Mercurial > p > roundup > code
annotate test/test_security.py @ 8218:32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
While adding fuzz testing for email addresses via REST
/rest/data/user/1/address, I had an error when setting the address to
the same value it currently had. Traced this to a bug in
userauditor.py. Fixed the bug. Documented in upgrading.txt.
While trying to track down issue, I realized invalid json was being
accepted without error. So I fixed the code that parses the json and
have it return an error. Also modified some tests that broke (used
invalid json, or passed body (e.g. DELETE) but shouldn't have. Add
tests for bad json to verify new code.
Fixed test that wasn't initializing the body_file in each loop, so the
test wasn't actually supplying a body.
Also realised PUT documentation was not correct. Output format isn't
quite like GET.
Fuss tests for email address also added.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 Dec 2024 19:42:46 -0500 |
| parents | 5b1b876054ef |
| children | 98011edc6c60 |
| rev | line source |
|---|---|
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 # Permission is hereby granted, free of charge, to any person obtaining a copy |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 # of this software and associated documentation files (the "Software"), to deal |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 # in the Software without restriction, including without limitation the rights |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 # copies of the Software, and to permit persons to whom the Software is |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 # furnished to do so, subject to the following conditions: |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 # The above copyright notice and this permission notice shall be included in |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 # all copies or substantial portions of the Software. |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
19 # SOFTWARE. |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
20 |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5269
diff
changeset
|
21 from __future__ import print_function |
| 7224 | 22 import os |
| 23 import shutil | |
| 24 import unittest | |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
25 |
|
2926
79f91a6dbc7f
use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
1873
diff
changeset
|
26 from roundup import backends |
|
4480
1613754d2646
Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4444
diff
changeset
|
27 import roundup.password |
|
5388
d26921b851c3
Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5376
diff
changeset
|
28 from .db_test_base import setupSchema, MyTestCase, config |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
29 |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
4570
diff
changeset
|
30 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
4570
diff
changeset
|
31 class PermissionTest(MyTestCase, unittest.TestCase): |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
32 def setUp(self): |
|
2926
79f91a6dbc7f
use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
1873
diff
changeset
|
33 backend = backends.get_backend('anydbm') |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
34 # remove previous test, ignore errors |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
35 if os.path.exists(config.DATABASE): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
36 shutil.rmtree(config.DATABASE) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
37 os.makedirs(config.DATABASE + '/files') |
|
2926
79f91a6dbc7f
use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
1873
diff
changeset
|
38 self.db = backend.Database(config, 'admin') |
|
79f91a6dbc7f
use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
1873
diff
changeset
|
39 setupSchema(self.db, 1, backend) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
40 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
41 def testInterfaceSecurity(self): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
42 ' test that the CGI and mailgw have initialised security OK ' |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
43 # TODO: some asserts |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
44 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
45 def testInitialiseSecurity(self): |
| 7224 | 46 ei = self.db.security.addPermission( |
| 47 name="Edit", klass="issue", | |
| 48 description="User is allowed to edit issues") | |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
49 self.db.security.addPermissionToRole('User', ei) |
| 7224 | 50 ai = self.db.security.addPermission( |
| 51 name="View", klass="issue", | |
| 52 description="User is allowed to access issues") | |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
53 self.db.security.addPermissionToRole('User', ai) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
54 |
|
3535
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
55 def testAdmin(self): |
| 7224 | 56 ei = self.db.security.addPermission( |
| 57 name="Edit", klass="issue", | |
| 58 description="User is allowed to edit issues") | |
|
3535
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
59 self.db.security.addPermissionToRole('User', ei) |
| 7224 | 60 ei = self.db.security.addPermission( |
| 61 name="Edit", klass=None, | |
| 62 description="User is allowed to edit issues") | |
|
3535
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
63 self.db.security.addPermissionToRole('Admin', ei) |
|
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
64 |
|
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
65 u1 = self.db.user.create(username='one', roles='Admin') |
|
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
66 u2 = self.db.user.create(username='two', roles='User') |
|
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
67 |
|
5649
f8893e1cde0d
assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents:
5388
diff
changeset
|
68 self.assertTrue(self.db.security.hasPermission('Edit', u1, None)) |
|
f8893e1cde0d
assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents:
5388
diff
changeset
|
69 self.assertTrue(not self.db.security.hasPermission('Edit', u2, None)) |
|
3535
75dc225613cc
fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents:
3119
diff
changeset
|
70 |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
71 def testGetPermission(self): |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
72 self.db.security.getPermission('Edit') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
73 self.db.security.getPermission('View') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
74 self.assertRaises(ValueError, self.db.security.getPermission, 'x') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
75 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit', |
| 7224 | 76 'fubar') |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
77 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
78 add = self.db.security.addPermission |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
79 get = self.db.security.getPermission |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
