Mercurial > p > roundup > code

annotate test/test_xmlrpc.py @ 8492:166cb2632315

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551413 - Broken MultiLink columns in CSV export (take 2) Changed how I solved this. Restored the original line that cmeerw took out, but use the 'id' field rather than the 'name' field. The if statements folowing the line change it to the 'name' field (realname if it's a user object): if there is one. Updated the tests to test for this error and exercise the code. I had to change the test to create/add messages to an issue. This required that I suppress the sending of nosy messages using SENDMAILDEBUG env var.
author John Rouillard <rouilj@ieee.org>
date Mon, 15 Dec 2025 00:04:16 -0500
parents 224ccb8b49ca
children 9c3ec0a5c7fc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3829
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
7 from __future__ import print_function
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
8 import unittest, os, shutil, errno, pytest, sys, difflib, re
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
9
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
10 from contextlib import contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
11
5408
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
12 from roundup.anypy import xmlrpc_
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
13 MultiCall = xmlrpc_.client.MultiCall
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
14 from roundup.cgi.exceptions import *
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
15 from roundup import init, instance, password, hyperdb, date
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
16 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
17 from roundup.backends import list_backends
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
18 from roundup.hyperdb import String
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
19 from roundup.cgi import TranslationService
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
20 from roundup.test.tx_Source_detector import init as tx_Source_init
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
21
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
22 from . import db_test_base
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
23 from .test_mysql import skip_mysql
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
24 from .test_postgresql import skip_postgresql
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
25
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
26 from .pytest_patcher import mark_class
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
27 from roundup.anypy.xmlrpc_ import client
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
28
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
29 if client.defusedxml:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
30 skip_defusedxml = lambda func, *args, **kwargs: func
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
31 else:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
32 skip_defusedxml = mark_class(pytest.mark.skip(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
33 reason='Skipping defusedxml tests: defusedxml library not available'))
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
34
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
35 if sys.version_info[0] > 2:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
36 skip_python2 = lambda func, *args, **kwargs: func
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
37 else:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
38 skip_python2 = mark_class(pytest.mark.skip(
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
39 reason='Skipping test under python 2'))
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
40
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
41 @contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
42 def disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
43 # if defusedxml not loaded, do nothing
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
44 if 'defusedxml' not in sys.modules:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
45 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
46 return
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
47
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
48 sys.modules['defusedxml'].xmlrpc.unmonkey_patch()
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
49 try:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
50 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
51 finally:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
52 # restore normal defused xmlrpc functions
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
53 sys.modules['defusedxml'].xmlrpc.monkey_patch()
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
54
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
55 class XmlrpcTest(object):
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
56
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
57 backend = None
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
58
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
59 def setUp(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
60 self.dirname = '_test_xmlrpc'
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
61 # set up and open a tracker
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
62 self.instance = db_test_base.setupTracker(self.dirname, self.backend)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
63
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
64 # open the database
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
65 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
66
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
67 print("props_only default", self.db.security.get_props_only_default())
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
68
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
69 # Get user id (user4 maybe). Used later to get data from db.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
70 self.joeid = 'user' + self.db.user.create(username='joe',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
71 password=password.Password('random'), address='random@home.org',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
72 realname='Joe Random', roles='User')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
73
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
74 self.db.commit()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
75 self.db.close()
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
76 self.db = self.instance.open('joe')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
77
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
78 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
79
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
80 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
81 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
82
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
83 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
84
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
85 tx_Source_init(self.db)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
86
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
87 self.server = RoundupInstance(self.db, self.instance.actions, None)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
88
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
89 def tearDown(self):
4104
d8c2d214d688 do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents: 4083
diff changeset
90 self.db.close()
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
91 try:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
92 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
93 except OSError as error:
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
94 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
95
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
96 def testAccess(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
97 # Retrieve all three users.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
98 results = self.server.list('user', 'id')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
99 self.assertEqual(len(results), 3)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
100
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
101 # Obtain data for 'joe'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
