Mercurial > p > roundup > code

annotate test/test_xmlrpc.py @ 8381:31f86326bee8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
test: test regular xmlrpc codepath even when defusedxml installed This was a leftover from the defusedxml support addition. When defusedxml was installed, the bomb test for regular xmlrpc was skipped. Now if defusedxml is installed, a context manager unpatches the xmlrpc and runs the test for the regular xmlrpc which should result in a long string.
author John Rouillard <rouilj@ieee.org>
date Sat, 12 Jul 2025 10:49:52 -0400
parents 05405220dc38
children 224ccb8b49ca
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3829
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
7 from __future__ import print_function
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
8 import unittest, os, shutil, errno, pytest, sys, difflib, re
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
9
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
10 from contextlib import contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
11
5408
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
12 from roundup.anypy import xmlrpc_
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
13 MultiCall = xmlrpc_.client.MultiCall
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
14 from roundup.cgi.exceptions import *
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
15 from roundup import init, instance, password, hyperdb, date
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
16 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
17 from roundup.backends import list_backends
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
18 from roundup.hyperdb import String
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
19 from roundup.cgi import TranslationService
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
20 from roundup.test.tx_Source_detector import init as tx_Source_init
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
21
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
22 from . import db_test_base
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
23 from .test_mysql import skip_mysql
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
24 from .test_postgresql import skip_postgresql
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
25
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
26 from .pytest_patcher import mark_class
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
27 from roundup.anypy.xmlrpc_ import client
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
28
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
29 if client.defusedxml:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
30 skip_defusedxml = lambda func, *args, **kwargs: func
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
31 else:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
32 skip_defusedxml = mark_class(pytest.mark.skip(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
33 reason='Skipping defusedxml tests: defusedxml library not available'))
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
34
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
35 if sys.version_info[0] > 2:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
36 skip_python2 = lambda func, *args, **kwargs: func
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
37 else:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
38 skip_python2 = mark_class(pytest.mark.skip(
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
39 reason='Skipping test under python 2'))
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
40
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
41 @contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
42 def disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
43 # if defusedxml not loaded, do nothing
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
44 if 'defusedxml' not in sys.modules:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
45 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
46 return
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
47
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
48 sys.modules['defusedxml'].xmlrpc.unmonkey_patch()
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
49 try:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
50 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
51 finally:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
52 # restore normal defused xmlrpc functions
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
53 sys.modules['defusedxml'].xmlrpc.monkey_patch()
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
54
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
55 class XmlrpcTest(object):
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
56
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
57 backend = None
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
58
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
59 def setUp(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
60 self.dirname = '_test_xmlrpc'
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
61 # set up and open a tracker
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
62 self.instance = db_test_base.setupTracker(self.dirname, self.backend)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
63
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
64 # open the database
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
65 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
66
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
67 print("props_only default", self.db.security.get_props_only_default())
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
68
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
69 # Get user id (user4 maybe). Used later to get data from db.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
70 self.joeid = 'user' + self.db.user.create(username='joe',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
71 password=password.Password('random'), address='random@home.org',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
72 realname='Joe Random', roles='User')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
73
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
74 self.db.commit()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
75 self.db.close()
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
76 self.db = self.instance.open('joe')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
77
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
78 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
79
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
80 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
81 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
82
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
83 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
84
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
85 tx_Source_init(self.db)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
86
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
87 self.server = RoundupInstance(self.db, self.instance.actions, None)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
88
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
89 def tearDown(self):
4104
d8c2d214d688 do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents: 4083
diff changeset
90 self.db.close()
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
91 try:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
92 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
93 except OSError as error:
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
94 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
95
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
96 def testAccess(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
97 # Retrieve all three users.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
98 results = self.server.list('user', 'id')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
99 self.assertEqual(len(results), 3)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
100
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
101 # Obtain data for 'joe'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
102 results = self.server.display(self.joeid)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
103 self.assertEqual(results['username'], 'joe')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
104 self.assertEqual(results['realname'], 'Joe Random')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
105
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
106 def testChange(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
107 # Reset joe's 'realname'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
108 results = self.server.set(self.joeid, 'realname=Joe Doe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
109 results = self.server.display(self.joeid, 'realname')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
110 self.assertEqual(results['realname'], 'Joe Doe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
111
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
112 # check we can't change admin's details
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
113 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe')
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
114
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
115 def testCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
116 results = self.server.create('issue', 'title=foo')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
117 issueid = 'issue' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
118 results = self.server.display(issueid, 'title')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
119 self.assertEqual(results['title'], 'foo')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
120 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
121
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
122 def testFileCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
123 results = self.server.create('file', 'content=hello\r\nthere')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
124 fileid = 'file' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
125 results = self.server.display(fileid, 'content')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
126 self.assertEqual(results['content'], 'hello\r\nthere')
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
127
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
128 def testSchema(self):
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
129 schema={'status': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
130 ('order', '<roundup.hyperdb.Number>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
131 'keyword': [('name', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