80 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
81 # class |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
82 ei = add(name="Edit", klass="issue") |
|
5794
95a366d46065
Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents:
5649
diff
changeset
|
83 self.assertEqual(get('Edit', 'issue'), ei) |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
84 ai = add(name="View", klass="issue") |
|
5794
95a366d46065
Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents:
5649
diff
changeset
|
85 self.assertEqual(get('View', 'issue'), ai) |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
86 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
87 # property |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
88 epi1 = add(name="Edit", klass="issue", properties=['title']) |
|
5794
95a366d46065
Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents:
5649
diff
changeset
|
89 self.assertEqual(get('Edit', 'issue', properties=['title']), epi1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
90 epi2 = add(name="Edit", klass="issue", properties=['title'], |
| 7224 | 91 props_only=True) |
| 92 self.assertEqual(get('Edit', 'issue', properties=['title'], | |
| 93 props_only=False), epi1) | |
| 94 self.assertEqual(get('Edit', 'issue', properties=['title'], | |
| 95 props_only=True), epi2) | |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
96 self.db.security.set_props_only_default(True) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
97 self.assertEqual(get('Edit', 'issue', properties=['title']), epi2) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
98 api1 = add(name="View", klass="issue", properties=['title']) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
99 self.assertEqual(get('View', 'issue', properties=['title']), api1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
100 self.db.security.set_props_only_default(False) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
101 api2 = add(name="View", klass="issue", properties=['title']) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
102 self.assertEqual(get('View', 'issue', properties=['title']), api2) |
|
5795
10747e4e4ec4
replace assertNotEquals with assertNotEqual
John Rouillard <rouilj@ieee.org>
parents:
5794
diff
changeset
|
103 self.assertNotEqual(get('View', 'issue', properties=['title']), api1) |
| 7224 | 104 |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
105 # check function |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
106 dummy = lambda: 0 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
107 eci = add(name="Edit", klass="issue", check=dummy) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
108 self.assertEqual(get('Edit', 'issue', check=dummy), eci) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
109 # props_only only makes sense if you are setting props. |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
110 # make it a no-op unless properties is set. |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
111 self.assertEqual(get('Edit', 'issue', check=dummy, |
| 7224 | 112 props_only=True), eci) |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
113 aci = add(name="View", klass="issue", check=dummy) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
114 self.assertEqual(get('View', 'issue', check=dummy), aci) |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
115 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
116 # all |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
117 epci = add(name="Edit", klass="issue", properties=['title'], |
| 7224 | 118 check=dummy) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
119 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
120 self.db.security.set_props_only_default(False) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
121 # implicit props_only=False |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
122 self.assertEqual(get('Edit', 'issue', properties=['title'], |
| 7224 | 123 check=dummy), epci) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
124 # explicit props_only=False |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
125 self.assertEqual(get('Edit', 'issue', properties=['title'], |
| 7224 | 126 check=dummy, props_only=False), epci) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
127 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
128 # implicit props_only=True |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
129 self.db.security.set_props_only_default(True) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
130 self.assertRaises(ValueError, get, 'Edit', 'issue', |
| 7224 | 131 properties=['title'], |
| 132 check=dummy) | |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
133 # explicit props_only=False |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
134 self.assertRaises(ValueError, get, 'Edit', 'issue', |
| 7224 | 135 properties=['title'], |
| 136 check=dummy, props_only=True) | |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
137 |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
138 apci = add(name="View", klass="issue", properties=['title'], |
| 7224 | 139 check=dummy) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
140 self.assertEqual(get('View', 'issue', properties=['title'], |
| 7224 | 141 check=dummy), apci) |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
142 |
| 5200 | 143 # Reset to default. Somehow this setting looks like it |
| 144 # was bleeding through to other tests in test_xmlrpc. | |
| 145 # Is the security module being loaded only once for all tests?? | |
| 146 self.db.security.set_props_only_default(False) | |
| 147 | |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
148 def testDBinit(self): |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
149 self.db.user.create(username="demo", roles='User') |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
150 self.db.user.create(username="anonymous", roles='Anonymous') |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
151 |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
152 def testAccessControls(self): |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
153 add = self.db.security.addPermission |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
154 has = self.db.security.hasPermission |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
155 addRole = self.db.security.addRole |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
156 addToRole = self.db.security.addPermissionToRole |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
157 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
158 none = self.db.user.create(username='none', roles='None') |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
159 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
160 # test admin access |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
161 addRole(name='Super') |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
162 addToRole('Super', add(name="Test")) |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
163 super = self.db.user.create(username='super', roles='Super') |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
