diff --git a/pybossa/view/projects.py b/pybossa/view/projects.py index a8bc830b1..126ba7d53 100644 --- a/pybossa/view/projects.py +++ b/pybossa/view/projects.py @@ -3528,9 +3528,8 @@ def ownership_id(short_name): old_ownership_id, new_ownership_id) project.info['ownership_id'] = new_ownership_id project_repo.save(project) - response['ownership_id'] = new_ownership_id - - flash(gettext('Ownership ID updated successfully'), 'success') + response['ownership_id'] = new_ownership_id + flash(gettext('Ownership ID updated successfully'), 'success') return handle_content_type(response) diff --git a/test/test_ownership_id.py b/test/test_ownership_id.py index a49f8ef99..5d38efb34 100644 --- a/test/test_ownership_id.py +++ b/test/test_ownership_id.py @@ -21,7 +21,7 @@ def test_00_access_ownership_id(self): self.signin() self.new_project() - res = self.app.get('/project/sampleapp/ownership_id', follow_redirects=True) + res = self.app.get('/project/sampleapp/ownership_id', content_type='application/json', follow_redirects=True) assert "ownership_id" in str(res.data), res.data self.signout() @@ -32,15 +32,21 @@ def test_00_access_ownership_id(self): def test_01_edit_ownership_id(self): """Test admin and owner can edit ownership id""" self.register() + csrf = self.get_csrf('/account/signin') self.signin() - self.new_project() + + # test add id payload = {'ownership_id': '12345'} - res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload)) + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) assert "12345" in str(res.data), res.data - + # test same id as saved + payload = {'ownership_id': '12345'} + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) + assert "12345" in str(res.data), res.data + # test remove id payload = {'ownership_id': ''} - res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload)) + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) assert "12345" not in str(res.data), res.data self.signout() @@ -51,19 +57,20 @@ def test_01_edit_ownership_id(self): def test_02_invalid_ownership_ids(self): """Test ownership id validation""" self.register() + csrf = self.get_csrf('/account/signin') self.signin() - self.new_project() + payload = {'ownership_id': 'abcd123'} - res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload)) + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data payload = {'ownership_id': '123!!!abc'} - res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload)) + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data payload = {'ownership_id': '1111111111111111111111'} - res = self.app.put('/project/sampleapp/ownership_id', data=json.dumps(payload)) + res = self.app.put('/project/sampleapp/ownership_id', headers={'X-CSRFToken': csrf}, content_type='application/json', data=json.dumps(payload)) assert "Ownership ID must be numeric and less than 20 characters!" in str(res.data), res.data self.signout()