Mercurial > p > roundup > code

annotate test/test_security.py @ 8564:13732c1d8392

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix typing for pre 3.9 python. when I added basic typing to logcontext.py I used a spec unsupported in 3.8and earlier.
author John Rouillard <rouilj@ieee.org>
date Thu, 09 Apr 2026 00:09:29 -0400
parents 9c3ec0a5c7fc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # of this software and associated documentation files (the "Software"), to deal
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # in the Software without restriction, including without limitation the rights
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # copies of the Software, and to permit persons to whom the Software is
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # furnished to do so, subject to the following conditions:
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # The above copyright notice and this permission notice shall be included in
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # all copies or substantial portions of the Software.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 # SOFTWARE.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
21 import os
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
22 import shutil
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
23 import unittest
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
25 from roundup import backends
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
26 import roundup.password
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
27 from .db_test_base import setupSchema, MyTestCase, config
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
29
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
30 class PermissionTest(MyTestCase, unittest.TestCase):
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 def setUp(self):
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
32 backend = backends.get_backend('anydbm')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 # remove previous test, ignore errors
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 if os.path.exists(config.DATABASE):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 shutil.rmtree(config.DATABASE)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36 os.makedirs(config.DATABASE + '/files')
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
37 self.db = backend.Database(config, 'admin')
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
38 setupSchema(self.db, 1, backend)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 def testInterfaceSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 ' test that the CGI and mailgw have initialised security OK '
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 # TODO: some asserts
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 def testInitialiseSecurity(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
45 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
46 name="Edit", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
47 description="User is allowed to edit issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 self.db.security.addPermissionToRole('User', ei)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
49 ai = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
50 name="View", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
51 description="User is allowed to access issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 self.db.security.addPermissionToRole('User', ai)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
54 def testAdmin(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
55 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
56 name="Edit", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
57 description="User is allowed to edit issues")
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
58 self.db.security.addPermissionToRole('User', ei)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
59 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
60 name="Edit", klass=None,
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
61 description="User is allowed to edit issues")
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
62 self.db.security.addPermissionToRole('Admin', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
63
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
64 u1 = self.db.user.create(username='one', roles='Admin')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
65 u2 = self.db.user.create(username='two', roles='User')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
66
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
67 self.assertTrue(self.db.security.hasPermission('Edit', u1, None))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
68 self.assertTrue(not self.db.security.hasPermission('Edit', u2, None))
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
69
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
70 def testGetPermission(self):
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
71 self.db.security.getPermission('Edit')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
72 self.db.security.getPermission('View')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
73 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
74 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
75 'fubar')
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
76
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
77 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
78 get = self.db.security.getPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
79
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
80 # class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
81 ei = add(name="Edit", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
82 self.assertEqual(get('Edit', 'issue'), ei)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
83 ai = add(name="View", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
84 self.assertEqual(get('View', 'issue'), ai)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
85
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
86 # property
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
87 epi1 = add(name="Edit", klass="issue", properties=['title'])
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
88 self.assertEqual(get('Edit', 'issue', properties=['title']), epi1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
89 epi2 = add(name="Edit", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
90 props_only=True)
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
91 self.assertEqual(get('Edit', 'issue', properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
92 props_only=False), epi1)
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
93 self.assertEqual(get('Edit', 'issue', properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
94 props_only=True), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
95 self.db.security.set_props_only_default(True)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
96 self.assertEqual(get('Edit', 'issue', properties=['title']), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
97 api1 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
98 self.assertEqual(get('View', 'issue', properties=['title']), api1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
99 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
100 api2 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
101 self.assertEqual(get('View', 'issue', properties=['title']), api2)
5795
10747e4e4ec4 replace assertNotEquals with assertNotEqual
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
102 self.assertNotEqual(get('View', 'issue', properties=['title']), api1)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
103
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
104 # check function
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
105 dummy = lambda: 0
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
106 eci = add(name="Edit", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
107 self.assertEqual(get('Edit', 'issue', check=dummy), eci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
108 # props_only only makes sense if you are setting props.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
109 # make it a no-op unless properties is set.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
110 self.assertEqual(get('Edit', 'issue', check=dummy,
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
111 props_only=True), eci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
112 aci = add(name="View", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
113 self.assertEqual(get('View', 'issue', check=dummy), aci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
114
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
115 # all
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
116 epci = add(name="Edit", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
117 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
118
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
119 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
120 # implicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
121 self.assertEqual(get('Edit', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
122 check=dummy), epci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
123 # explicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
124 self.assertEqual(get('Edit', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
125 check=dummy, props_only=False), epci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
126
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
127 # implicit props_only=True
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
128 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
129 self.assertRaises(ValueError, get, 'Edit', 'issue',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
130 properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
131 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
132 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
133 self.assertRaises(ValueError, get, 'Edit', 'issue',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
134 properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
135 check=dummy, props_only=True)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
136
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
137 apci = add(name="View", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
138 check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
139 self.assertEqual(get('View', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
140 check=dummy), apci)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
141
5200
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
142 # Reset to default. Somehow this setting looks like it
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
143 # was bleeding through to other tests in test_xmlrpc.
