Fixes passing absolute paths to http methods

When session.root wasn't a site_root ie https://example.com/Plone
instead of https://example.com/. then calls like
sessiopn.get('/@System') would throw an Exception

Author: Chris Wesseling

.pre-commit-config.yaml

@@ -18,6 +18,18 @@ repos:
   rev: v0.13.0
   hooks:
   - id: reuse
+- repo: https://github.com/pycqa/isort
+  rev: 5.9.3
+  hooks:
+  - id: isort
+    name: isort (python)
+    types: [python]
+  - id: isort
+    name: isort (cython)
+    types: [cython]
+  - id: isort
+    name: isort (pyi)
+    types: [pyi]
 - repo: local
   hooks:
   - id: pytest-cov

affen/api.py

@@ -80,7 +80,7 @@ def request(
         *args,
         **kwargs,
     ) -> requests.Response:
-        url = urljoin(self.root, url)
+        url = urljoin(self.root, url.lstrip("/"))
         if not url.startswith(self.root):
             raise ValueError(
                 f"Making requests to other hosts than {self.root} may leak credentials. "

pyproject.toml

@@ -39,6 +39,9 @@ exclude_lines = [
     "if TYPE_CHECKING:",
 ]
 
+[tool.isort]
+profile = "black"
+
 [tool.pdm]
 [tool.pdm.dev-dependencies]
 dev = [

tests/cassettes/test_accepts_absolute_paths_even_if_api_root_is_not_at_host_root.yaml

@@ -0,0 +1,58 @@
+# SPDX-FileCopyrightText: 2021 Centrum Wiskune en Informatica
+#
+# SPDX-License-Identifier: MPL-2.0
+
+interactions:
+- request:
+    body: null
+    headers:
+      Accept-Encoding:
+      - gzip, deflate
+      Connection:
+      - keep-alive
+      User-Agent:
+      - python-requests/2.26.0
+      accept:
+      - application/json
+    method: GET
+    uri: http://127.0.0.1:8080/Plone/@search
+  response:
+    body:
+      string: "{\n  \"@id\": \"http://127.0.0.1:8080/Plone/@search\", \n  \"items\":
+        [\n    {\n      \"@id\": \"http://127.0.0.1:8080/Plone/front-page\", \n      \"@type\":
+        \"Document\", \n      \"description\": \"Congratulations! You have successfully
+        installed Plone.\", \n      \"review_state\": \"published\", \n      \"title\":
+        \"Welcome to Plone\"\n    }, \n    {\n      \"@id\": \"http://127.0.0.1:8080/Plone/news\",
+        \n      \"@type\": \"Folder\", \n      \"description\": \"Site News\", \n
+        \     \"review_state\": \"published\", \n      \"title\": \"News\"\n    },
+        \n    {\n      \"@id\": \"http://127.0.0.1:8080/Plone/news/aggregator\", \n
+        \     \"@type\": \"Collection\", \n      \"description\": \"Site News\", \n
+        \     \"review_state\": \"published\", \n      \"title\": \"News\"\n    },
+        \n    {\n      \"@id\": \"http://127.0.0.1:8080/Plone/events\", \n      \"@type\":
+        \"Folder\", \n      \"description\": \"Site Events\", \n      \"review_state\":
+        \"published\", \n      \"title\": \"Events\"\n    }, \n    {\n      \"@id\":
+        \"http://127.0.0.1:8080/Plone/events/aggregator\", \n      \"@type\": \"Collection\",
+        \n      \"description\": \"Site Events\", \n      \"review_state\": \"published\",
+        \n      \"title\": \"Events\"\n    }, \n    {\n      \"@id\": \"http://127.0.0.1:8080/Plone/Members\",
+        \n      \"@type\": \"Folder\", \n      \"description\": \"Site Users\", \n
+        \     \"review_state\": \"private\", \n      \"title\": \"Users\"\n    }\n
+        \ ], \n  \"items_total\": 6\n}"
+    headers:
+      Content-Length:
+      - '1297'
+      Content-Type:
+      - application/json
+      Date:
+      - Sat, 31 Jul 2021 02:27:04 GMT
+      Server:
+      - waitress
+      Via:
+      - waitress
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Powered-By:
+      - Zope (www.zope.org), Python (www.python.org)
+    status:
+      code: 200
+      message: OK
+version: 1

tests/test_session.py

@@ -121,6 +121,11 @@ def test_does_not_leak_authentication(plone):
     assert "http://127.0.0.1:8080/Plone" in str(info.value)
 
 
+@pytest.mark.vcr
+def test_accepts_absolute_paths_even_if_api_root_is_not_at_host_root(plone):
+    assert plone.get("/@search").ok
+
+
 @pytest.fixture(scope="module")
 def vcr_config():
     return {