Mercurial > p > roundup > code

annotate test/test_cgi.py @ 5253:2d61e39b89c8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Issue2550716 Email address displayed after password reset request (fix) Change the message displayed upon password reset using an account name to no longer expose the email address. Password reset triggered using an email address will still display the user supplied email address.
author John Rouillard <rouilj@ieee.org>
date Sat, 26 Aug 2017 20:27:08 -0400
parents 8743b7226dc7
children 198b6e810c67
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 # Copyright (c) 2003 Richard Jones, rjones@ekit-inc.com
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # This module is free software, and you may redistribute it and/or modify
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # under the same terms as Python, so long as this copyright message and
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # disclaimer are retained in their original form.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # This module is distributed in the hope that it will be useful,
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
11 import unittest, os, shutil, errno, sys, difflib, cgi, re, StringIO
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
13 from roundup.cgi import client, actions, exceptions
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
14 from roundup.cgi.exceptions import FormError, NotFound
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
15 from roundup.exceptions import UsageError
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
16 from roundup.cgi.templating import HTMLItem, HTMLRequest, NoTemplate, anti_csrf_nonce
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
17 from roundup.cgi.templating import HTMLProperty, _HTMLItem
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
18 from roundup.cgi.form_parser import FormParser
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
19 from roundup import init, instance, password, hyperdb, date
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
21 # For testing very simple rendering
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
22 from roundup.cgi.engine_zopetal import RoundupPageTemplate
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
23
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
24 from mocknull import MockNull
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
25
2821
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
26 import db_test_base
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
27
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
28 class FileUpload:
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
29 def __init__(self, content, filename):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
30 self.content = content
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
31 self.filename = filename
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
32
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
33 class FileList:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
34 def __init__(self, name, *files):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
35 self.name = name
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
36 self.files = files
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
37 def items (self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
38 for f in self.files:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
39 yield (self.name, f)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
40
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 def makeForm(args):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 form = cgi.FieldStorage()
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 for k,v in args.items():
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 if type(v) is type([]):
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
45 [form.list.append(cgi.MiniFieldStorage(k, x)) for x in v]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
46 elif isinstance(v, FileUpload):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
47 x = cgi.MiniFieldStorage(k, v.content)
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
48 x.filename = v.filename
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
49 form.list.append(x)
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 else:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 form.list.append(cgi.MiniFieldStorage(k, v))
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 return form
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
54 cm = client.add_message
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
55 class MessageTestCase(unittest.TestCase):
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
56 # Note: Escaping is now handled on a message-by-message basis at a
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
57 # point where we still know what generates a message. In this way we
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
58 # can decide when to escape and when not. We test the add_message
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
59 # routine here.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
60 # Of course we won't catch errors in judgement when to escape here
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
61 # -- but at the time of this change only one message is not escaped.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
62 def testAddMessageOK(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
63 self.assertEqual(cm([],'a\nb'), ['a<br />\nb'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
64 self.assertEqual(cm([],'a\nb\nc\n'), ['a<br />\nb<br />\nc<br />\n'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
65
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
66 def testAddMessageBAD(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
67 self.assertEqual(cm([],'<script>x</script>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
68 ['&lt;script&gt;x&lt;/script&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
69 self.assertEqual(cm([],'<iframe>x</iframe>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
70 ['&lt;iframe&gt;x&lt;/iframe&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
71 self.assertEqual(cm([],'<<script >>alert(42);5<</script >>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
72 ['&lt;&lt;script &gt;&gt;alert(42);5&lt;&lt;/script &gt;&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
73 self.assertEqual(cm([],'<a href="y">x</a>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
74 ['&lt;a href="y"&gt;x&lt;/a&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
75 self.assertEqual(cm([],'<A HREF="y">x</A>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
76 ['&lt;A HREF="y"&gt;x&lt;/A&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
77 self.assertEqual(cm([],'<br>x<br />'), ['&lt;br&gt;x&lt;br /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
78 self.assertEqual(cm([],'<i>x</i>'), ['&lt;i&gt;x&lt;/i&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
79 self.assertEqual(cm([],'<b>x</b>'), ['&lt;b&gt;x&lt;/b&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
80 self.assertEqual(cm([],'<BR>x<BR />'), ['&lt;BR&gt;x&lt;BR /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
81 self.assertEqual(cm([],'<I>x</I>'), ['&lt;I&gt;x&lt;/I&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
82 self.assertEqual(cm([],'<B>x</B>'), ['&lt;B&gt;x&lt;/B&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
83
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
84 def testAddMessageNoEscape(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
85 self.assertEqual(cm([],'<i>x</i>',False), ['<i>x</i>'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
86 self.assertEqual(cm([],'<i>x</i>\n<b>x</b>',False),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
87 ['<i>x</i><br />\n<b>x</b>'])
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
88
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 class FormTestCase(unittest.TestCase):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 def setUp(self):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91 self.dirname = '_test_cgi_form'
2821
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
92 # set up and open a tracker
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
93 self.instance = db_test_base.setupTracker(self.dirname)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
94
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
95 # open the database
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
97 self.db.tx_Source = "web"
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
98 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
99 realname='Bork, Chef', roles='User')
3902
21420ba64b0d fuller email validition (request [SF#216291])
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3859
diff changeset
100 self.db.user.create(username='mary', address='mary@test.test',
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101 roles='User', realname='Contrary, Mary')
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
102
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
103 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
104 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
105
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
106 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
107
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
108 vars = {}
4795
dad18ee491a9 Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
109 thisdir = os.path.dirname(__file__)
dad18ee491a9 Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
110 execfile(os.path.join(thisdir, "tx_Source_detector.py"), vars)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
111 vars['init'](self.db)
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
112
2929
7a8a02646d4e backend is an attribute of tracker instances
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2821
diff changeset
113 test = self.instance.backend.Class(self.db, "test",
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
114 string=hyperdb.String(), number=hyperdb.Number(),
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
115 intval=hyperdb.Integer(), boolean=hyperdb.Boolean(),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
116 link=hyperdb.Link('test'), multilink=hyperdb.Multilink('test'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
117 date=hyperdb.Date(), messages=hyperdb.Multilink('msg'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
118 interval=hyperdb.Interval())
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
119
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
120 # compile the labels re
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
121 classes = '|'.join(self.db.classes.keys())
2004
1782fe36e7b8 Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1873
diff changeset
122 self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
123 re.VERBOSE)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
124
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
125 def setupClient(self, form, classname, nodeid=None, template='item', env_addon=None):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
126 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
127 'REQUEST_METHOD':'POST'}, makeForm(form))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
128 cl.classname = classname
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
129 cl.base = 'http://whoami.com/path/'
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
130 cl.nodeid = nodeid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
131 cl.language = ('en',)
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
132 cl.userid = '1'
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
133 cl.db = self.db
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
134 cl.user = 'admin'
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
135 cl.template = template
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
136 if env_addon is not None:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
137 cl.env.update(env_addon)
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
138 return cl
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
139
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
140 def parseForm(self, form, classname='test', nodeid=None):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
141 cl = self.setupClient(form, classname, nodeid)
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
142 return cl.parsePropsFromForm(create=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
143
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
144 def tearDown(self):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
145 self.db.close()
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
146 try:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
147 shutil.rmtree(self.dirname)
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
148 except OSError, error:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
149 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
150
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
151 #
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
152 # form label extraction
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
153 #
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
154 def tl(self, s, c, i, a, p):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
155 m = self.FV_SPECIAL.match(s)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
156 self.assertNotEqual(m, None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
157 d = m.groupdict()
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
158 self.assertEqual(d['classname'], c)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
159 self.assertEqual(d['id'], i)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
160 for action in 'required add remove link note file'.split():
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
161 if a == action:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
162 self.assertNotEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
163 else:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
164 self.assertEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
165 self.assertEqual(d['propname'], p)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
166
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
167 def testLabelMatching(self):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
168 self.tl('<propname>', None, None, None, '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
169 self.tl(':required', None, None, 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
170 self.tl(':confirm:<propname>', None, None, 'confirm', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
171 self.tl(':add:<propname>', None, None, 'add', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
172 self.tl(':remove:<propname>', None, None, 'remove', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
173 self.tl(':link:<propname>', None, None, 'link', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
174 self.tl('test1:<prop>', 'test', '1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
175 self.tl('test1:required', 'test', '1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
176 self.tl('test1:add:<prop>', 'test', '1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
177 self.tl('test1:remove:<prop>', 'test', '1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
178 self.tl('test1:link:<prop>', 'test', '1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
179 self.tl('test1:confirm:<prop>', 'test', '1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
180 self.tl('test-1:<prop>', 'test', '-1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
181 self.tl('test-1:required', 'test', '-1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
182 self.tl('test-1:add:<prop>', 'test', '-1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
183 self.tl('test-1:remove:<prop>', 'test', '-1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
184 self.tl('test-1:link:<prop>', 'test', '-1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
185 self.tl('test-1:confirm:<prop>', 'test', '-1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
186 self.tl(':note', None, None, 'note', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
187 self.tl(':file', None, None, 'file', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
188
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
189 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
190 # Empty form
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
191 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
192 def testNothing(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
193 self.assertEqual(self.parseForm({}), ({('test', None): {}}, []))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
194
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
195 def testNothingWithRequired(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
196 self.assertRaises(FormError, self.parseForm, {':required': 'string'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
197 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
198 {':required': 'title,status', 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
199 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
200 {':required': ['title','status'], 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
201 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
202 {':required': 'status', 'status':''}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
203 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
204 {':required': 'nosy', 'nosy':''}, 'issue')
3656
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
205 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
206 {':required': 'msg-1@content', 'msg-1@content':''}, 'issue')
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
207 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
208 {':required': 'msg-1@content'}, 'issue')
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
209
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
210 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
211 # Nonexistant edit
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
212 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