164 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
165 # test class-level access |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
166 addRole(name='Role1') |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
167 addToRole('Role1', add(name="Test", klass="test")) |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
168 user1 = self.db.user.create(username='user1', roles='Role1') |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
169 self.assertEqual(has('Test', user1, 'test'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
170 self.assertEqual(has('Test', super, 'test'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
171 self.assertEqual(has('Test', none, 'test'), 0) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
172 |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
173 # property |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
174 addRole(name='Role2') |
| 7224 | 175 addToRole('Role2', add(name="Test", klass="test", |
| 176 properties=['a', 'b'])) | |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
177 user2 = self.db.user.create(username='user2', roles='Role2') |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
178 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
179 # check function |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
180 check_old_style = lambda db, userid, itemid: itemid == '2' |
| 7224 | 181 # def check_old_style(db, userid, itemid): |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
182 # print "checking userid, itemid: %r"%((userid,itemid),) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
183 # return(itemid == '2') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
184 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
185 # setup to check function new style. Make sure that |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
186 # other args are passed. |
| 7224 | 187 def check(db, userid, itemid, **other): |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
188 prop = other['property'] |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
189 prop = other['classname'] |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
190 prop = other['permission'] |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
191 return (itemid == '1') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
192 |
|
5269
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
193 # also create a check as a callable of a class |
|
6268
bdcccd2b2141
Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents:
5797
diff
changeset
|
194 # https://issues.roundup-tracker.org/issue2550952 |
|
5269
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
195 class CheckClass(object): |
| 7224 | 196 def __call__(self, db, userid, itemid, **other): |
|
5269
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
197 prop = other['property'] |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
198 prop = other['classname'] |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
199 prop = other['permission'] |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
200 return (itemid == '1') |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
201 |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
202 addRole(name='Role3') |
|
5269
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
203 # make sure check=CheckClass() and not check=CheckClass |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
204 # otherwise we get: |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
205 # inspectible <slot wrapper '__init__' of 'object' objects> |
|
c94fd717e28c
Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents:
5200
diff
changeset
|
206 addToRole('Role3', add(name="Test", klass="test", check=CheckClass())) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
207 user3 = self.db.user.create(username='user3', roles='Role3') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
208 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
209 addRole(name='Role4') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
210 addToRole('Role4', add(name="Test", klass="test", check=check, |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
211 properties='a', props_only=True)) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
212 user4 = self.db.user.create(username='user4', roles='Role4') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
213 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
214 self.db.security.set_props_only_default(props_only=True) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
215 addRole(name='Role5') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
216 addToRole('Role5', add(name="Test", klass="test", |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
217 check=check_old_style, properties=['a'])) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
218 user5 = self.db.user.create(username='user5', roles='Role5') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
219 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
220 self.db.security.set_props_only_default(False) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
221 addRole(name='Role6') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
222 addToRole('Role6', add(name="Test", klass="test", check=check, |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
223 properties=['a', 'b'])) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
224 user6 = self.db.user.create(username='user6', roles='Role6') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
225 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
226 addRole(name='Role7') |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
227 addToRole('Role7', add(name="Test", klass="test", |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
228 check=check_old_style, |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
229 properties=['a', 'b'])) |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
230 user7 = self.db.user.create(username='user7', roles='Role7') |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5269
diff
changeset
|
231 print(user7) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
232 |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
233 # *any* access to class |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
234 self.assertEqual(has('Test', user1, 'test'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
235 self.assertEqual(has('Test', user2, 'test'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
236 self.assertEqual(has('Test', user3, 'test'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
237 # user4 and user5 should not return true as the permission |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
238 # is limited to property checks |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
239 self.assertEqual(has('Test', user4, 'test'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
240 self.assertEqual(has('Test', user5, 'test'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
241 # user6 will will return access |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
242 self.assertEqual(has('Test', user6, 'test'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