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
144 # Is the security module being loaded only once for all tests??
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
145 self.db.security.set_props_only_default(False)
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
146
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
147 def testDBinit(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
148 self.db.user.create(username="demo", roles='User')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
149 self.db.user.create(username="anonymous", roles='Anonymous')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
150
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
151 def testAccessControls(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
152 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
153 has = self.db.security.hasPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
154 addRole = self.db.security.addRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
155 addToRole = self.db.security.addPermissionToRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
156
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
157 none = self.db.user.create(username='none', roles='None')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
158
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
159 # test admin access
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
160 addRole(name='Super')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
161 addToRole('Super', add(name="Test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
162 super = self.db.user.create(username='super', roles='Super')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
163
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
164 # test class-level access
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
165 addRole(name='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
166 addToRole('Role1', add(name="Test", klass="test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
167 user1 = self.db.user.create(username='user1', roles='Role1')
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
168 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
169 self.assertEqual(has('Test', super, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
170 self.assertEqual(has('Test', none, 'test'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
171
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
172 # property
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
173 addRole(name='Role2')
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
174 addToRole('Role2', add(name="Test", klass="test",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
175 properties=['a', 'b']))
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
176 user2 = self.db.user.create(username='user2', roles='Role2')
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
177
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
178 # check function
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
179 check_old_style = lambda db, userid, itemid: itemid == '2'
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
180 # def check_old_style(db, userid, itemid):
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
181 # print "checking userid, itemid: %r"%((userid,itemid),)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
182 # return(itemid == '2')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
183
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
184 # setup to check function new style. Make sure that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
185 # other args are passed.
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
186 def check(db, userid, itemid, **other):
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
187 prop = other['property']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
188 prop = other['classname']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
189 prop = other['permission']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
190 return (itemid == '1')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
191
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
192 # also create a check as a callable of a class
6268
bdcccd2b2141 Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents: 5797
diff changeset
193 # https://issues.roundup-tracker.org/issue2550952
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
194 class CheckClass(object):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
195 def __call__(self, db, userid, itemid, **other):
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
196 prop = other['property']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
197 prop = other['classname']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
198 prop = other['permission']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
199 return (itemid == '1')
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
200
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
201 addRole(name='Role3')
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
202 # make sure check=CheckClass() and not check=CheckClass
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
203 # otherwise we get:
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
204 # inspectible <slot wrapper '__init__' of 'object' objects>
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
205 addToRole('Role3', add(name="Test", klass="test", check=CheckClass()))
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
206 user3 = self.db.user.create(username='user3', roles='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
207
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
208 addRole(name='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
209 addToRole('Role4', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
210 properties='a', props_only=True))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
211 user4 = self.db.user.create(username='user4', roles='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
212
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
213 self.db.security.set_props_only_default(props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
214 addRole(name='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
215 addToRole('Role5', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
216 check=check_old_style, properties=['a']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
217 user5 = self.db.user.create(username='user5', roles='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
218
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
219 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
220 addRole(name='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
221 addToRole('Role6', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
222 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
223 user6 = self.db.user.create(username='user6', roles='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
224
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
225 addRole(name='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
226 addToRole('Role7', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
227 check=check_old_style,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
228 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
229 user7 = self.db.user.create(username='user7', roles='Role7')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5269
diff changeset
230 print(user7)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
231
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
232 # *any* access to class
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
233 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
234 self.assertEqual(has('Test', user2, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
235 self.assertEqual(has('Test', user3, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
236 # user4 and user5 should not return true as the permission
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
237 # is limited to property checks
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
238 self.assertEqual(has('Test', user4, 'test'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
239 self.assertEqual(has('Test', user5, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
240 # user6 will will return access
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
241 self.assertEqual(has('Test', user6, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
242 # will work because check is ignored, if check was
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
243 # used this would work but next test would fail
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
244 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
245 # returns true because class tests ignore the check command
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
246 # if there is no itemid no check command is run
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
247 self.assertEqual(has('Test', user7, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
248 self.assertEqual(has('Test', none, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
249
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
250 # *any* access to item
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
251 self.assertEqual(has('Test', user1, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
252 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
253 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
254 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
255 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
256 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
257 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
258 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
259 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
260 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
261
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
262 # now property test: no default itemid so check functions not run.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
263 self.assertEqual(has('Test', user7, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
264 self.assertEqual(has('Test', user7, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
265 self.assertEqual(has('Test', user7, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