213 def testEditNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
214 self.assertRaises(FormError, self.parseForm, {'boolean': ''},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
215 'test', '1')
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
216
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
217 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
218 # String
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
219 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
220 def testEmptyString(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
221 self.assertEqual(self.parseForm({'string': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
222 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
223 self.assertEqual(self.parseForm({'string': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
224 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
225 self.assertRaises(FormError, self.parseForm, {'string': ['', '']})
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
226
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
227 def testSetString(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
228 self.assertEqual(self.parseForm({'string': 'foo'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
229 ({('test', None): {'string': 'foo'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
230 self.assertEqual(self.parseForm({'string': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
231 ({('test', None): {'string': 'a\nb'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
232 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
233 self.assertEqual(self.parseForm({'title': 'foo'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
234 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
235
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
236 def testEmptyStringSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
237 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
238 self.assertEqual(self.parseForm({'title': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
239 ({('issue', nodeid): {'title': None}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
240 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
241 self.assertEqual(self.parseForm({'title': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
242 ({('issue', nodeid): {'title': None}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
243
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
244 def testStringLinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
245 self.db.status.set('1', name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
246 self.db.status.set('2', name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
247 issue = self.db.issue.create(title='i1-status1', status='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
248 self.assertEqual(self.db.issue.get(issue,'status'),'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
249 self.assertEqual(self.db.status.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
250 self.assertEqual(self.db.status.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
251 self.assertEqual(self.db.issue.get('1','tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
252 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
253 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
254 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
255 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
256 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
257 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
258 item = HTMLItem(cl, 'issue', issue)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
259 self.assertEqual(item.status.id, '1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
260 self.assertEqual(item.status.name, '2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
261
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
262 def testStringMultilinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
263 id = self.db.keyword.create(name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
264 self.assertEqual(id,'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
265 id = self.db.keyword.create(name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
266 self.assertEqual(id,'2')
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
267 issue = self.db.issue.create(title='i1-status1', keyword=['1'])
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
268 self.assertEqual(self.db.issue.get(issue,'keyword'),['1'])
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
269 self.assertEqual(self.db.keyword.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
270 self.assertEqual(self.db.keyword.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
271 self.assertEqual(self.db.issue.get(issue,'tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
272 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
273 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
274 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
275 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
276 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
277 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
278 cl.userid = '1'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
279 item = HTMLItem(cl, 'issue', issue)
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
280 for keyword in item.keyword:
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
281 self.assertEqual(keyword.id, '1')
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
282 self.assertEqual(keyword.name, '2')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
283
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
284 def testFileUpload(self):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
285 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
286 self.assertEqual(self.parseForm({'content': file}, 'file'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
287 ({('file', None): {'content': 'foo', 'name': 'foo.txt',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
288 'type': 'text/plain'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
289
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
290 def testSingleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
291 file = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
292 self.assertEqual(self.parseForm({'@file': file}, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
293 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
294 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
295 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
296 [('issue', None, 'files', [('file', '-1')])]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
297
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
298 def testMultipleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
299 f1 = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
300 f2 = FileUpload('bar', 'bar.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
301 f3 = FileUpload('baz', 'baz.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
302 files = FileList('@file', f1, f2, f3)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
303
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
304 self.assertEqual(self.parseForm(files, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
305 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
306 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
307 ('file', '-2'): {'content': 'bar', 'name': 'bar.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
308 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
309 ('file', '-3'): {'content': 'baz', 'name': 'baz.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
310 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
311 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
312 [ ('issue', None, 'files', [('file', '-1')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
313 , ('issue', None, 'files', [('file', '-2')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
314 , ('issue', None, 'files', [('file', '-3')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
315 ]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
316
1734
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
317 def testEditFileClassAttributes(self):
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
318 self.assertEqual(self.parseForm({'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
319 'type': 'application/octet-stream'},
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
320 'file'),
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
321 ({('file', None): {'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
322 'type': 'application/octet-stream'}},[]))
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
323
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
324 #
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
325 # Link
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
326 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
327 def testEmptyLink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
328 self.assertEqual(self.parseForm({'link': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
329 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
330 self.assertEqual(self.parseForm({'link': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
331 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
332 self.assertRaises(FormError, self.parseForm, {'link': ['', '']})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
333 self.assertEqual(self.parseForm({'link': '-1'}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
334 ({('test', None): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
335
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
336 def testSetLink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
337 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
338 ({('issue', None): {'status': '1'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
339 self.assertEqual(self.parseForm({'status': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
340 ({('issue', None): {'status': '1'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
341 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
342 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
343 ({('issue', nodeid): {}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
344 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
345
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
346 def testUnsetLink(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
347 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
348 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
349 ({('issue', nodeid): {'status': None}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
350 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
351
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
352 def testInvalidLinkValue(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
353 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
354 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
355 # {'status': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
356 self.assertRaises(FormError, self.parseForm, {'link': 'frozzle'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
357 self.assertRaises(FormError, self.parseForm, {'status': 'frozzle'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
358 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
359
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
360 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
361 # Multilink
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
362 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
363 def testEmptyMultilink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
364 self.assertEqual(self.parseForm({'nosy': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
365 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
366 self.assertEqual(self.parseForm({'nosy': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
367 ({('test', None): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
368
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
369 def testSetMultilink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
370 self.assertEqual(self.parseForm({'nosy': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
371 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
372 self.assertEqual(self.parseForm({'nosy': 'admin'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
373 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
374 self.assertEqual(self.parseForm({'nosy': ['1','2']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
375 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
376 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
377 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
378 self.assertEqual(self.parseForm({'nosy': 'admin,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
379 ({('issue', None): {'nosy': ['1','2']}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
380
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
381 def testMixedMultilink(self):
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
382 form = cgi.FieldStorage()
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
383 form.list.append(cgi.MiniFieldStorage('nosy', '1,2'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
384 form.list.append(cgi.MiniFieldStorage('nosy', '3'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
385 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
386 cl.classname = 'issue'
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
387 cl.nodeid = None
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
388 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
389 cl.language = ('en',)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
390 self.assertEqual(cl.parsePropsFromForm(create=1),
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
391 ({('issue', None): {'nosy': ['1','2', '3']}}, []))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
392
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
393 def testEmptyMultilinkSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
394 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
395 self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
396 ({('issue', nodeid): {'nosy': []}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
397 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
398 self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
399 ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
400 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
401 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
402
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
403 def testInvalidMultilinkValue(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
404 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
405 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
406 # {'nosy': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
407 self.assertRaises(FormError, self.parseForm, {'nosy': 'frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
408 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
409 self.assertRaises(FormError, self.parseForm, {'nosy': '1,frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
410 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
411 self.assertRaises(FormError, self.parseForm, {'multilink': 'frozzle'})
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
412
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
413 def testMultilinkAdd(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
414 nodeid = self.db.issue.create(nosy=['1'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
415 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
416 self.assertEqual(self.parseForm({':add:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
417 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
418
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
419 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
420 self.assertEqual(self.parseForm({':add:nosy': '2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
421 ({('issue', nodeid): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
422 self.assertEqual(self.parseForm({':add:nosy': '2,mary'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
423 nodeid), ({('issue', nodeid): {'nosy': ['1','2','4']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
424 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
425 nodeid), ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
426
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
427 def testMultilinkAddNew(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
428 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
429 ({('issue', None): {'nosy': ['2','3']}}, []))
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
430
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
431 def testMultilinkRemove(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
432 nodeid = self.db.issue.create(nosy=['1','2'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
433 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
434 self.assertEqual(self.parseForm({':remove:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
435 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
436
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
437 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
438 self.assertEqual(self.parseForm({':remove:nosy': '1'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
439 nodeid), ({('issue', nodeid): {'nosy': ['2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
440 self.assertEqual(self.parseForm({':remove:nosy': 'admin,2'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
441 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
442 self.assertEqual(self.parseForm({':remove:nosy': ['1','2']},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
443 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
444
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
445 # add and remove
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
446 self.assertEqual(self.parseForm({':add:nosy': ['3'],
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
447 ':remove:nosy': ['1','2']},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
448 'issue', nodeid), ({('issue', nodeid): {'nosy': ['3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
449
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
450 # remove one that doesn't exist?