243 # will work because check is ignored, if check was |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
244 # used this would work but next test would fail |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
245 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
246 # returns true because class tests ignore the check command |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
247 # if there is no itemid no check command is run |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
248 self.assertEqual(has('Test', user7, 'test'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
249 self.assertEqual(has('Test', none, 'test'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
250 |
|
3119
c26f2ba69c78
some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents:
3117
diff
changeset
|
251 # *any* access to item |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
252 self.assertEqual(has('Test', user1, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
253 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
254 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
255 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
256 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
257 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
258 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
259 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
260 self.assertEqual(has('Test', super, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
261 self.assertEqual(has('Test', none, 'test', itemid='1'), 0) |
|
3119
c26f2ba69c78
some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents:
3117
diff
changeset
|
262 |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
263 # now property test: no default itemid so check functions not run. |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
264 self.assertEqual(has('Test', user7, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
265 self.assertEqual(has('Test', user7, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
266 self.assertEqual(has('Test', user7, 'test', property='c'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
267 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
268 self.assertEqual(has('Test', user6, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
269 self.assertEqual(has('Test', user6, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
270 self.assertEqual(has('Test', user6, 'test', property='c'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
271 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
272 self.assertEqual(has('Test', user5, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
273 self.assertEqual(has('Test', user5, 'test', property='b'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
274 self.assertEqual(has('Test', user5, 'test', property='c'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
275 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
276 self.assertEqual(has('Test', user4, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
277 self.assertEqual(has('Test', user4, 'test', property='b'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
278 self.assertEqual(has('Test', user4, 'test', property='c'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
279 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
280 self.assertEqual(has('Test', user3, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
281 self.assertEqual(has('Test', user3, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
282 self.assertEqual(has('Test', user3, 'test', property='c'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
283 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
284 self.assertEqual(has('Test', user2, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
285 self.assertEqual(has('Test', user2, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
286 self.assertEqual(has('Test', user2, 'test', property='c'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
287 self.assertEqual(has('Test', user1, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
288 self.assertEqual(has('Test', user1, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
289 self.assertEqual(has('Test', user1, 'test', property='c'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
290 self.assertEqual(has('Test', super, 'test', property='a'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
291 self.assertEqual(has('Test', super, 'test', property='b'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
292 self.assertEqual(has('Test', super, 'test', property='c'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
293 self.assertEqual(has('Test', none, 'test', property='a'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
294 self.assertEqual(has('Test', none, 'test', property='b'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
295 self.assertEqual(has('Test', none, 'test', property='c'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
296 self.assertEqual(has('Test', none, 'test'), 0) |
|
3117
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
297 |
|
460eb0209a9e
Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
2926
diff
changeset
|
298 # now check function |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
299 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
300 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
301 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
302 self.assertEqual(has('Test', user6, 'test', itemid='2'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
303 # check functions will not run for user4/user5 since the |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
304 # only perms are for properties only. |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
305 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
306 self.assertEqual(has('Test', user5, 'test', itemid='2'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
307 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
308 self.assertEqual(has('Test', user4, 'test', itemid='2'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
309 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
310 self.assertEqual(has('Test', user3, 'test', itemid='2'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
311 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
312 self.assertEqual(has('Test', user2, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
313 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
314 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
315 self.assertEqual(has('Test', super, 'test', itemid='1'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
316 self.assertEqual(has('Test', super, 'test', itemid='2'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
317 self.assertEqual(has('Test', none, 'test', itemid='1'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
318 self.assertEqual(has('Test', none, 'test', itemid='2'), 0) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
319 |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
320 # now mix property and check commands |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