266
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
267 self.assertEqual(has('Test', user6, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
268 self.assertEqual(has('Test', user6, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
269 self.assertEqual(has('Test', user6, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
270
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
271 self.assertEqual(has('Test', user5, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
272 self.assertEqual(has('Test', user5, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
273 self.assertEqual(has('Test', user5, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
274
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
275 self.assertEqual(has('Test', user4, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
276 self.assertEqual(has('Test', user4, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
277 self.assertEqual(has('Test', user4, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
278
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
279 self.assertEqual(has('Test', user3, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
280 self.assertEqual(has('Test', user3, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
281 self.assertEqual(has('Test', user3, 'test', property='c'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
282
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
283 self.assertEqual(has('Test', user2, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
284 self.assertEqual(has('Test', user2, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
285 self.assertEqual(has('Test', user2, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
286 self.assertEqual(has('Test', user1, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
287 self.assertEqual(has('Test', user1, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
288 self.assertEqual(has('Test', user1, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
289 self.assertEqual(has('Test', super, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
290 self.assertEqual(has('Test', super, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
291 self.assertEqual(has('Test', super, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
292 self.assertEqual(has('Test', none, 'test', property='a'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
293 self.assertEqual(has('Test', none, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
294 self.assertEqual(has('Test', none, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
295 self.assertEqual(has('Test', none, 'test'), 0)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
296
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
297 # now check function
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
298 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
299 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
300 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
301 self.assertEqual(has('Test', user6, 'test', itemid='2'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
302 # check functions will not run for user4/user5 since the
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
303 # only perms are for properties only.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
304 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
305 self.assertEqual(has('Test', user5, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
306 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
307 self.assertEqual(has('Test', user4, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
308 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
309 self.assertEqual(has('Test', user3, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
310 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
311 self.assertEqual(has('Test', user2, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
312 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
313 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
314 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
315 self.assertEqual(has('Test', super, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
316 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
317 self.assertEqual(has('Test', none, 'test', itemid='2'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
318
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
319 # now mix property and check commands
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
320 # check is old style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
321 self.assertEqual(has('Test', user7, 'test', property="c",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
322 itemid='2'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
323 self.assertEqual(has('Test', user7, 'test', property="c",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
324 itemid='1'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
325
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
326 self.assertEqual(has('Test', user7, 'test', property="a",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
327 itemid='2'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
328 self.assertEqual(has('Test', user7, 'test', property="a",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
329 itemid='1'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
330
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
331 # check is new style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
332 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
333 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
334 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
335 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
336 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
337 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
338 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
339 property='b'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
340 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
341 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
342 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
343 property='a'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
344
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
345 # check is old style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
346 self.assertEqual(has('Test', user5, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
347 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
348 self.assertEqual(has('Test', user5, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
349 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
350 self.assertEqual(has('Test', user5, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
351 property='a'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
352 self.assertEqual(has('Test', user5, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
353 property='a'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
354
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
355 # check is new style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
356 self.assertEqual(has('Test', user4, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
357 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
358 self.assertEqual(has('Test', user4, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
359 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
360 self.assertEqual(has('Test', user4, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
361 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
362 self.assertEqual(has('Test', user4, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
363 property='a'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
364
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
365 def testTransitiveSearchPermissions(self):
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
366 add = self.db.security.addPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
367 has = self.db.security.hasSearchPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
368 addRole = self.db.security.addRole
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
369 addToRole = self.db.security.addPermissionToRole
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
370 addRole(name='User')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
371 addRole(name='Anonymous')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
372 addRole(name='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
373 addRole(name='Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
374 addRole(name='UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
375 user = self.db.user.create(username='user1', roles='User')
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
376 anon = self.db.user.create(username='anonymous', roles='Anonymous')
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
377 ui = self.db.user.create(username='user2', roles='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
378 uim = self.db.user.create(username='user3', roles='Issue,Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
379 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
380 iv = add(name="View", klass="issue")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
381 addToRole('User', iv)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
382 addToRole('Anonymous', iv)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
383 addToRole('Issue', iv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
384 ms = add(name="Search", klass="msg")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
385 addToRole('User', ms)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
386 addToRole('Anonymous', ms)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
387 addToRole('Msg', ms)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
388 uv = add(name="View", klass="user")
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
389 addToRole('User', uv)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
390 addToRole('UV', uv)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
391 self.assertEqual(has(anon, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
392 self.assertEqual(has(anon, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
393 self.assertEqual(has(anon, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