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
451 self.assertRaises(FormError, self.parseForm, {':remove:nosy': '4'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
452 'issue', nodeid)
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
453
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
454 def testMultilinkRetired(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
455 self.db.user.retire('2')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
456 self.assertEqual(self.parseForm({'nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
457 ({('issue', None): {'nosy': ['2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
458 nodeid = self.db.issue.create(nosy=['1','2'])
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
459 self.assertEqual(self.parseForm({':remove:nosy': '2'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
460 nodeid), ({('issue', nodeid): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
461 self.assertEqual(self.parseForm({':add:nosy': '3'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
462 ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
463
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
464 def testAddRemoveNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
465 self.assertRaises(FormError, self.parseForm, {':remove:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
466 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
467 self.assertRaises(FormError, self.parseForm, {':add:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
468 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
469
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
470 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
471 # Password
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
472 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
473 def testEmptyPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
474 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
475 ({('user', None): {}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
476 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
477 ({('user', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
478 self.assertRaises(FormError, self.parseForm, {'password': ['', '']},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
479 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
480 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
481 ':confirm:password': ['', '']}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
482
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
483 def testSetPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
484 self.assertEqual(self.parseForm({'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
485 ':confirm:password': 'foo'}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
486 ({('user', None): {'password': 'foo'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
487
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
488 def testSetPasswordConfirmBad(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
489 self.assertRaises(FormError, self.parseForm, {'password': 'foo'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
490 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
491 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
492 ':confirm:password': 'bar'}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
493
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
494 def testEmptyPasswordNotSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
495 nodeid = self.db.user.create(username='1',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
496 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
497 self.assertEqual(self.parseForm({'password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
498 ({('user', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
499 nodeid = self.db.user.create(username='2',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
500 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
501 self.assertEqual(self.parseForm({'password': '',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
502 ':confirm:password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
503 ({('user', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
504
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
505 def testPasswordMigration(self):
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
506 chef = self.db.user.lookup('Chef')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
507 form = dict(__login_name='Chef', __login_password='foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
508 cl = self._make_client(form)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
509 # assume that the "best" algorithm is the first one and doesn't
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
510 # need migration, all others should be migrated.
4485
95aace124a8e use idea from Eli Collins to use a list of deprecated password encoding schemes
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
511 for scheme in password.Password.deprecated_schemes:
4684
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
512 if scheme == 'crypt' and os.name == 'nt':
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
513 continue # crypt is not available on Windows
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
514 pw1 = password.Password('foo', scheme=scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
515 self.assertEqual(pw1.needs_migration(), True)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
516 self.db.user.set(chef, password=pw1)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
517 self.db.commit()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
518 actions.LoginAction(cl).handle()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
519 pw = self.db.user.get(chef, 'password')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
520 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
521 self.assertEqual(pw.needs_migration(), False)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
522 pw1 = pw
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
523 self.assertEqual(pw1.needs_migration(), False)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
524 scheme = password.Password.known_schemes[0]
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
525 self.assertEqual(scheme, pw1.scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
526 actions.LoginAction(cl).handle()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
527 pw = self.db.user.get(chef, 'password')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
528 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
529 self.assertEqual(pw, pw1)
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
530 cl.db.close()
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
531
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
532 def testPasswordConfigOption(self):
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
533 chef = self.db.user.lookup('Chef')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
534 form = dict(__login_name='Chef', __login_password='foo')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
535 cl = self._make_client(form)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
536 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 1000
4683
2f66d44616ad windows: Fix failing password tests due to missing crypt module
anatoly techtonik <techtonik@gmail.com>
parents: 4624
diff changeset
537 pw1 = password.Password('foo', scheme='MD5')
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
538 self.assertEqual(pw1.needs_migration(), True)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
539 self.db.user.set(chef, password=pw1)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
540 self.db.commit()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
541 actions.LoginAction(cl).handle()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
542 pw = self.db.user.get(chef, 'password')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
543 self.assertEqual('PBKDF2', pw.scheme)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
544 self.assertEqual(1000, password.pbkdf2_unpack(pw.password)[0])
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
545 cl.db.close()
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
546
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
547 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
548 # Boolean
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
549 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
550 def testEmptyBoolean(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
551 self.assertEqual(self.parseForm({'boolean': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
552 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
553 self.assertEqual(self.parseForm({'boolean': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
554 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
555 self.assertRaises(FormError, self.parseForm, {'boolean': ['', '']})
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
556
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
557 def testSetBoolean(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
558 self.assertEqual(self.parseForm({'boolean': 'yes'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
559 ({('test', None): {'boolean': 1}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
560 self.assertEqual(self.parseForm({'boolean': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
561 ({('test', None): {'boolean': 0}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
562 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
563 self.assertEqual(self.parseForm({'boolean': 'yes'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
564 ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
565 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
566 self.assertEqual(self.parseForm({'boolean': 'no'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
567 ({('test', nodeid): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
568
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
569 def testEmptyBooleanSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
570 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
571 self.assertEqual(self.parseForm({'boolean': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
572 ({('test', nodeid): {'boolean': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
573 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
574 self.assertEqual(self.parseForm({'boolean': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
575 ({('test', nodeid): {'boolean': None}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
576
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
577 def testRequiredBoolean(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
578 self.assertRaises(FormError, self.parseForm, {'boolean': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
579 ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
580 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
581 self.parseForm({'boolean': 'no', ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
582 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
583 self.fail('boolean "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
584
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
585 #
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
586 # Number
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
587 #
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
588 def testEmptyNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
589 self.assertEqual(self.parseForm({'number': ''}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
590 ({('test', None): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
591 self.assertEqual(self.parseForm({'number': ' '}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
592 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
593 self.assertRaises(FormError, self.parseForm, {'number': ['', '']})
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
594
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
595 def testInvalidNumber(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
596 self.assertRaises(FormError, self.parseForm, {'number': 'hi, mum!'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
597
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
598 def testSetNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
599 self.assertEqual(self.parseForm({'number': '1'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
600 ({('test', None): {'number': 1}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
601 self.assertEqual(self.parseForm({'number': '0'}),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
602 ({('test', None): {'number': 0}}, []))
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
603 self.assertEqual(self.parseForm({'number': '\n0\n'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
604 ({('test', None): {'number': 0}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
605
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
606 def testSetNumberReplaceOne(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
607 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
608 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
609 ({('test', nodeid): {}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
610 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
611 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
612
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
613 def testSetNumberReplaceZero(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
614 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
615 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
616 ({('test', nodeid): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
617
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
618 def testSetNumberReplaceNone(self):
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
619 nodeid = self.db.test.create()
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
620 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
621 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
622 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
623 ({('test', nodeid): {'number': 1}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
624
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
625 def testEmptyNumberSet(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
626 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
627 self.assertEqual(self.parseForm({'number': ''}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
628 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
629 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
630 self.assertEqual(self.parseForm({'number': ' '}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
631 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
632
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
633 def testRequiredNumber(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
634 self.assertRaises(FormError, self.parseForm, {'number': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
635 ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
636 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
637 self.parseForm({'number': '0', ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
638 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
639 self.fail('number "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
640
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
641 #
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
642 # Integer
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
643 #
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
644 def testEmptyInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
645 self.assertEqual(self.parseForm({'intval': ''}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
646 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
647 self.assertEqual(self.parseForm({'intval': ' '}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
648 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
649 self.assertRaises(FormError, self.parseForm, {'intval': ['', '']})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
650
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
651 def testInvalidInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
652 self.assertRaises(FormError, self.parseForm, {'intval': 'hi, mum!'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
653
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
654 def testSetInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
655 self.assertEqual(self.parseForm({'intval': '1'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
656 ({('test', None): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
657 self.assertEqual(self.parseForm({'intval': '0'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
658 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
659 self.assertEqual(self.parseForm({'intval': '\n0\n'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
660 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
661
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
662 def testSetIntegerReplaceOne(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
663 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
664 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
665 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
666 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
667 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
668
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
669 def testSetIntegerReplaceZero(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
670 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
671 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
672 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
673
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
674 def testSetIntegerReplaceNone(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
675 nodeid = self.db.test.create()
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
676 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
677 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
678 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
679 ({('test', nodeid): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
680
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
681 def testEmptyIntegerSet(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
682 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