132 'priority': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
133 ('order', '<roundup.hyperdb.Number>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
134 'user': [('address', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
135 ('alternate_addresses', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
136 ('organisation', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
137 ('password', '<roundup.hyperdb.Password>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
138 ('phone', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
139 ('queries', '<roundup.hyperdb.Multilink to "query">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
140 ('realname', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
141 ('roles', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
142 ('timezone', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
143 ('username', '<roundup.hyperdb.String>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
144 'file': [('content', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
145 ('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
146 ('type', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
147 'msg': [('author', '<roundup.hyperdb.Link to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
148 ('content', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
149 ('date', '<roundup.hyperdb.Date>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
150 ('files', '<roundup.hyperdb.Multilink to "file">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
151 ('inreplyto', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
152 ('messageid', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
153 ('recipients', '<roundup.hyperdb.Multilink to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
154 ('summary', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
155 ('tx_Source', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
156 ('type', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
157 'query': [('klass', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
158 ('name', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
159 ('private_for', '<roundup.hyperdb.Link to "user">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
160 ('url', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
161 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
162 ('files', '<roundup.hyperdb.Multilink to "file">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
163 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
164 ('messages', '<roundup.hyperdb.Multilink to "msg">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
165 ('nosy', '<roundup.hyperdb.Multilink to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
166 ('priority', '<roundup.hyperdb.Link to "priority">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
167 ('status', '<roundup.hyperdb.Link to "status">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
168 ('superseder', '<roundup.hyperdb.Multilink to "issue">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
169 ('title', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
170 ('tx_Source', '<roundup.hyperdb.String>')]}
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
171
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
172 results = self.server.schema()
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
173 self.assertEqual(results, schema)
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
174
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
175 def testLookup(self):
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
176 self.assertRaises(KeyError, self.server.lookup, 'user', '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
177 results = self.server.lookup('user', 'admin')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
178 self.assertEqual(results, '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
179
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
180 def testAction(self):
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
181 # As this action requires special previledges, we temporarily switch
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
182 # to 'admin'
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
183 self.db.setCurrentUser('admin')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
184 users_before = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
185 try:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
186 tmp = 'user' + self.db.user.create(username='tmp')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
187 self.server.action('retire', tmp)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
188 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
189 self.db.setCurrentUser('joe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
190 users_after = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
191 self.assertEqual(users_before, users_after)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
192
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
193 # test a bogus action
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
194 with self.assertRaises(Exception) as cm:
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
195 self.server.action('bogus')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
196 print(cm.exception)
5471
28613ada27db check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5408
diff changeset
197 self.assertEqual(cm.exception.args[0],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
198 'action "bogus" is not supported ')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
199
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
200 def testAuthDeniedEdit(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
201 # Wrong permissions (caught by roundup security module).
3829
d0ac8188d274 Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
202 self.assertRaises(Unauthorised, self.server.set,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
203 'user1', 'realname=someone')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
204
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
205 def testAuthDeniedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
206 self.assertRaises(Unauthorised, self.server.create,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
207 'user', {'username': 'blah'})
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
208
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
209 def testAuthAllowedEdit(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
210 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
211 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
212 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
213 self.server.set('user2', 'realname=someone')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
214 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
215 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
216 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
217 self.db.setCurrentUser('joe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
218
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
219 def testAuthAllowedCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
220 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
221 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
222 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
223 self.server.create('user', 'username=blah')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
224 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
225 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
226 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
227 self.db.setCurrentUser('joe')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
228
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
229 def testAuthFilter(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
230 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
231 self.db.security.permissions = {}
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
232 # self.db.security.set_props_only_default(props_only=False)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
233 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
234 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
235 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
236 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
237 # Allow viewing keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
238 p = self.db.security.addPermission(name='View', klass='keyword')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
239 print("View keyword class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
240 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
241 # Allow viewing interesting things (but not keyword) on issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
242 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
243 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
244 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
245 properties=("title", "status"), check=lambda x,y,z: True)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
246 print("View keyword class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
247 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
248 # Allow role "Project" access to whole issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
249 p = self.db.security.addPermission(name='View', klass='issue')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
250 self.db.security.addPermissionToRole('Project', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
251 # Allow all access to status:
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
252 p = self.db.security.addPermission(name='View', klass='status')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
253 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
254 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
255
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
256 keyword = self.db.keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
257 status = self.db.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
258 issue = self.db.issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
259
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
260 d1 = keyword.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
261 d2 = keyword.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
262 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
263 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
264 issue.create(title='i1', status=open, keyword=[d2])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
265 issue.create(title='i2', status=open, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
266 issue.create(title='i2', status=closed, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
267
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
