guivis
/
KeepPolling
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

[guivis/KeepPolling#9]

Browse Source 
- add some testing to disallow unauthenticated users casting votes
- added login required to polls endpoints
- requiring csrf token for casting vote
main
Guy Davis 7 months ago
parent 45050dc4b5
commit 3efd2d2a22
2 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File

38
polls/tests.py
Unescape View File

@ -72,7 +72,7 @@ class PollDetailsTests(
self, self,
): ):
""" """
If test user has not yet voted, options should be shown If test user has already voted, results should be shown
""" """
test_user = self.fresh_user_logged_in() test_user = self.fresh_user_logged_in()
poll = self.create_poll_with_questions() poll = self.create_poll_with_questions()
@ -111,7 +111,7 @@ class PollDetailsTests(
self, self,
): ):
""" """
If test user has not yet voted, options should be shown If test user has already voted, voting again should not change anything
""" """
test_user = self.fresh_user_logged_in() test_user = self.fresh_user_logged_in()
poll = self.create_poll_with_questions() poll = self.create_poll_with_questions()
@ -146,3 +146,37 @@ class PollDetailsTests(
Vote.objects.count(), Vote.objects.count(),
1, 1,
) )
def test_unauthenticated_user_cant_vote(
self,
):
"""
If an unauthenticated user tries to vote it should fail
"""
poll = self.create_poll_with_questions()
options = Option.objects.filter(
poll=poll,
)
self.assertEqual(
Vote.objects.count(),
0,
)
response = self.client.post(
reverse(
"cast-vote",
kwargs={
"poll_id": poll.pk,
"option_id": options[0].pk,
}
),
)
self.assertNotEqual(
response.status_code,
200,
)
self.assertEqual(
Vote.objects.count(),
0,
)

7
polls/views.py
Unescape View File

@ -1,9 +1,12 @@
from django.contrib.auth.decorators import login_required
from django.db.models import Count from django.db.models import Count
from django.shortcuts import render, get_object_or_404 from django.shortcuts import render, get_object_or_404
from django.views.decorators.csrf import requires_csrf_token
from polls.models import Poll, Option, Vote from polls.models import Poll, Option, Vote
@login_required
def polls( def polls(
request, request,
): ):
@ -29,6 +32,7 @@ def already_voted(
return vote.exists() return vote.exists()
@login_required
def poll_results( def poll_results(
request, request,
poll_id, poll_id,
@ -56,6 +60,7 @@ def poll_results(
) )
@login_required
def poll_details( def poll_details(
request, request,
poll_id, poll_id,
@ -90,6 +95,8 @@ def poll_details(
) )
@login_required
@requires_csrf_token
def cast_vote( def cast_vote(
request, request,
poll_id, poll_id,

Write Preview
Loading…
Cancel
Save

Powered by TurnKey Linux.