683 self.assertEqual(self.parseForm({'intval': ''}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
684 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
685 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
686 self.assertEqual(self.parseForm({'intval': ' '}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
687 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
688
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
689 def testRequiredInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
690 self.assertRaises(FormError, self.parseForm, {'intval': '',
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
691 ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
692 try:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
693 self.parseForm({'intval': '0', ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
694 except FormError:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
695 self.fail('intval "no" raised "required missing"')
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
696
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
697 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
698 # Date
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
699 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
700 def testEmptyDate(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
701 self.assertEqual(self.parseForm({'date': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
702 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
703 self.assertEqual(self.parseForm({'date': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
704 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
705 self.assertRaises(FormError, self.parseForm, {'date': ['', '']})
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
706
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
707 def testInvalidDate(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
708 self.assertRaises(FormError, self.parseForm, {'date': '12'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
709
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
710 def testSetDate(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
711 self.assertEqual(self.parseForm({'date': '2003-01-01'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
712 ({('test', None): {'date': date.Date('2003-01-01')}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
713 nodeid = self.db.test.create(date=date.Date('2003-01-01'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
714 self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
715 nodeid), ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
716
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
717 def testEmptyDateSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
718 nodeid = self.db.test.create(date=date.Date('.'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
719 self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
720 ({('test', nodeid): {'date': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
721 nodeid = self.db.test.create(date=date.Date('1970-01-01.00:00:00'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
722 self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
723 ({('test', nodeid): {'date': None}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
724
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
725 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
726 # Test multiple items in form
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
727 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
728 def testMultiple(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
729 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'}),
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
730 ({('test', None): {'string': 'a'},
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
731 ('issue', '-1'): {'title': 'b'}
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
732 }, []))
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
733
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
734 def testMultipleExistingContext(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
735 nodeid = self.db.test.create()
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
736 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
737 'test', nodeid),({('test', nodeid): {'string': 'a'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
738 ('issue', '-1'): {'title': 'b'}}, []))
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
739
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
740 def testLinking(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
741 self.assertEqual(self.parseForm({
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
742 'string': 'a',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
743 'issue-1@add@nosy': '1',
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
744 'issue-2@link@superseder': 'issue-1',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
745 }),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
746 ({('test', None): {'string': 'a'},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
747 ('issue', '-1'): {'nosy': ['1']},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
748 },
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
749 [('issue', '-2', 'superseder', [('issue', '-1')])
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
750 ]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
751 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
752 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
753
3982
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
754 def testMessages(self):
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
755 self.assertEqual(self.parseForm({
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
756 'msg-1@content': 'asdf',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
757 'msg-2@content': 'qwer',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
758 '@link@messages': 'msg-1, msg-2'}),
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
759 ({('test', None): {},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
760 ('msg', '-2'): {'content': 'qwer'},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
761 ('msg', '-1'): {'content': 'asdf'}},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
762 [('test', None, 'messages', [('msg', '-1'), ('msg', '-2')])]
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
763 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
764 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
765
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
766 def testLinkBadDesignator(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
767 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
768 {'test-1@link@link': 'blah'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
769 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
770 {'test-1@link@link': 'issue'})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
771
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
772 def testLinkNotLink(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
773 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
774 {'test-1@link@boolean': 'issue-1'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
775 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
776 {'test-1@link@string': 'issue-1'})
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
777
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
778 def testBackwardsCompat(self):
1431
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
779 res = self.parseForm({':note': 'spam'}, 'issue')
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
780 date = res[0][('msg', '-1')]['date']
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
781 self.assertEqual(res, ({('issue', None): {}, ('msg', '-1'):
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
782 {'content': 'spam', 'author': '1', 'date': date}},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
783 [('issue', None, 'messages', [('msg', '-1')])]))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
784 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
785 self.assertEqual(self.parseForm({':file': file}, 'issue'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
786 ({('issue', None): {}, ('file', '-1'): {'content': 'foo',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
787 'name': 'foo.txt', 'type': 'text/plain'}},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
788 [('issue', None, 'files', [('file', '-1')])]))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
789
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
790 def testFormValuePreserveOnError(self):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
791 page_template = """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
792 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
793 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
794 <p tal:condition="options/error_message|nothing"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
795 tal:repeat="m options/error_message"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
796 tal:content="structure m"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
797 <p tal:content="context/title/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
798 <p tal:content="context/priority/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
799 <p tal:content="context/status/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
800 <p tal:content="context/nosy/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
801 <p tal:content="context/keyword/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
802 <p tal:content="structure context/superseder/field"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
803 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
804 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
805 """.strip ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
806 self.db.keyword.create (name = 'key1')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
807 self.db.keyword.create (name = 'key2')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
808 nodeid = self.db.issue.create (title = 'Title', priority = '1',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
809 status = '1', nosy = ['1'], keyword = ['1'])
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
810 self.db.commit ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
811 form = {':note': 'msg-content', 'title': 'New title',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
812 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
813 'superseder': '5000', ':action': 'edit'}
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
814 cl = self.setupClient(form, 'issue', '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
815 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
816 pt = RoundupPageTemplate()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
817 pt.pt_edit(page_template, 'text/html')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
818 out = []
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
819 def wh(s):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
820 out.append(s)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
821 cl.write_html = wh
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
822 # Enable the following if we get a templating error:
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
823 #def send_error (*args, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
824 # import pdb; pdb.set_trace()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
825 #cl.send_error_to_admin = send_error
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
826 # Need to rollback the database on error -- this usually happens
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
827 # in web-interface (and for other databases) anyway, need it for
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
828 # testing that the form values are really used, not the database!
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
829 # We do this together with the setup of the easy template above
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
830 def load_template(x):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
831 cl.db.rollback()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
832 return pt
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
833 cl.instance.templates.load = load_template
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
834 cl.selectTemplate = MockNull()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
835 cl.determine_context = MockNull ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
836 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
837 return True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
838 actions.Action.hasPermission = hasPermission
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
839 e1 = _HTMLItem.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
840 _HTMLItem.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
841 e2 = HTMLProperty.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
842 HTMLProperty.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
843 cl.inner_main()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
844 _HTMLItem.is_edit_ok = e1
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
845 HTMLProperty.is_edit_ok = e2
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
846 self.assertEqual(len(out), 1)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
847 self.assertEqual(out [0].strip (), """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
848 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
849 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
850 <p>Edit Error: issue has no node 5000</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
851 <p>New title</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
852 <p>urgent</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
853 <p>deferred</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
854 <p>admin, anonymous</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
855 <p></p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
856 <p><input type="text" name="superseder" value="5000" size="30"></p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
857 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
858 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
859 """.strip ())
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
860
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
861 def testCsrfProtection(self):
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
862 # need to set SENDMAILDEBUG to prevent
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
863 # downstream issue when email is sent on successful
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
864 # issue creation. Also delete the file afterwards
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
865 # just tomake sure that someother test looking for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
866 # SENDMAILDEBUG won't trip over ours.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
867 if not os.environ.has_key('SENDMAILDEBUG'):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
868 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
869 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
870
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
871 page_template = """
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
872 <html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
873 <body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
874 <p tal:condition="options/error_message|nothing"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
875 tal:repeat="m options/error_message"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
876 tal:content="structure m"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
877 <p tal:content="context/title/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
878 <p tal:content="context/priority/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
879 <p tal:content="context/status/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
880 <p tal:content="context/nosy/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
881 <p tal:content="context/keyword/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
882 <p tal:content="structure context/superseder/field"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
883 </body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
884 </html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
885 """.strip ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
886 self.db.keyword.create (name = 'key1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
887 self.db.keyword.create (name = 'key2')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
888 nodeid = self.db.issue.create (title = 'Title', priority = '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
889 status = '1', nosy = ['1'], keyword = ['1'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
890 self.db.commit ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
891 form = {':note': 'msg-content', 'title': 'New title',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
892 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
893 ':action': 'edit'}
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
894 cl = self.setupClient(form, 'issue', '1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
895 pt = RoundupPageTemplate()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
896 pt.pt_edit(page_template, 'text/html')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
897 out = []
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
898 def wh(s):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
899 out.append(s)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
900 cl.write_html = wh
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
901 # Enable the following if we get a templating error:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
902 #def send_error (*args, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
903 # import pdb; pdb.set_trace()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
904 #cl.send_error_to_admin = send_error
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
905 # Need to rollback the database on error -- this usually happens
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
906 # in web-interface (and for other databases) anyway, need it for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
907 # testing that the form values are really used, not the database!