394 self.assertEqual(has(anon, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
395 self.assertEqual(has(anon, 'issue', 'messages.recipients.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
396 self.assertEqual(has(user, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
397 self.assertEqual(has(user, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
398 self.assertEqual(has(user, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
399 self.assertEqual(has(user, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
400 self.assertEqual(has(user, 'issue', 'messages.recipients.username'), 1)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
401
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
402 self.assertEqual(has(ui, 'issue', 'messages'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
403 self.assertEqual(has(ui, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
404 self.assertEqual(has(ui, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
405 self.assertEqual(has(ui, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
406 self.assertEqual(has(ui, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
407
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
408 self.assertEqual(has(uim, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
409 self.assertEqual(has(uim, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
410 self.assertEqual(has(uim, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
411 self.assertEqual(has(uim, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
412 self.assertEqual(has(uim, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
413
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
414 self.assertEqual(has(uimu, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
415 self.assertEqual(has(uimu, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
416 self.assertEqual(has(uimu, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
417 self.assertEqual(has(uimu, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
418 self.assertEqual(has(uimu, 'issue', 'messages.recipients.username'), 1)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
419
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
420 # roundup.password has its own built-in tests, call them.
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
421 def test_password(self):
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
422 roundup.password.test()
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
423
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
424 # pretend import of crypt failed
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
425 orig_crypt = roundup.password.crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
426 roundup.password.crypt = None
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
427 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
428 roundup.password.test_missing_crypt()
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
429 self.assertEqual(ctx.exception.args[0],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
430 "Unsupported encryption scheme 'crypt'")
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
431 roundup.password.crypt = orig_crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
432
7222
b124c38930ed renname test to test_pbkdf2_unpack_errors
John Rouillard <rouilj@ieee.org>
parents: 7221
diff changeset
433 def test_pbkdf2_unpack_errors(self):
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
434 pbkdf2_unpack = roundup.password.pbkdf2_unpack
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
435
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
436 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
437 pbkdf2_unpack("fred$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
438
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
439 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
440 'invalid PBKDF2 hash (wrong number of separators)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
441
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
442 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
443 pbkdf2_unpack("0200000$salt$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
444
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
445 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
446 'invalid PBKDF2 hash (zero-padded rounds)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
447
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
448 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
449 pbkdf2_unpack("fred$salt$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
450
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
451 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
452 'invalid PBKDF2 hash (invalid rounds)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
453
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
454 def test_empty_passwords(self):
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
455
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
456 p = roundup.password.Password()
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
457
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
458 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
459 p == "foo"
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
460
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
461 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
462 'Password not set')
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
463
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
464 with self.assertRaises(ValueError) as ctx:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
465 p.__str__()
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
466
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
467 self.assertEqual(ctx.exception.args[0],
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
468 'Password not set')
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
469
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
470 # make sure it uses the default scheme
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
471 default_scheme = roundup.password.Password.default_scheme
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
472 p.setPassword("sekret", config=self.db.config)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
473 self.assertEqual(p.scheme, default_scheme)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
474
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
475 def test_migrate_deprecated(self):
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
476
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
477 # migrate: deprecated encryption
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
478
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
479 # force test to use config file settings
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
480 # rather than the testing default of 1000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
481 os.environ["PYTEST_USE_CONFIG"] = "True"
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
482 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
483
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
484 p = roundup.password.Password('sekrit', 'SSHA',
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
485 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
486 self.assertEqual(p.needs_migration(config=self.db.config), True)
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
487
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
488 p = roundup.password.Password('sekrit', 'PBKDF2',
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
489 config=self.db.config)
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
490
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
491 self.assertEqual(p.needs_migration(config=self.db.config), True)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
492
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
493 # no need to migrate
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
494 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 200000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
495
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
496 p = roundup.password.Password('sekrit', 'PBKDF2S5',
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
497 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
498
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
499 self.assertEqual(p.needs_migration(config=self.db.config), False)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
500
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
501 self.assertEqual(p.password.find('200000$'), 0)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
502 del(os.environ["PYTEST_USE_CONFIG"])
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
503
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
504 def test_pbkdf2_migrate_rounds(self):
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
505 '''Check that migration happens when number of rounds in
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
506 config is larger than number of rounds in current password.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
507 '''
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
508 default_scheme = roundup.password.Password.default_scheme
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
509 # will only have 1000 rounds since it's running under
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
510 # pytest but without PYTEST_USE_CONFIG set in environment.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
511 p = roundup.password.Password('sekrit', default_scheme,
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
512 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
513
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
514 self.assertEqual(p.password.find('1000$'), 0)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
515
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
516 # reduce it a bit to save runtime
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
517 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 200000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
518
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
519 # now set PYTEST_USE_CONFIG so we test rounds against
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
520 # config setting.