102 results = self.server.display(self.joeid)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
103 self.assertEqual(results['username'], 'joe')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
104 self.assertEqual(results['realname'], 'Joe Random')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
105
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
106 def testChange(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
107 # Reset joe's 'realname'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
108 results = self.server.set(self.joeid, 'realname=Joe Doe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
109 results = self.server.display(self.joeid, 'realname')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
110 self.assertEqual(results['realname'], 'Joe Doe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
111
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
112 # check we can't change admin's details
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
113 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe')
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
114
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
115 def testCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
116 results = self.server.create('issue', 'title=foo')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
117 issueid = 'issue' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
118 results = self.server.display(issueid, 'title')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
119 self.assertEqual(results['title'], 'foo')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
120 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
121
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
122 def testFileCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
123 results = self.server.create('file', 'content=hello\r\nthere')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
124 fileid = 'file' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
125 results = self.server.display(fileid, 'content')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
126 self.assertEqual(results['content'], 'hello\r\nthere')
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
127
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
128 def testSchema(self):
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
129 schema={'status': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
130 ('order', '<roundup.hyperdb.Number>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
131 'keyword': [('name', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
132 'priority': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
133 ('order', '<roundup.hyperdb.Number>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
134 'user': [('address', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
135 ('alternate_addresses', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
136 ('organisation', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
137 ('password', '<roundup.hyperdb.Password>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
138 ('phone', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
139 ('queries', '<roundup.hyperdb.Multilink to "query">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
140 ('realname', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
141 ('roles', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
142 ('timezone', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
143 ('username', '<roundup.hyperdb.String>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
144 'file': [('content', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
145 ('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
146 ('type', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
147 'msg': [('author', '<roundup.hyperdb.Link to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
148 ('content', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
149 ('date', '<roundup.hyperdb.Date>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
150 ('files', '<roundup.hyperdb.Multilink to "file">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
151 ('inreplyto', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
152 ('messageid', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
153 ('recipients', '<roundup.hyperdb.Multilink to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
154 ('summary', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
155 ('tx_Source', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
156 ('type', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
157 'query': [('klass', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
158 ('name', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
159 ('private_for', '<roundup.hyperdb.Link to "user">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
160 ('url', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
161 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
162 ('files', '<roundup.hyperdb.Multilink to "file">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
163 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
164 ('messages', '<roundup.hyperdb.Multilink to "msg">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
165 ('nosy', '<roundup.hyperdb.Multilink to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
166 ('priority', '<roundup.hyperdb.Link to "priority">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
167 ('status', '<roundup.hyperdb.Link to "status">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
168 ('superseder', '<roundup.hyperdb.Multilink to "issue">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
169 ('title', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
170 ('tx_Source', '<roundup.hyperdb.String>')]}
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
171
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
172 results = self.server.schema()
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
173 self.assertEqual(results, schema)
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
174
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
175 def testLookup(self):
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
176 self.assertRaises(KeyError, self.server.lookup, 'user', '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
177 results = self.server.lookup('user', 'admin')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
178 self.assertEqual(results, '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
179
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
180 def testAction(self):
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
181 # As this action requires special previledges, we temporarily switch
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
182 # to 'admin'
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
183 self.db.setCurrentUser('admin')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
184 users_before = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
185 try:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
186 tmp = 'user' + self.db.user.create(username='tmp')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
187 self.server.action('retire', tmp)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
188 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
189 self.db.setCurrentUser('joe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
190 users_after = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
191 self.assertEqual(users_before, users_after)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
192
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
193 # test a bogus action
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
194 with self.assertRaises(Exception) as cm:
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
195 self.server.action('bogus')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
196 print(cm.exception)
5471
28613ada27db check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5408
diff changeset
197 self.assertEqual(cm.exception.args[0],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
198 'action "bogus" is not supported ')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
199
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
200 def testAuthDeniedEdit(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
201 # Wrong permissions (caught by roundup security module).