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
908 # We do this together with the setup of the easy template above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
909 def load_template(x):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
910 cl.db.rollback()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
911 return pt
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
912 cl.instance.templates.load = load_template
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
913 cl.selectTemplate = MockNull()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
914 cl.determine_context = MockNull ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
915 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
916 return True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
917 actions.Action.hasPermission = hasPermission
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
918 e1 = _HTMLItem.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
919 _HTMLItem.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
920 e2 = HTMLProperty.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
921 HTMLProperty.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
922
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
923 # test with no headers and config by default requires 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
924 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
925 match_at=out[0].find('Unable to verify sufficient headers')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
926 print "result of subtest 1:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
927 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
928 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
929
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
930 # all the rest of these allow at least one header to pass
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
931 # and the edit happens with a redirect back to issue 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
932 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
933 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
934 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
935 print "result of subtest 2:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
936 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
937 del(cl.env['HTTP_REFERER'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
938 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
939
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
940 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
941 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
942 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
943 print "result of subtest 3:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
944 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
945 del(cl.env['HTTP_ORIGIN'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
946 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
947
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
948 cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
949 # if there is an X-FORWARDED-HOST header it is used and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
950 # HOST header is ignored. X-FORWARDED-HOST should only be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
951 # passed/set by a proxy. In this case the HOST header is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
952 # the proxy's name for the web server and not the name
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
953 # thatis exposed to the world.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
954 cl.env['HTTP_HOST'] = 'frontend1.whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
955 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
956 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
957 print "result of subtest 4:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
958 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
959 del(cl.env['HTTP_X-FORWARDED-HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
960 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
961 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
962
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
963 cl.env['HTTP_HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
964 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
965 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
966 print "result of subtest 5:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
967 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
968 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
969 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
970
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
971 # try failing headers
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
972 cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
973 # this raises an error as the header check passes and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
974 # it did the edit and tries to send mail.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
975 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
976 match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
977 print "result of subtest 6:", out[0]
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
978 self.assertNotEqual(match_at, -1)
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
979 del(cl.env['HTTP_X-FORWARDED-HOST'])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
980 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
981
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
982 # header checks succeed
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
983 # check nonce handling.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
984 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
985
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
986 # roundup will report a missing token.
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
987 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'required'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
988 cl.inner_main()
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
989 match_at=out[0].find('<p>Csrf token is missing.</p>')
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
990 print "result of subtest 6a:", out[0], match_at
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
991 self.assertEqual(match_at, 33)
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
992 del(out[0])
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
993 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'yes'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
994
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
995 import copy
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
996 form2 = copy.copy(form)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
997 form2.update({'@csrf': 'booogus'})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
998 # add a bogus csrf field to the form and rerun the inner_main
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
999 cl.form = makeForm(form2)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1000
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1001 cl.inner_main()
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1002 match_at=out[0].find('Invalid csrf token found: booogus')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1003 print "result of subtest 7:", out[0]
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1004 self.assertEqual(match_at, 36)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1005 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1006
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1007 form2 = copy.copy(form)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1008 nonce = anti_csrf_nonce(cl, cl)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1009 # verify that we can see the nonce
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1010 otks = cl.db.getOTKManager()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1011 isitthere = otks.exists(nonce)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1012 print "result of subtest 8:", isitthere
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1013 print "otks: user, session", otks.get(nonce, 'uid', default=None), \
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1014 otks.get(nonce, 'session', default=None)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1015 self.assertEqual(isitthere, True)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1016
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1017 form2.update({'@csrf': nonce})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1018 # add a real csrf field to the form and rerun the inner_main
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1019 cl.form = makeForm(form2)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1020 cl.inner_main()
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1021 # csrf passes and redirects to the new issue.
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1022 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1023 print "result of subtest 9:", out[0]
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1024 self.assertEqual(match_at, 0)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1025 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1026
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1027 # try a replay attack
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1028 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1029 # This should fail as token was wiped by last run.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1030 match_at=out[0].find('Invalid csrf token found: %s'%nonce)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1031 print "replay of csrf after post use", out[0]
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1032 print "result of subtest 10:", out[0]
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1033 self.assertEqual(match_at, 36)
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1034 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1035
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1036 # make sure that a get deletes the csrf.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1037 cl.env['REQUEST_METHOD'] = 'GET'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1038 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1039 form2 = copy.copy(form)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1040 nonce = anti_csrf_nonce(cl, cl)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1041 form2.update({'@csrf': nonce})
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1042 # add a real csrf field to the form and rerun the inner_main
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1043 cl.form = makeForm(form2)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1044 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1045 # csrf passes but fail creating new issue because not a post
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1046 match_at=out[0].find('<p>Invalid request</p>')
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1047 print "result of subtest 11:", out[0]
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1048 self.assertEqual(match_at, 33)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1049 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1050
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1051 # the token should be gone
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1052 isitthere = otks.exists(nonce)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1053 print "result of subtest 12:", isitthere
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1054 self.assertEqual(isitthere, False)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1055
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1056 # change to post and should fail w/ invalid csrf
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1057 # since get deleted the token.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1058 cl.env.update({'REQUEST_METHOD': 'POST'})
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1059 print cl.env
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1060 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1061 match_at=out[0].find('Invalid csrf token found: %s'%nonce)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1062 print "post failure after get", out[0]
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1063 print "result of subtest 13:", out[0]
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1064 self.assertEqual(match_at, 36)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1065 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1066
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1067 del(cl.env['HTTP_REFERER'])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1068
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1069 # clean up from email log
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1070 if os.path.exists(SENDMAILDEBUG):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1071 os.remove(SENDMAILDEBUG)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1072 #raise ValueError
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1073
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1074 def testXmlrpcCsrfProtection(self):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1075 # set the password for admin so we can log in.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1076 passwd=password.Password('admin')
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1077 self.db.user.set('1', password=passwd)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1078
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1079 out = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1080 def wh(s):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1081 out.append(s)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1082
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1083 # xmlrpc has no form content
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1084 form = {}
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1085 cl = client.Client(self.instance, None,
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1086 {'REQUEST_METHOD':'POST',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1087 'PATH_INFO':'xmlrpc',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1088 'CONTENT_TYPE': 'text/plain',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1089 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1090 'HTTP_REFERER': 'http://whoami.com/path/',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1091 'HTTP_X-REQUESTED-WITH': "XMLHttpRequest"
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1092 }, form)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1093 cl.db = self.db
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1094 cl.base = 'http://whoami.com/path/'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1095 cl._socket_op = lambda *x : True
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1096 cl._error_message = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1097 cl.request = MockNull()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1098 cl.write = wh # capture output
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1099
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1100 # Should return explanation because content type is text/plain
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1101 # and not text/xml
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1102 cl.handle_xmlrpc()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1104 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1105
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1106 # Should return admin user indicating auth works and
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1107 # header checks succeed (REFERER and X-REQUESTED-WITH)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1108 cl.env['CONTENT_TYPE'] = "text/xml"
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1109 # ship the form with the value holding the xml value.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1110 # I have no clue why this works but ....