321 # check is old style props_only = false |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
322 self.assertEqual(has('Test', user7, 'test', property="c", |
| 7224 | 323 itemid='2'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
324 self.assertEqual(has('Test', user7, 'test', property="c", |
| 7224 | 325 itemid='1'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
326 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
327 self.assertEqual(has('Test', user7, 'test', property="a", |
| 7224 | 328 itemid='2'), 1) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
329 self.assertEqual(has('Test', user7, 'test', property="a", |
| 7224 | 330 itemid='1'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
331 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
332 # check is new style props_only = false |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
333 self.assertEqual(has('Test', user6, 'test', itemid='2', |
| 7224 | 334 property='c'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
335 self.assertEqual(has('Test', user6, 'test', itemid='1', |
| 7224 | 336 property='c'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
337 self.assertEqual(has('Test', user6, 'test', itemid='2', |
| 7224 | 338 property='b'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
339 self.assertEqual(has('Test', user6, 'test', itemid='1', |
| 7224 | 340 property='b'), 1) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
341 self.assertEqual(has('Test', user6, 'test', itemid='2', |
| 7224 | 342 property='a'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
343 self.assertEqual(has('Test', user6, 'test', itemid='1', |
| 7224 | 344 property='a'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
345 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
346 # check is old style props_only = true |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
347 self.assertEqual(has('Test', user5, 'test', itemid='2', |
| 7224 | 348 property='b'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
349 self.assertEqual(has('Test', user5, 'test', itemid='1', |
| 7224 | 350 property='b'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
351 self.assertEqual(has('Test', user5, 'test', itemid='2', |
| 7224 | 352 property='a'), 1) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
353 self.assertEqual(has('Test', user5, 'test', itemid='1', |
| 7224 | 354 property='a'), 0) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
355 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
356 # check is new style props_only = true |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
357 self.assertEqual(has('Test', user4, 'test', itemid='2', |
| 7224 | 358 property='b'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
359 self.assertEqual(has('Test', user4, 'test', itemid='1', |
| 7224 | 360 property='b'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
361 self.assertEqual(has('Test', user4, 'test', itemid='2', |
| 7224 | 362 property='a'), 0) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
363 self.assertEqual(has('Test', user4, 'test', itemid='1', |
| 7224 | 364 property='a'), 1) |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5186
diff
changeset
|
365 |
|
4438
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
366 def testTransitiveSearchPermissions(self): |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
367 add = self.db.security.addPermission |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
368 has = self.db.security.hasSearchPermission |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
369 addRole = self.db.security.addRole |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
370 addToRole = self.db.security.addPermissionToRole |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
371 addRole(name='User') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
372 addRole(name='Anonymous') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
373 addRole(name='Issue') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
374 addRole(name='Msg') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
375 addRole(name='UV') |
|
4438
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
376 user = self.db.user.create(username='user1', roles='User') |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
377 anon = self.db.user.create(username='anonymous', roles='Anonymous') |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
378 ui = self.db.user.create(username='user2', roles='Issue') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
379 uim = self.db.user.create(username='user3', roles='Issue,Msg') |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
380 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV') |
|
4438
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
381 iv = add(name="View", klass="issue") |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
382 addToRole('User', iv) |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
383 addToRole('Anonymous', iv) |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
384 addToRole('Issue', iv) |
|
4438
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
385 ms = add(name="Search", klass="msg") |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
386 addToRole('User', ms) |
|
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
387 addToRole('Anonymous', ms) |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
388 addToRole('Msg', ms) |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
389 uv = add(name="View", klass="user") |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
390 addToRole('User', uv) |
|
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
391 addToRole('UV', uv) |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
392 self.assertEqual(has(anon, 'issue', 'messages'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
393 self.assertEqual(has(anon, 'issue', 'messages.author'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
394 self.assertEqual(has(anon, 'issue', 'messages.author.username'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
395 self.assertEqual(has(anon, 'issue', 'messages.recipients'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
396 self.assertEqual(has(anon, 'issue', 'messages.recipients.username'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
397 self.assertEqual(has(user, 'issue', 'messages'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
398 self.assertEqual(has(user, 'issue', 'messages.author'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
399 self.assertEqual(has(user, 'issue', 'messages.author.username'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
400 self.assertEqual(has(user, 'issue', 'messages.recipients'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
401 self.assertEqual(has(user, 'issue', 'messages.recipients.username'), 1) |
|
4438
222efa59ee6c
search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3535
diff
changeset
|
402 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
403 self.assertEqual(has(ui, 'issue', 'messages'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
404 self.assertEqual(has(ui, 'issue', 'messages.author'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
