +23,7 @@ from mediagoblin.tests.tools import (
 from mediagoblin.db.util import (
     RegisterMigration, MigrationManager, ObjectId,
     MissingCurrentMigration)
+from mediagoblin.db.migrations import add_table_field
 
 # This one will get filled with local migrations
 TEST_MIGRATION_REGISTRY = {}
@@ -45,10 +46,7 @@ def creature_add_magical_powers(database):
     magical powers, all existing monsters, setting to an empty list is
     fine.
     """
-    database['creatures'].update(
-        {'magical_powers': {'$exists': False}},
-        {'$set': {'magical_powers': []}},
-        multi=True)
+    add_table_field(database, 'creatures', 'magical_powers', [])
 
 
 @RegisterMigration(2, TEST_MIGRATION_REGISTRY)
diff --git a/mediagoblin/tests/test_paste.ini b/mediagoblin/tests/test_paste.ini
index e7574b7a..bd57994b 100644
--- a/mediagoblin/tests/test_paste.ini
+++ b/mediagoblin/tests/test_paste.ini
@@ -5,7 +5,7 @@ debug = true
 use = egg:Paste#urlmap
 / = mediagoblin
 /mgoblin_media/ = publicstore_serve
-/mgoblin_static/ = mediagoblin_static
+/test_static/ = mediagoblin_static
 
 [app:mediagoblin]
 use = egg:mediagoblin#app
diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py
index 1c657e6c..dec7118b 100644
--- a/mediagoblin/tests/test_submission.py
+++ b/mediagoblin/tests/test_submission.py
@@ -177,7 +177,7 @@ class TestSubmission:
             request.urlgen('mediagoblin.user_pages.media_confirm_delete',
                            # No work: user=media.uploader().username,
                            user=self.test_user['username'],
-                           media=media['_id']),
+                           media=media._id),
             # no value means no confirm
             {})
 
@@ -197,7 +197,7 @@ class TestSubmission:
             request.urlgen('mediagoblin.user_pages.media_confirm_delete',
                            # No work: user=media.uploader().username,
                            user=self.test_user['username'],
-                           media=media['_id']),
+                           media=media._id),
             {'confirm': 'y'})
 
         response.follow()
@@ -208,7 +208,7 @@ class TestSubmission:
         # Does media entry still exist?
         assert_false(
             request.db.MediaEntry.find(
-                {'_id': media['_id']}).count())
+                {'_id': media._id}).count())
 
     def test_malicious_uploads(self):
         # Test non-suppoerted file with non-supported extension
diff --git a/mediagoblin/tests/tools.py b/mediagoblin/tests/tools.py
index cf84da14..420d9ba8 100644
--- a/mediagoblin/tests/tools.py
+++ b/mediagoblin/tests/tools.py
@@ -21,6 +21,7 @@ import os, shutil
 from paste.deploy import loadapp
 from webtest import TestApp
 
+from mediagoblin import mg_globals
 from mediagoblin.tools import testing
 from mediagoblin.init.config import read_mediagoblin_config
 from mediagoblin.decorators import _make_safe
@@ -49,6 +50,51 @@ $ CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_tests ./bin/nosetests"""
 class BadCeleryEnviron(Exception): pass
 
 
+class TestingMiddleware(object):
+    """
+    Middleware for the Unit tests
+    
+    It might make sense to perform some tests on all
+    requests/responses. Or prepare them in a special
+    manner. For example all html responses could be tested
+    for being valid html *after* being rendered.
+
+    This module is getting inserted at the front of the
+    middleware list, which means: requests are handed here
+    first, responses last. So this wraps up the "normal"
+    app.
+
+    If you need to add a test, either add it directly to
+    the appropiate process_request or process_response, or
+    create a new method and call it from process_*.
+    """
+
+    def __init__(self, mg_app):
+        self.app = mg_app
+
+    def process_request(self, request):
+        pass
+
+    def process_response(self, request, response):
+        # All following tests should be for html only!
+        if response.content_type != "text/html":
+            # Get out early
+            return
+
+        # If the template contains a reference to
+        # /mgoblin_static/ instead of using
+        # /request.staticdirect(), error out here.
+        # This could probably be implemented as a grep on
+        # the shipped templates easier...
+        if response.text.find("/mgoblin_static/") >= 0:
+            raise AssertionError(
+                "Response HTML contains reference to /mgoblin_static/ "
+                "instead of staticdirect. Request was for: "
+                + request.full_path)
+
+        return
+
+
 def suicide_if_bad_celery_environ():
     if not os.environ.get('CELERY_CONFIG_MODULE') == \
             'mediagoblin.init.celery.from_tests':
@@ -103,6 +149,12 @@ def get_test_app(dump_old_app=True):
     test_app = loadapp(
         'config:' + TEST_SERVER_CONFIG)
 
+    # Insert the TestingMiddleware, which can do some
+    # sanity checks on every request/response.
+    # Doing it this way is probably not the cleanest way.
+    # We'll fix it, when we have plugins!
+    mg_globals.app.middleware.insert(0, TestingMiddleware(mg_globals.app))
+
     app = TestApp(test_app)
     MGOBLIN_APP = app