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1111 cl.form = MockNull(file = True, value = "<?xml version='1.0'?>\n<methodCall>\n<methodName>display</methodName>\n<params>\n<param>\n<value><string>user1</string></value>\n</param>\n<param>\n<value><string>username</string></value>\n</param>\n</params>\n</methodCall>\n" )
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1112 answer ="<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>username</name>\n<value><string>admin</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n"
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1113 cl.handle_xmlrpc()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1114 print out
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1115 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1116 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1117
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1118 # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1119 del(cl.env['HTTP_X-REQUESTED-WITH'])
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1120 cl.handle_xmlrpc()
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1121 output="<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>&lt;class 'roundup.exceptions.UsageError'&gt;:Required Header Missing</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1122 print out[0]
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1123 self.assertEqual(output,out[0])
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1124 del(out[0])
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1125
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1126 # change config to not require X-REQUESTED-WITH header
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1127 cl.db.config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] = 'logfailure'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1128 cl.handle_xmlrpc()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1129 print out
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1130 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1131 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1132
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1133 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1134 # SECURITY
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1135 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1136 # XXX test all default permissions
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1137 def _make_client(self, form, classname='user', nodeid='1',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1138 userid='2', template='item'):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
1139 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
1140 'REQUEST_METHOD':'POST'}, makeForm(form))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1141 cl.classname = classname
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1142 if nodeid is not None:
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1143 cl.nodeid = nodeid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1144 cl.db = self.db
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1145 cl.userid = userid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
1146 cl.language = ('en',)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1147 cl._error_message = []
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1148 cl._ok_message = []
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1149 cl.template = template
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1150 return cl
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1151
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1152 def testClassPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1153 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1154 self.failUnlessRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1155 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1156 cl.nodeid = '1'
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1157 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1158 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1159
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1160 def testCheckAndPropertyPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1161 self.db.security.permissions = {}
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1162 def own_record(db, userid, itemid):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1163 return userid == itemid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1164 p = self.db.security.addPermission(name='Edit', klass='user',
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1165 check=own_record, properties=("password", ))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1166 self.db.security.addPermissionToRole('User', p)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1167
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1168 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1169 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1170 actions.EditItemAction(cl).handle)
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1171 cl = self._make_client(dict(roles='User,Admin'), userid='4', nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1172 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1173 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1174 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1175 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1176 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1177 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1178 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1179 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1180 # working example, mary may change her pw
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1181 cl = self._make_client({'password':'ob', '@confirm@password':'ob'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1182 nodeid='4', userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1183 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1184 actions.EditItemAction(cl).handle)
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1185 cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1186 self.failUnlessRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1187 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1188
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1189 def testCreatePermission(self):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1190 # this checks if we properly differentiate between create and
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1191 # edit permissions
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1192 self.db.security.permissions = {}
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1193 self.db.security.addRole(name='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1194 # Don't allow roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1195 p = self.db.security.addPermission(name='Create', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1196 properties=("username", "password", "address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1197 "alternate_address", "realname", "phone", "organisation",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1198 "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1199 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1200 # Don't allow roles *and* don't allow username
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1201 p = self.db.security.addPermission(name='Edit', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1202 properties=("password", "address", "alternate_address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1203 "realname", "phone", "organisation", "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1204 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1205 self.db.user.set('4', roles='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1206
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1207 # anonymous may not
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1208 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1209 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1210 'roles':'Admin'}, nodeid=None, userid='2')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1211 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1212 actions.NewItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1213 # Don't allow creating new user with roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1214 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1215 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1216 'roles':'Admin'}, nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1217 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1218 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1219 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1220 # this should work
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1221 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1222 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1223 nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1224 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1225 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1226 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1227 # don't allow changing (my own) username (in this example)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1228 cl = self._make_client(dict(username='new_user42'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1229 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1230 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1231 cl = self._make_client(dict(username='new_user42'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1232 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1233 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1234 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1235 # don't allow changing (my own) roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1236 cl = self._make_client(dict(roles='User,Admin'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1237 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1238 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1239 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1240 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1241 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1242 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1243 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1244 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1245 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1246
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1247 def testSearchPermission(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1248 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1249 self.db.security.permissions = {}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1250 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1251 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1252 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1253 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1254 # Allow viewing department
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1255 p = self.db.security.addPermission(name='View', klass='department')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1256 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1257 # Allow viewing interesting things (but not department) on iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1258 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1259 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1260 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1261 properties=("title", "status"), check=lambda x,y,z: True)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1262 self.db.security.addPermissionToRole('User', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1263 # Allow all relevant roles access to stat
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1264 p = self.db.security.addPermission(name='View', klass='stat')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1265 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1266 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1267 # Allow role "Project" access to whole iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1268 p = self.db.security.addPermission(name='View', klass='iss')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1269 self.db.security.addPermissionToRole('Project', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1270
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1271 department = self.instance.backend.Class(self.db, "department",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1272 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1273 status = self.instance.backend.Class(self.db, "stat",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1274 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1275 issue = self.instance.backend.Class(self.db, "iss",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1276 title=hyperdb.String(), status=hyperdb.Link('stat'),
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1277 department=hyperdb.Link('department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1278
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1279 d1 = department.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1280 d2 = department.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1281 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1282 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1283 issue.create(title='i1', status=open, department=d2)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1284 issue.create(title='i2', status=open, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1285 issue.create(title='i2', status=closed, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1286
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1287 chef = self.db.user.lookup('Chef')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1288 mary = self.db.user.lookup('mary')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1289 self.db.user.set(chef, roles = 'User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1290
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1291 perm = self.db.security.hasPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1292 search = self.db.security.hasSearchPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1293 self.assert_(perm('View', chef, 'iss', 'department', '1'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1294 self.assert_(perm('View', chef, 'iss', 'department', '2'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1295 self.assert_(perm('View', chef, 'iss', 'department', '3'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1296 self.assert_(search(chef, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1297
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1298 self.assert_(not perm('View', mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1299 self.assert_(perm('View', mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1300 # Conditionally allow view of whole iss (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1301 # this might check for department owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1302 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1303 check=lambda x,y,z: False)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1304 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1305 self.assert_(perm('View', mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1306 self.assert_(not perm('View', mary, 'iss', 'department', '1'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1307 self.assert_(not search(mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1308
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1309 self.assert_(perm('View', mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1310 self.assert_(not search(mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1311 # Allow user to search for iss.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1312 p = self.db.security.addPermission(name='Search', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1313 properties=("status",))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1314 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1315 self.assert_(search(mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1316
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1317 dep = {'@action':'search','columns':'id','@filter':'department',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1318 'department':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1319 stat = {'@action':'search','columns':'id','@filter':'status',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1320 'status':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1321 depsort = {'@action':'search','columns':'id','@sort':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1322 depgrp = {'@action':'search','columns':'id','@group':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1323
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1324 # Filter on department ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1325 cl = self._make_client(dep, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1326 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1327 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1328 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1329 # Filter on department works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1330 cl = self._make_client(dep, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1331 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1332 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1333 self.assertEqual([x.id for x in h.batch()],['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1334 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1335 cl = self._make_client(stat, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1336 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1337 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1338 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1339 cl = self._make_client(stat, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1340 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1341 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1342 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1343 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1344 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1345 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1346 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1347 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1348 self.assertEqual(cl._error_message, []) # test for empty _error_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1349 self.assertEqual(cl._ok_message, []) # test for empty _ok_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1350
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1351 # Test for correct _error_message for invalid sort/group properties
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1352 baddepsort = {'@action':'search','columns':'id','@sort':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1353 baddepgrp = {'@action':'search','columns':'id','@group':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1354 cl = self._make_client(baddepsort, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1355 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1356 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1357 self.assertEqual(cl._error_message, ['Unknown sort property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1358 cl = self._make_client(baddepgrp, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1359 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1360 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1361 self.assertEqual(cl._error_message, ['Unknown group property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1362
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1363 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1364 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1365 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1366 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1367 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1368 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1369 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1370 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1371 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1372 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1373 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1374 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1375 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1376
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1377 def testEditCSV(self):