3829
d0ac8188d274 Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
202 self.assertRaises(Unauthorised, self.server.set,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
203 'user1', 'realname=someone')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
204
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
205 def testAuthDeniedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
206 self.assertRaises(Unauthorised, self.server.create,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
207 'user', {'username': 'blah'})
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
208
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
209 def testAuthAllowedEdit(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
210 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
211 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
212 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
213 self.server.set('user2', 'realname=someone')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
214 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
215 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
216 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
217 self.db.setCurrentUser('joe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
218
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
219 def testAuthAllowedCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
220 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
221 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
222 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
223 self.server.create('user', 'username=blah')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
224 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
225 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
226 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
227 self.db.setCurrentUser('joe')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
228
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
229 def testAuthFilter(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
230 # this checks if we properly check for search permissions
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
231 # self.db.security.set_props_only_default(props_only=False)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
232 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
233 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
234 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
235 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
236 # Allow viewing keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
237 p = self.db.security.addPermission(name='View', klass='keyword')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
238 print("View keyword class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
239 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
240 # Allow viewing interesting things (but not keyword) on issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
241 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
242 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
243 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
244 properties=("title", "status"), check=lambda x,y,z: True)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
245 print("View keyword class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
246 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
247 # Allow role "Project" access to whole issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
248 p = self.db.security.addPermission(name='View', klass='issue')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
249 self.db.security.addPermissionToRole('Project', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
250 # Allow all access to status:
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
251 p = self.db.security.addPermission(name='View', klass='status')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
252 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
253 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
254
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
255 keyword = self.db.keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
256 status = self.db.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
257 issue = self.db.issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
258
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
259 d1 = keyword.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
260 d2 = keyword.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
261 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
262 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
263 issue.create(title='i1', status=open, keyword=[d2])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
264 issue.create(title='i2', status=open, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
265 issue.create(title='i2', status=closed, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
266
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
267 chef = self.db.user.create(username = 'chef', roles='User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
268 joe = self.db.user.lookup('joe')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
269
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
270 # Conditionally allow view of whole issue (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
271 # this might check for keyword owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
272 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
273 check=lambda x,y,z: False)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
274 print("View issue class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
275 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
276 # Allow user to search for issue.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
277 p = self.db.security.addPermission(name='Search', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
278 properties=("status",))
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
279 print("View Search class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
280 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
281
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
282 keyw = {'keyword':self.db.keyword.lookup('d1')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
283 stat = {'status':self.db.status.lookup('open')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
284 keygroup = keysort = [('+', 'keyword')]
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
285 self.db.commit()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
286
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
287 # Filter on keyword ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
288 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
289 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
290 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
291 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
292 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
293 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
294 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
295 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
296 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
297 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
298
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
299 self.db.close()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
300 self.db = self.instance.open('chef')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
301 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
302
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
303 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
304 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
305 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
306
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
307 self.server = RoundupInstance(self.db, self.instance.actions, None)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
308
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
309 # Filter on keyword works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
310 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
311 self.assertEqual(r, ['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
312 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
313 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
314 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
315 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
316 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
317 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
318 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
319 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
320
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
321 def testMulticall(self):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
322 translator = TranslationService.get_translation(
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
323 language=self.instance.config["TRACKER_LANGUAGE"],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
324 tracker_home=self.instance.config["TRACKER_HOME"])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
325 self.server = RoundupDispatcher(self.db, self.instance.actions,
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
326 translator, allow_none = True)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
327 class S:
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
328 multicall=self.server.funcs['system.multicall']
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
329 self.server.system = S()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
330 self.db.issue.create(title='i1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
331 self.db.issue.create(title='i2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
332 m = MultiCall(self.server)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
333 m.display('issue1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
334 m.display('issue2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
335 result = m()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
336 results = [
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
337 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
338 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
339 'priority': None, 'assignedto': None, 'superseder': []},
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
340 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
341 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
342 'priority': None, 'assignedto': None, 'superseder': []}]
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
343 for n, r in enumerate(result):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
344 self.assertEqual(r, results[n])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
345
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
346 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
347 @skip_defusedxml
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
348 def testDefusedXmlBomb(self):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
349 self.XmlBomb(expectIn=b"defusedxml.common.EntitiesForbidden")
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
350
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
351 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
352 def testNonDefusedXmlBomb(self):
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
353 with disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
354 self.XmlBomb(expectIn=b"1234567890"*511)
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
355
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
356 def XmlBomb(self, expectIn=None):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
357
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
358 bombInput = """<?xml version='1.0'?>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
359 <!DOCTYPE xmlbomb [
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
360 <!ENTITY a "1234567890" >
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
361 <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
362 <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
363 <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
364 ]>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
365 <methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
366 <methodName>filter</methodName>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
367 <params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
368 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
369 <value><string>&d;</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
370 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
371 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
372 <value><array><data>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
373 <value><string>0</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
374 <value><string>2</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
375 <value><string>3</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
376 </data></array></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
377 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
378 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
379 <value><struct>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
380 <member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
381 <name>username</name>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
382 <value><string>demo</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
383 </member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
384 </struct></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
385 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
386 </params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
387 </methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
388 """
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
389 translator = TranslationService.get_translation(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
390 language=self.instance.config["TRACKER_LANGUAGE"],
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
391 tracker_home=self.instance.config["TRACKER_HOME"])
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
392 self.server = RoundupDispatcher(self.db, self.instance.actions,
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
393 translator, allow_none = True)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
394 response = self.server.dispatch(bombInput)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
395 print(response)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
396 self.assertIn(expectIn, response)
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
397
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
398 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
399 backend = 'anydbm'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
400
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
401
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
402 @skip_mysql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
403 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
404 backend = 'mysql'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
405
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
406
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
407 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
408 backend = 'sqlite'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
409
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
410
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
411 @skip_postgresql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
412 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
413 backend = 'postgresql'
Roundup Issue Tracker: http://roundup-tracker.org/