405 self.assertEqual(has(ui, 'issue', 'messages.author.username'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
406 self.assertEqual(has(ui, 'issue', 'messages.recipients'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
407 self.assertEqual(has(ui, 'issue', 'messages.recipients.username'), 0) |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
408 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
409 self.assertEqual(has(uim, 'issue', 'messages'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
410 self.assertEqual(has(uim, 'issue', 'messages.author'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
411 self.assertEqual(has(uim, 'issue', 'messages.author.username'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
412 self.assertEqual(has(uim, 'issue', 'messages.recipients'), 0) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
413 self.assertEqual(has(uim, 'issue', 'messages.recipients.username'), 0) |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
414 |
|
5797
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
415 self.assertEqual(has(uimu, 'issue', 'messages'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
416 self.assertEqual(has(uimu, 'issue', 'messages.author'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
417 self.assertEqual(has(uimu, 'issue', 'messages.author.username'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
418 self.assertEqual(has(uimu, 'issue', 'messages.recipients'), 1) |
|
d2805ea1a2c3
replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents:
5795
diff
changeset
|
419 self.assertEqual(has(uimu, 'issue', 'messages.recipients.username'), 1) |
|
4444
8137456a86f3
more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4438
diff
changeset
|
420 |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
421 # roundup.password has its own built-in tests, call them. |
|
4480
1613754d2646
Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4444
diff
changeset
|
422 def test_password(self): |
|
1613754d2646
Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4444
diff
changeset
|
423 roundup.password.test() |
|
1613754d2646
Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4444
diff
changeset
|
424 |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
425 # pretend import of crypt failed |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
426 orig_crypt = roundup.password.crypt |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
427 roundup.password.crypt = None |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
428 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
429 roundup.password.test_missing_crypt() |
| 7224 | 430 self.assertEqual(ctx.exception.args[0], |
| 431 "Unsupported encryption scheme 'crypt'") | |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
432 roundup.password.crypt = orig_crypt |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6268
diff
changeset
|
433 |
|
7222
b124c38930ed
renname test to test_pbkdf2_unpack_errors
John Rouillard <rouilj@ieee.org>
parents:
7221
diff
changeset
|
434 def test_pbkdf2_unpack_errors(self): |
|
7221
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
435 pbkdf2_unpack = roundup.password.pbkdf2_unpack |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
436 |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
437 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
438 pbkdf2_unpack("fred$password") |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
439 |
| 7224 | 440 self.assertEqual(ctx.exception.args[0], |
|
7221
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
441 'invalid PBKDF2 hash (wrong number of separators)') |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
442 |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
443 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
444 pbkdf2_unpack("0200000$salt$password") |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
445 |
| 7224 | 446 self.assertEqual(ctx.exception.args[0], |
|
7221
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
447 'invalid PBKDF2 hash (zero-padded rounds)') |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
448 |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
449 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
450 pbkdf2_unpack("fred$salt$password") |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
451 |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
452 self.assertEqual(ctx.exception.args[0], |
|
7221
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
453 'invalid PBKDF2 hash (invalid rounds)') |
|
cbeac604d9d5
Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents:
7184
diff
changeset
|
454 |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
455 def test_empty_passwords(self): |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
456 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
457 p = roundup.password.Password() |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
458 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
459 with self.assertRaises(ValueError) as ctx: |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
460 p == "foo" |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
461 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
462 self.assertEqual(ctx.exception.args[0], |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
463 'Password not set') |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
464 |
|
7226
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
465 with self.assertRaises(ValueError) as ctx: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
466 p.__str__() |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
467 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
468 self.assertEqual(ctx.exception.args[0], |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
469 'Password not set') |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
470 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
471 # make sure it uses the default scheme |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
472 default_scheme = roundup.password.Password.default_scheme |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
473 p.setPassword("sekret", config=self.db.config) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
474 self.assertEqual(p.scheme, default_scheme) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
475 |
|
7165
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
476 def test_pbkdf2_migrate_rounds(self): |
|
7184
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
477 '''Check that migration happens when number of rounds in |
|
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
478 config is larger than number of rounds in current password. |
|
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
479 ''' |
|
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
480 |
|
7165
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
481 p = roundup.password.Password('sekrit', 'PBKDF2', |
|
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
482 config=self.db.config) |
|
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
483 |
|
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