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1378 form = dict(rows='id,name\n1,newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1379 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1380 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1381 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1382 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1383 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1384 self.assertEqual(k.name, 'newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1385 form = dict(rows=u'id,name\n1,\xe4\xf6\xfc'.encode('utf-8'))
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1386 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1387 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1388 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1389 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1390 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1391 self.assertEqual(k.name, u'\xe4\xf6\xfc'.encode('utf-8'))
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1392
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1393 def testserve_static_files(self):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1394 # make a client instance
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1395 cl = self._make_client({})
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1396
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1397 # hijack _serve_file so I can see what is found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1398 output = []
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1399 def my_serve_file(a, b, c, d):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1400 output.append((a,b,c,d))
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1401 cl._serve_file = my_serve_file
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1402
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1403 # check case where file is not found.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1404 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1405 cl.serve_static_file,"missing.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1406
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1407 # TEMPLATES dir is searched by default. So this file exists.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1408 # Check the returned values.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1409 cl.serve_static_file("issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1410 self.assertEquals(output[0][1], "text/html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1411 self.assertEquals(output[0][3], "_test_cgi_form/html/issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1412 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1413
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1414 # stop searching TEMPLATES for the files.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1415 cl.instance.config['STATIC_FILES'] = '-'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1416 # previously found file should not be found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1417 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1418 cl.serve_static_file,"issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1419
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1420 # explicitly allow html directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1421 cl.instance.config['STATIC_FILES'] = 'html -'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1422 cl.serve_static_file("issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1423 self.assertEquals(output[0][1], "text/html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1424 self.assertEquals(output[0][3], "_test_cgi_form/html/issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1425 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1426
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1427 # set the list of files and do not look at the templates directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1428 cl.instance.config['STATIC_FILES'] = 'detectors extensions - '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1429
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1430 # find file in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1431 cl.serve_static_file("messagesummary.py")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1432 self.assertEquals(output[0][1], "text/x-python")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1433 self.assertEquals(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1434 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1435
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1436 # find file in second directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1437 cl.serve_static_file("README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1438 self.assertEquals(output[0][1], "text/plain")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1439 self.assertEquals(output[0][3], "_test_cgi_form/extensions/README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1440 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1441
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1442 # make sure an embedded - ends the searching.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1443 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1444 self.assertRaises(NotFound, cl.serve_static_file, "README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1445
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1446 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1447 self.assertRaises(NotFound, cl.serve_static_file, "issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1448
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1449 # create an empty README.txt in the first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1450 f = open('_test_cgi_form/detectors/README.txt', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1451 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1452 cl.serve_static_file("README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1453 self.assertEquals(output[0][1], "text/plain")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1454 self.assertEquals(output[0][3], "_test_cgi_form/detectors/README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1455 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1456
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1457 cl.instance.config['STATIC_FILES'] = ' detectors extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1458 # make sure lack of trailing - allows searching TEMPLATES
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1459 cl.serve_static_file("issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1460 self.assertEquals(output[0][1], "text/html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1461 self.assertEquals(output[0][3], "_test_cgi_form/html/issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1462 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1463
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1464 # Make STATIC_FILES a single element.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1465 cl.instance.config['STATIC_FILES'] = 'detectors'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1466 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1467 cl.serve_static_file("messagesummary.py")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1468 self.assertEquals(output[0][1], "text/x-python")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1469 self.assertEquals(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1470 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1471
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1472 # make sure files found in subdirectory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1473 os.mkdir('_test_cgi_form/detectors/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1474 f = open('_test_cgi_form/detectors/css/README.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1475 # use subdir in filename
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1476 cl.serve_static_file("css/README.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1477 self.assertEquals(output[0][1], "text/css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1478 self.assertEquals(output[0][3], "_test_cgi_form/detectors/css/README.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1479 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1480
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1481
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1482 # use subdir in static files path
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1483 cl.instance.config['STATIC_FILES'] = 'detectors html/css'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1484 os.mkdir('_test_cgi_form/html/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1485 f = open('_test_cgi_form/html/css/README1.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1486 cl.serve_static_file("README1.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1487 self.assertEquals(output[0][1], "text/css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1488 self.assertEquals(output[0][3], "_test_cgi_form/html/css/README1.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1489 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1490
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
1491
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1492 def testRoles(self):
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1493 cl = self._make_client({})
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1494 self.db.user.set('1', roles='aDmin, uSer')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1495 item = HTMLItem(cl, 'user', '1')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1496 self.assert_(item.hasRole('Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1497 self.assert_(item.hasRole('User'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1498 self.assert_(item.hasRole('AdmiN'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1499 self.assert_(item.hasRole('UseR'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1500 self.assert_(item.hasRole('UseR','Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1501 self.assert_(item.hasRole('UseR','somethingelse'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1502 self.assert_(item.hasRole('somethingelse','Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1503 self.assert_(not item.hasRole('userr'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1504 self.assert_(not item.hasRole('adminn'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1505 self.assert_(not item.hasRole(''))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1506 self.assert_(not item.hasRole(' '))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1507 self.db.user.set('1', roles='')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1508 self.assert_(not item.hasRole(''))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1509
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1510 def testCSVExport(self):
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1511 cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1512 userid='1')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1513 cl.classname = 'status'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1514 output = StringIO.StringIO()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1515 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1516 cl.request.wfile = output
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1517 actions.ExportCSVAction(cl).handle()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1518 self.assertEquals('id,name\r\n1,unread\r\n2,deferred\r\n3,chatting\r\n'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1519 '4,need-eg\r\n5,in-progress\r\n6,testing\r\n7,done-cbb\r\n'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1520 '8,resolved\r\n',
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1521 output.getvalue())
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1522
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1523 def testCSVExportBadColumnName(self):
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1524 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1525 userid='1')
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1526 cl.classname = 'status'
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1527 output = StringIO.StringIO()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1528 cl.request = MockNull()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1529 cl.request.wfile = output
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1530 self.assertRaises(exceptions.NotFound,
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1531 actions.ExportCSVAction(cl).handle)
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1532
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1533 def testCSVExportFailPermissionBadColumn(self):
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1534 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1535 userid='2')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1536 cl.classname = 'user'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1537 output = StringIO.StringIO()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1538 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1539 cl.request.wfile = output
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1540 # used to be self.assertRaises(exceptions.Unauthorised,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1541 # but not acting like the column name is not found
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1542 # see issue2550755 - should this return Unauthorised?
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1543 # The unauthorised user should never get to the point where
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1544 # they can determine if the column name is valid or not.
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1545 self.assertRaises(exceptions.NotFound,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1546 actions.ExportCSVAction(cl).handle)
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1547
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1548 def testCSVExportFailPermissionValidColumn(self):
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1549 cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1550 userid='2')
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1551 cl.classname = 'user'
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1552 output = StringIO.StringIO()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1553 cl.request = MockNull()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1554 cl.request.wfile = output
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1555 # used to be self.assertRaises(exceptions.Unauthorised,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1556 # but not acting like the column name is not found
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1557 self.assertRaises(exceptions.Unauthorised,
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1558 actions.ExportCSVAction(cl).handle)
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1559
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1560 class TemplateHtmlRendering(unittest.TestCase):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1561 ''' try to test the rendering code for tal '''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1562 def setUp(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1563 self.dirname = '_test_template'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1564 # set up and open a tracker
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1565 self.instance = db_test_base.setupTracker(self.dirname)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1566
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1567 # open the database
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1568 self.db = self.instance.open('admin')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1569 self.db.tx_Source = "web"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1570 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1571 realname='Bork, Chef', roles='User')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1572 self.db.user.create(username='mary', address='mary@test.test',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1573 roles='User', realname='Contrary, Mary')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1574 self.db.post_init()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1575
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1576 # create a client instance and hijack write_html
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1577 self.client = client.Client(self.instance, "user",
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1578 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1579 form=makeForm({"@template": "item"}))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1580
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1581 self.client._error_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1582 self.client._ok_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1583 self.client.db = self.db
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1584 self.client.userid = '1'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1585 self.client.language = ('en',)
5208
23b8eeaf9864 fixing some tests due to changes to classic template by adding anti-csrf code
John Rouillard <rouilj@ieee.org>
parents: 5203
diff changeset
1586 self.client.session_api = MockNull(_sid="1234567890")
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1587
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1588 self.output = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1589 # ugly hack to get html_write to return data here.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1590 def html_write(s):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1591 self.output.append(s)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1592
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1593 # hijack html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1594 self.client.write_html = html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1595
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1596 self.db.issue.create(title='foo')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1597
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1598 def tearDown(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1599 self.db.close()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1600 try:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1601 shutil.rmtree(self.dirname)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1602 except OSError, error:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1603 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1604
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1605 def testrenderFrontPage(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1606 self.client.renderFrontPage("hello world RaNdOmJunk")
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1607 # make sure we can find the "hello world RaNdOmJunk"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1608 # message in the output.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1609 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1610 self.output[0].index('<p class="error-message">hello world RaNdOmJunk <br/ > </p>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1611 # make sure we can find issue 1 title foo in the output
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1612 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1613 self.output[0].index('<a href="issue1">foo</a>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1614
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1615 # make sure we can find the last SHA1 sum line at the end of the
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1616 # page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1617 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1618 self.output[0].index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1619
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1620 def testrenderContext(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1621 # set up the client;
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1622 # run determine_context to set the required client attributes
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1623 # run renderContext(); check result for proper page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1624
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1625 # this will generate the default home page like
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1626 # testrenderFrontPage
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1627 self.client.form=makeForm({})
