update

bloomberg · Oct 3, 2024 · 2bdea53 · 2bdea53
1 parent 8c71dfc
commit 2bdea53
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/pybossa/view/projects.py b/pybossa/view/projects.py
@@ -3528,9 +3528,8 @@ def ownership_id(short_name):
                 old_ownership_id, new_ownership_id)
             project.info['ownership_id'] = new_ownership_id
             project_repo.save(project)
-            response['ownership_id'] = new_ownership_id
-
-            flash(gettext('Ownership ID updated successfully'), 'success')
+        response['ownership_id'] = new_ownership_id
+        flash(gettext('Ownership ID updated successfully'), 'success')
 
     return handle_content_type(response)
 

diff --git a/test/test_ownership_id.py b/test/test_ownership_id.py
@@ -21,7 +21,7 @@ def test_00_access_ownership_id(self):
         self.signin()
         self.new_project()
 
-        res = self.app.get('/project/sampleapp/ownership_id', follow_redirects=True)
+        res = self.app.get('/project/sampleapp/ownership_id', content_type='application/json', follow_redirects=True)
         assert "ownership_id" in str(res.data), res.data
 
         self.signout()
@@ -32,15 +32,21 @@ def test_00_access_ownership_id(self):
     def test_01_edit_ownership_id(self):
         """Test admin and owner can edit ownership id"""
         self.register()
+        csrf = self.get_csrf('/account/signin')
         self.signin()
-
         self.new_project()
+
+        # test add id
         payload = {'ownership_id': '12345'}
-        res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload))
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
         assert "12345" in str(res.data), res.data
-
+        # test same id as saved
+        payload = {'ownership_id': '12345'}
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
+        assert "12345" in str(res.data), res.data
+        # test remove id
         payload = {'ownership_id': ''}
-        res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload))
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
         assert "12345" not in str(res.data), res.data
 
         self.signout()
@@ -51,19 +57,20 @@ def test_01_edit_ownership_id(self):
     def test_02_invalid_ownership_ids(self):
         """Test ownership id validation"""
         self.register()
+        csrf = self.get_csrf('/account/signin')
         self.signin()
-
         self.new_project()
+
         payload = {'ownership_id': 'abcd123'}
-        res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload))
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
         assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data
 
         payload = {'ownership_id': '123!!!abc'}
-        res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload))
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
         assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data
 
         payload = {'ownership_id': '1111111111111111111111'}
-        res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload))
+        res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload))
         assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data
 
         self.signout()