[Testbot] Plone 5.0 - Python 2.7 - Build # 1922 - Regression! - 13 failure(s)

jenkins at plone.org jenkins at plone.org
Wed Mar 12 03:29:29 UTC 2014


-------------------------------------------------------------------------------
Plone 5.0 - Python 2.7 - Build # 1922 - Failure!
-------------------------------------------------------------------------------

http://jenkins.plone.org/job/plone-5.0-python-2.7/1922/


-------------------------------------------------------------------------------
CHANGES
-------------------------------------------------------------------------------

Repository: plone.app.layout
Branch: refs/heads/master
Date: 2014-03-11T21:29:53-05:00
Author: Nathan Van Gheem (vangheem) <vangheem at gmail.com>
Commit: https://github.com/plone/plone.app.layout/commit/d8bd0357256784a66af17dc26135909e610dd6b7

handle auto csrf

Files changed:
M CHANGES.rst
M plone/app/layout/dashboard/dashboard.pt
M plone/app/layout/dashboard/dashboard.py
M plone/app/layout/globals/tests/test_portal.py
M plone/app/layout/viewlets/common.py
M plone/app/layout/viewlets/tests/test_common.py

diff --git a/CHANGES.rst b/CHANGES.rst
index 05098e2..71c5b83 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,7 +4,8 @@ Changelog
 2.5.1 (unreleased)
 ------------------
 
-- Nothing changed yet.
+- for contentview urls, add csrf token automatically
+  [vangheem]
 
 
 2.5.0 (2014-03-02)
diff --git a/plone/app/layout/dashboard/dashboard.pt b/plone/app/layout/dashboard/dashboard.pt
index c3a29ca..466cbe2 100644
--- a/plone/app/layout/dashboard/dashboard.pt
+++ b/plone/app/layout/dashboard/dashboard.pt
@@ -28,7 +28,7 @@
               </li>
               <li>
                 <a href=""
-                   tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard"
+                   tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard?_authenticator=${view/auth_token}"
                    i18n:translate="label_edit">Edit</a>
               </li>
             </ul>
diff --git a/plone/app/layout/dashboard/dashboard.py b/plone/app/layout/dashboard/dashboard.py
index 31827c8..3290e4b 100644
--- a/plone/app/layout/dashboard/dashboard.py
+++ b/plone/app/layout/dashboard/dashboard.py
@@ -12,6 +12,7 @@
 from Products.CMFCore.utils import getToolByName
 from Products.statusmessages.interfaces import IStatusMessage
 from Products.CMFPlone import PloneMessageFactory as _
+from plone.protect.authenticator import createToken
 
 
 class IDashboard(interface.Interface):
@@ -32,6 +33,10 @@ def __call__(self):
             IStatusMessage(self.request).add(message)
         return self.index()
 
+    @property
+    def auth_token(self):
+        return createToken()
+
     @memoize
     def can_edit(self):
         return bool(getSecurityManager().checkPermission(
diff --git a/plone/app/layout/globals/tests/test_portal.py b/plone/app/layout/globals/tests/test_portal.py
index ba4959a..56e7f3a 100644
--- a/plone/app/layout/globals/tests/test_portal.py
+++ b/plone/app/layout/globals/tests/test_portal.py
@@ -110,8 +110,8 @@ def test_is_rtl(self):
 
     def test_member(self):
         self.assertEqual(
-            self.view.member(),
-            self.portal.portal_membership.getAuthenticatedMember()
+            self.view.member().id,
+            self.portal.portal_membership.getAuthenticatedMember().id
         )
 
     def test_anonymous(self):
diff --git a/plone/app/layout/viewlets/common.py b/plone/app/layout/viewlets/common.py
index 1833d40..2d2aa22 100644
--- a/plone/app/layout/viewlets/common.py
+++ b/plone/app/layout/viewlets/common.py
@@ -18,6 +18,7 @@
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
 
 from plone.app.layout.globals.interfaces import IViewView
+from plone.protect.utils import addTokenToUrl
 
 
 class ViewletBase(BrowserView):
@@ -321,8 +322,9 @@ def prepareObjectTabs(self, default_tab='view',
                 item['url'] = action_url
             else:
                 item['url'] = '%s/%s' % (context_url, action_url)
+            item['url'] = addTokenToUrl(item['url'], self.request)
 
-            action_method = item['url'].split('/')[-1]
+            action_method = item['url'].split('/')[-1].split('?')[0]
 
             # Action method may be a method alias:
             # Attempt to resolve to a template.
@@ -330,7 +332,7 @@ def prepareObjectTabs(self, default_tab='view',
                 action_method, default=action_method
             )
             if action_method:
-                request_action = unquote(request_url_path)
+                request_action = unquote(request_url_path).split('?')[0]
                 request_action = context_fti.queryMethodID(
                     request_action, default=request_action
                 )
diff --git a/plone/app/layout/viewlets/tests/test_common.py b/plone/app/layout/viewlets/tests/test_common.py
index cf5ccba..cbe2650 100644
--- a/plone/app/layout/viewlets/tests/test_common.py
+++ b/plone/app/layout/viewlets/tests/test_common.py
@@ -11,6 +11,8 @@
 from plone.app.layout.viewlets.common import ContentViewsViewlet
 from plone.app.layout.navigation.interfaces import INavigationRoot
 
+from plone.protect import authenticator as auth
+
 
 class TestViewletBase(ViewletsTestCase):
     """Test the base class for the viewlets.
@@ -78,8 +80,10 @@ def testPrepareObjectTabsNonStructuralFolder(self):
     def testPrepareObjectTabsDefaultView(self):
         self._invalidateRequestMemoizations()
         self.loginAsPortalOwner()
-        self.app.REQUEST[
-            'ACTUAL_URL'] = self.folder.test.absolute_url() + '/edit'
+        self.app.REQUEST['ACTUAL_URL'] = '%s/edit?_authenticator=%s' % (
+            self.folder.test.absolute_url(),
+            auth.createToken()
+        )
         view = ContentViewsViewlet(self.folder.test, self.app.REQUEST, None)
         tabs = view.prepareObjectTabs()
         self.assertEqual(0, len([t for t in tabs if t[




-------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CHANGES.log
Type: application/octet-stream
Size: 5419 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/dcc98241/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: build.log
Type: application/octet-stream
Size: 152679 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/dcc98241/attachment-0003.obj>


More information about the Testbot mailing list