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1628 self.client.path = ''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1629 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1630 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), (None, '', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1631 self.assertEqual(self.client._ok_message, [])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1632
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1633 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1634 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1635 result.index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1636
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1637 # now look at the user index page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1638 self.client.form=makeForm({ "@ok_message": "ok message", "@template": "index"})
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1639 self.client.path = 'user'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1640 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1641 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'index', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1642 self.assertEqual(self.client._ok_message, ['ok message'])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1643
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1644 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1645 self.assertNotEqual(-1, result.index('<title>User listing - Roundup issue tracker</title>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1646 self.assertNotEqual(-1, result.index('ok message'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1647 # print result
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1648
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1649 def testRenderAltTemplates(self):
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1650 # check that right page is returned when rendering
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1651 # @template=oktempl|errortmpl
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1652
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1653 # set up the client;
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1654 # run determine_context to set the required client attributes
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1655 # run renderContext(); check result for proper page
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1656
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1657 # Test ok state template that uses user.forgotten.html
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1658 self.client.form=makeForm({"@template": "forgotten|item"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1659 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1660 self.client.determine_context()
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1661 self.client.session_api = MockNull(_sid="1234567890")
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1662 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'forgotten|item', None))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1663 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1664
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1665 result = self.client.renderContext()
5208
23b8eeaf9864 fixing some tests due to changes to classic template by adding anti-csrf code
John Rouillard <rouilj@ieee.org>
parents: 5203
diff changeset
1666 print result
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1667 # sha1sum of classic tracker user.forgotten.template must be found
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1668 self.assertNotEqual(-1,
5208
23b8eeaf9864 fixing some tests due to changes to classic template by adding anti-csrf code
John Rouillard <rouilj@ieee.org>
parents: 5203
diff changeset
1669 result.index('<!-- SHA: eb5dd0bec7a57d58cb7edbeb939fb0390ed1bf74 -->'))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1670
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1671 # now set an error in the form to get error template user.item.html
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1672 self.client.form=makeForm({"@template": "forgotten|item",
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1673 "@error_message": "this is an error"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1674 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1675 self.client.determine_context()
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1676 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'forgotten|item', None))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1677 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1678 self.assertEqual(self.client._error_message, ["this is an error"])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1679
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1680 result = self.client.renderContext()
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1681 print result
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1682 # sha1sum of classic tracker user.item.template must be found
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1683 self.assertNotEqual(-1,
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1684 result.index('<!-- SHA: 3b7ce7cbf24f77733c9b9f64a569d6429390cc3f -->'))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1685
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1686
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1687 def testexamine_url(self):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1688 ''' test the examine_url function '''
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1689
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1690 def te(url, exception, raises=ValueError):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1691 with self.assertRaises(raises) as cm:
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1692 examine_url(url)
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1693 self.assertEqual(cm.exception.message, exception)
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1694
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1695
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1696 action = actions.Action(self.client)
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1697 examine_url = action.examine_url
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1698
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1699 # Christmas tree url: test of every component that passes
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1700 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1701 examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1702 'http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1703
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1704 # allow replacing http with https if base is http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1705 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1706 examine_url("https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1707 'https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1708
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1709
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1710 # change base to use https and make sure we don't redirect to http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1711 saved_base = action.base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1712 action.base = "https://tracker.example/cgi-bin/roundup.cgi/bugs/"
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1713 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1714 'Base url https://tracker.example/cgi-bin/roundup.cgi/bugs/ requires https. Redirect url http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue uses http.')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1715 action.base = saved_base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1716
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1717 # url doesn't have to be valid to roundup, just has to be contained
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1718 # inside of roundup. No zoik class is defined
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1719 self.assertEqual(examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue"), "http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue")
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1720
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1721 # test with wonky schemes
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1722 te("email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1723 'Unrecognized scheme in email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1724
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1725 te("http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Unrecognized scheme in http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1726
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1727 # test different netloc/path prefix
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1728 # assert port
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1729 te("http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",'Net location in http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1730
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1731 #assert user
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1732 te("http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1733
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1734 #assert user:password
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1735 te("http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1736
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1737 # try localhost http scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1738 te("http://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in http://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1739
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1740 # try localhost https scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1741 te("https://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in https://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1742
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1743 # try different host
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1744 te("http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1745
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1746 # change the base path to .../bug from .../bugs
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1747 te("http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1748
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1749 # change the base path eliminate - in cgi-bin
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1750 te("http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue",'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1751
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1752
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1753 # scan for unencoded characters
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1754 # we skip schema and net location since unencoded character
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1755 # are allowed only by an explicit match to a reference.
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1756 #
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1757 # break components with unescaped character '<'
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1758 # path component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1759 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue", 'Path component (/cgi-bin/roundup.cgi/bugs/<user3) in http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1760
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1761 # params component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1762 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue", 'Params component (parm=b<ar) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1763
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1764 # query component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1765 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue", 'Query component (@template=<foo>&parm=(zot)) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1766
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1767 # fragment component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1768 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue", 'Fragment component (iss<ue) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1769
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1770 class TemplateTestCase(unittest.TestCase):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1771 ''' Test the template resolving code, i.e. what can be given to @template
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1772 '''
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1773 def setUp(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1774 self.dirname = '_test_template'
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1775 # set up and open a tracker
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1776 self.instance = db_test_base.setupTracker(self.dirname)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1777
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1778 # open the database
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1779 self.db = self.instance.open('admin')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1780 self.db.tx_Source = "web"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1781 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1782 realname='Bork, Chef', roles='User')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1783 self.db.user.create(username='mary', address='mary@test.test',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1784 roles='User', realname='Contrary, Mary')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1785 self.db.post_init()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1786
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1787 def tearDown(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1788 self.db.close()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1789 try:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1790 shutil.rmtree(self.dirname)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1791 except OSError, error:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1792 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1793
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1794 def testTemplateSubdirectory(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1795 # test for templates in subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1796
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1797 # make the directory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1798 subdir = self.dirname + "/html/subdir"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1799 os.mkdir(subdir)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1800
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1801 # get the client instance The form is needed to initialize,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1802 # but not used since I call selectTemplate directly.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1803 t = client.Client(self.instance, "user",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1804 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1805 form=makeForm({"@template": "item"}))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1806
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1807 # create new file in subdir and a dummy file outside of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1808 # the tracker's html subdirectory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1809 shutil.copyfile(self.dirname + "/html/issue.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1810 subdir + "/issue.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1811 shutil.copyfile(self.dirname + "/html/user.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1812 self.dirname + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1813
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1814 # create link outside the html subdir. This should fail due to
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1815 # path traversal check.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1816 os.symlink("../../user.item.html", subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1817 # it will be removed and replaced by a later test
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1818
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1819 # make sure a simple non-subdir template works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1820 # user.item.html exists so this works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1821 # note that the extension is not included just the basename
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1822 self.assertEqual("user.item", t.selectTemplate("user", "item"))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1823
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1824
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1825 # make sure home templates work
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1826 self.assertEqual("home", t.selectTemplate(None, ""))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1827 self.assertEqual("home.classlist", t.selectTemplate(None, "classlist"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1828
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1829 # home.item doesn't exist should return _generic.item.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1830 self.assertEqual("_generic.item", t.selectTemplate(None, "item"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1831
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1832 # test case where there is no view so generic template can't
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1833 # be determined.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1834 with self.assertRaises(NoTemplate) as cm:
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1835 t.selectTemplate("user", "")
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1836 self.assertEqual(cm.exception.message,
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1837 '''Template "user" doesn't exist''')
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1838
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1839 # there is no html/subdir/user.item.{,xml,html} so it will
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1840 # raise NoTemplate.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1841 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1842 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1843
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1844 # there is an html/subdir/issue.item.html so this succeeeds
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1845 r = t.selectTemplate("issue", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1846 self.assertEqual("subdir/issue.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1847
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1848 # there is a self.directory + /html/subdir/user.item.html file,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1849 # but it is a link to self.dir /user.item.html which is outside
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1850 # the html subdir so is rejected by the path traversal check.
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1851 # Prefer NoTemplate here, or should the code be changed to
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1852 # report a new PathTraversal exception? Could the PathTraversal
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1853 # exception leak useful info to an attacker??
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1854 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1855 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1856
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1857 # clear out the link and create a new one to self.dirname +
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1858 # html/user.item.html which is inside the html subdir
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1859 # so the template check returns the symbolic link path.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1860 os.remove(subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1861 os.symlink("../user.item.html", subdir + "/user.item.xml")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1862
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1863 # template check works
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1864 r = t.selectTemplate("user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1865 self.assertEquals("subdir/user.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1866
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
1867 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/