268 chef = self.db.user.create(username = 'chef', roles='User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
269 joe = self.db.user.lookup('joe')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
270
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
271 # Conditionally allow view of whole issue (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
272 # this might check for keyword owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
273 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
274 check=lambda x,y,z: False)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
275 print("View issue class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
276 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
277 # Allow user to search for issue.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
278 p = self.db.security.addPermission(name='Search', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
279 properties=("status",))
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
280 print("View Search class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
281 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
282
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
283 keyw = {'keyword':self.db.keyword.lookup('d1')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
284 stat = {'status':self.db.status.lookup('open')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
285 keygroup = keysort = [('+', 'keyword')]
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
286 self.db.commit()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
287
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
288 # Filter on keyword ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
289 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
290 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
291 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
292 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
293 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
294 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
295 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
296 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
297 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
298 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
299
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
300 self.db.close()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
301 self.db = self.instance.open('chef')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
302 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
303
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
304 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
305 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
306 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
307
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
308 self.server = RoundupInstance(self.db, self.instance.actions, None)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
309
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
310 # Filter on keyword works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
311 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
312 self.assertEqual(r, ['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
313 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
314 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
315 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
316 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
317 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
318 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
319 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
320 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
321
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
322 def testMulticall(self):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
323 translator = TranslationService.get_translation(
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
324 language=self.instance.config["TRACKER_LANGUAGE"],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
325 tracker_home=self.instance.config["TRACKER_HOME"])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
326 self.server = RoundupDispatcher(self.db, self.instance.actions,
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
327 translator, allow_none = True)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
328 class S:
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
329 multicall=self.server.funcs['system.multicall']
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
330 self.server.system = S()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
331 self.db.issue.create(title='i1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
332 self.db.issue.create(title='i2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
333 m = MultiCall(self.server)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
334 m.display('issue1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
335 m.display('issue2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
336 result = m()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
337 results = [
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
338 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
339 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
340 'priority': None, 'assignedto': None, 'superseder': []},
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
341 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
342 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
343 'priority': None, 'assignedto': None, 'superseder': []}]
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
344 for n, r in enumerate(result):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
345 self.assertEqual(r, results[n])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
346
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
347 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
348 @skip_defusedxml
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
349 def testDefusedXmlBomb(self):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
350 self.XmlBomb(expectIn=b"defusedxml.common.EntitiesForbidden")
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
351
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
352 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
353 def testNonDefusedXmlBomb(self):
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
354 with disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
355 self.XmlBomb(expectIn=b"1234567890"*511)
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
356
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
357 def XmlBomb(self, expectIn=None):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
358
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
359 bombInput = """<?xml version='1.0'?>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
360 <!DOCTYPE xmlbomb [
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
361 <!ENTITY a "1234567890" >
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
362 <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
363 <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
364 <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
365 ]>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
366 <methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
367 <methodName>filter</methodName>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
368 <params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
369 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
370 <value><string>&d;</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
371 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
372 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
373 <value><array><data>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
374 <value><string>0</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
375 <value><string>2</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
376 <value><string>3</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
377 </data></array></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
378 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
379 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
380 <value><struct>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
381 <member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
382 <name>username</name>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
383 <value><string>demo</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
384 </member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
385 </struct></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
386 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
387 </params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
388 </methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
389 """
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
390 translator = TranslationService.get_translation(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
391 language=self.instance.config["TRACKER_LANGUAGE"],
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
392 tracker_home=self.instance.config["TRACKER_HOME"])
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
393 self.server = RoundupDispatcher(self.db, self.instance.actions,
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
394 translator, allow_none = True)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
395 response = self.server.dispatch(bombInput)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
396 print(response)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
397 self.assertIn(expectIn, response)
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
398
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
399 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
400 backend = 'anydbm'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
401
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
402
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
403 @skip_mysql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
404 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
405 backend = 'mysql'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
406
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
407
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
408 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
409 backend = 'sqlite'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
410
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
411
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
412 @skip_postgresql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
413 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
414 backend = 'postgresql'
Roundup Issue Tracker: http://roundup-tracker.org/