Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217

Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2025-02-25 18:55:31 -06:00 · 2019-05-28 10:59:51 +05:30
parent 90a45557b9
commit 6f0eafb223
36 changed files with 387 additions and 124 deletions
--- a/web/regression/python_test_utils/test_utils.py
+++ b/web/regression/python_test_utils/test_utils.py
@@ -51,8 +51,7 @@ def login_tester_account(tester):
       os.environ['PGADMIN_SETUP_PASSWORD']:
        email = os.environ['PGADMIN_SETUP_EMAIL']
        password = os.environ['PGADMIN_SETUP_PASSWORD']
-        tester.post('/login', data=dict(email=email, password=password),
-                    follow_redirects=True)
+        tester.login(email, password)
    else:
        from regression.runtests import app_starter
        print("Unable to login test client, email and password not found.",
@@ -61,18 +60,6 @@ def login_tester_account(tester):
        sys.exit(1)


-def logout_tester_account(tester):
-    """
-    This function logout the test account
-
-    :param tester: test client
-    :type tester: flask test client object
-    :return: None
-    """
-
-    tester.get('/logout')
-
-
 def get_config_data():
    """This function reads the server data from config_data"""
    server_data = []
@@ -802,7 +789,8 @@ def _cleanup(tester, app_starter):
        traceback.print_exc(file=sys.stderr)
    finally:
        # Logout the test client
-        logout_tester_account(tester)
+        tester.logout()
+
        # Remove SQLite db file
        remove_db_file()
        if app_starter: