This repository has been archived on 2023-09-24. You can view files and clone it, but cannot push or open issues or pull requests.
takahe/tests/activities/views/test_posts.py
Andrew Godwin 9ad9bdd936 Implement post rate limits, move to signed cookies
Also improve the test harness a little
Fixes #112
2022-12-15 15:55:33 -07:00

21 lines
607 B
Python

import pytest
from django.test.client import Client
from activities.models import Post
from users.models import Identity
@pytest.mark.django_db
def test_post_delete_security(client_with_identity: Client, other_identity: Identity):
"""
Tests that you can't delete other users' posts with URL fiddling
"""
other_post = Post.objects.create(
content="<p>OTHER POST!</p>",
author=other_identity,
local=True,
visibility=Post.Visibilities.public,
)
response = client_with_identity.get(other_post.urls.action_delete)
assert response.status_code == 403