(self, email, password, _follow_redirects=False,
headers=None, extra_form_data=dict())
| 129 | return csrf_token |
| 130 | |
| 131 | def login(self, email, password, _follow_redirects=False, |
| 132 | headers=None, extra_form_data=dict()): |
| 133 | csrf_token = None |
| 134 | if config.SERVER_MODE is True: |
| 135 | res = self.get('/login', |
| 136 | follow_redirects=_follow_redirects) |
| 137 | csrf_token = self.fetch_csrf(res) |
| 138 | |
| 139 | if csrf_token is None: |
| 140 | csrf_token = self.generate_csrf_token() |
| 141 | |
| 142 | form_data = dict( |
| 143 | email=email, |
| 144 | password=password, |
| 145 | csrf_token=csrf_token |
| 146 | ) |
| 147 | |
| 148 | if extra_form_data: |
| 149 | form_data.update(extra_form_data) |
| 150 | |
| 151 | res = self.post( |
| 152 | '/authenticate/login', data=form_data, |
| 153 | follow_redirects=_follow_redirects, |
| 154 | headers=headers |
| 155 | ) |
| 156 | # Flask-Paranoid regenerates the session on login (anti-fixation), |
| 157 | # which drops the `csrf_token` populated during GET /login. Capture |
| 158 | # a fresh token from a post-login authenticated page so subsequent |
| 159 | # state-changing API calls aren't rejected with "CSRF session token |
| 160 | # is missing." |
| 161 | if config.SERVER_MODE is True: |
| 162 | post_login = self.get('/browser/', follow_redirects=True) |
| 163 | fresh_token = self.fetch_csrf(post_login) |
| 164 | if fresh_token is not None: |
| 165 | self.csrf_token = fresh_token |
| 166 | else: |
| 167 | self.csrf_token = csrf_token |
| 168 | else: |
| 169 | self.csrf_token = csrf_token |
| 170 | |
| 171 | return res |
| 172 | |
| 173 | def logout(self): |
| 174 | self.get('/logout?next=/browser/', follow_redirects=False) |
no test coverage detected