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
521 os.environ["PYTEST_USE_CONFIG"] = "True"
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
522 self.assertEqual(p.needs_migration(config=self.db.config), True)
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
523 del(os.environ["PYTEST_USE_CONFIG"])
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
524
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
525
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
526 # Set up p with rounds under 1000. This is usually prevented,
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
527 # but older software could generate smaller rounds.
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
528 p = roundup.password.Password('sekrit', default_scheme,
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
529 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
530
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
531 # Can't actaully generate a password with fewer than 1000 rounds.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
532 # so edit p.password to fake 900 rounds.
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
533 p.password = p.password.replace('1000$', '900$')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
534 self.assertEqual(p.needs_migration(config=self.db.config), True)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
535
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
536 def test_encodePassword_errors(self):
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
537 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
538
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
539 os.environ["PYTEST_USE_CONFIG"] = "True"
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
540 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
541 roundup.password.encodePassword('sekrit', 'PBKDF2',
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
542 config=self.db.config)
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
543
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
544 self.assertEqual(ctx.exception.args[0],
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
545 'invalid PBKDF2 hash (rounds too low)')
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
546
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
547 del(os.environ["PYTEST_USE_CONFIG"])
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
548
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
549 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
550 roundup.password.encodePassword('sekrit', 'fred',
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
551 config=self.db.config)
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
552
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
553 self.assertEqual(ctx.exception.args[0],
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
554 "Unknown encryption scheme 'fred'")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
555
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
556 def test_pbkdf2_errors(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
557
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
558 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
559 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 41)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
560
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
561 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
562 "key length too large")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
563
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
564 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
565 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 40)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
566
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
567 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
568 "rounds must be positive number")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
569
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
570 def test_pbkdf2_sha512_errors(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
571
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
572 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
573 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 65)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
574
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
575 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
576 "key length too large")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
577
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
578 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
579 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
580
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
581 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
582 "rounds must be positive number")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
583
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
584 def test_misc_functions(self):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
585 import random # for fuzzing later
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
586
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
587 v = roundup.password.bchr(64)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
588 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
589 self.assertEqual(v, '@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
590 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
591 self.assertEqual(v, b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
592
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
593 v = roundup.password.bord(b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
594 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
595 self.assertEqual(v, 64)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
596 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
597 self.assertEqual(v, b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
598
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
599 for plain, encode in (
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
600 (b'tes', 'dGVz'),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
601 (b'test', 'dGVzdA'),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
602 (b'testb', "dGVzdGI"),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
603 ):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
604 v = roundup.password.h64encode(plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
605 self.assertEqual(v, encode)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
606 v = roundup.password.h64decode(v)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
607 self.assertEqual(v, plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
608
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
609 with self.assertRaises(ValueError) as ctx:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
610 v = roundup.password.h64decode("dGVzd")
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
611 self.assertEqual(ctx.exception.args[0], "Invalid base64 input")
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
612
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
613 # poor man's fuzzer
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
614 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
615 # alias range to xrange for python2, more efficient.
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
616 range_ = xrange # noqa: F821
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
617 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
618 range_ = range
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
619
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
620 for i in range_(25):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
621 plain = bytearray(random.getrandbits(8) for _ in range_(i*4))
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
622 e = roundup.password.h64encode(plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
623 self.assertEqual(roundup.password.h64decode(e), plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
624
7167
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
625 def test_encodePasswordNoConfig(self):
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
626 # should run cleanly as we are in a test.
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
627 #
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
628 p = roundup.password.encodePassword('sekrit', 'PBKDF2')
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
629 # verify 1000 rounds being used becaue we are in test mode
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
630 self.assertTrue(p.startswith("1000$"))
7167
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
631
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
632 del(os.environ["PYTEST_CURRENT_TEST"])
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
633 self.assertNotIn("PYTEST_CURRENT_TEST", os.environ)
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
634
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
635 with self.assertRaises(roundup.password.ConfigNotSet) as ctx:
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
636 roundup.password.encodePassword('sekrit', 'PBKDF2')
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
637
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
638 self.assertEqual(ctx.exception.args[0],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
639 "encodePassword called without config.")
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
640 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/