484 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000000 |
|
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
485 |
|
7184
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
486 os.environ["PYTEST_USE_CONFIG"] = "True" |
|
7165
970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents:
7163
diff
changeset
|
487 self.assertEqual(p.needs_migration(config=self.db.config), True) |
|
7184
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
488 del(os.environ["PYTEST_USE_CONFIG"]) |
|
8b2287d850c8
Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents:
7167
diff
changeset
|
489 |
|
7226
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
490 # set up p with rounds under 1000. This is usually prevented, |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
491 # but older software could generate smaller rounds. |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
492 p.password = p.password.replace('1000$', '900$') |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
493 self.assertEqual(p.needs_migration(config=self.db.config), True) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
494 |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
495 def test_encodePassword_errors(self): |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
496 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
497 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
498 os.environ["PYTEST_USE_CONFIG"] = "True" |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
499 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
| 7224 | 500 roundup.password.encodePassword('sekrit', 'PBKDF2', |
| 501 config=self.db.config) | |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
502 |
| 7224 | 503 self.assertEqual(ctx.exception.args[0], |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
504 'invalid PBKDF2 hash (rounds too low)') |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
505 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
506 del(os.environ["PYTEST_USE_CONFIG"]) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
507 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
508 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
| 7224 | 509 roundup.password.encodePassword('sekrit', 'fred', |
| 510 config=self.db.config) | |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
511 |
| 7224 | 512 self.assertEqual(ctx.exception.args[0], |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
513 "Unknown encryption scheme 'fred'") |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
514 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
515 def test_pbkdf2_errors(self): |
| 7224 | 516 |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
517 with self.assertRaises(ValueError) as ctx: |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
518 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 41) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
519 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
520 self.assertEqual(ctx.exception.args[0], |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
521 "key length too large") |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
522 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
523 with self.assertRaises(ValueError) as ctx: |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
524 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 40) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
525 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
526 self.assertEqual(ctx.exception.args[0], |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
527 "rounds must be positive number") |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
528 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
529 def test_pbkdf2_sha512_errors(self): |
| 7224 | 530 |
|
7223
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
531 with self.assertRaises(ValueError) as ctx: |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
532 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 65) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
533 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
534 self.assertEqual(ctx.exception.args[0], |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
535 "key length too large") |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
536 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
537 with self.assertRaises(ValueError) as ctx: |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
538 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64) |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
539 |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
540 self.assertEqual(ctx.exception.args[0], |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
541 "rounds must be positive number") |
|
19db61be18e0
more tests for password.py
John Rouillard <rouilj@ieee.org>
parents:
7222
diff
changeset
|
542 |
|
7226
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
543 def test_misc_functions(self): |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
544 import random # for fuzzing later |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
545 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
546 v = roundup.password.bchr(64) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
547 if bytes == str: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
548 self.assertEqual(v, '@') |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
549 else: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
550 self.assertEqual(v, b'@') |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
551 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
552 v = roundup.password.bord(b'@') |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
553 if bytes == str: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
554 self.assertEqual(v, 64) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
555 else: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
556 self.assertEqual(v, b'@') |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
557 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
558 for plain, encode in ( |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
559 (b'tes', 'dGVz'), |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
560 (b'test', 'dGVzdA'), |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
561 (b'testb', "dGVzdGI"), |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
562 ): |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
563 v = roundup.password.h64encode(plain) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
564 self.assertEqual(v, encode) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
565 v = roundup.password.h64decode(v) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
566 self.assertEqual(v, plain) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
567 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
568 with self.assertRaises(ValueError) as ctx: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
569 v = roundup.password.h64decode("dGVzd") |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
570 self.assertEqual(ctx.exception.args[0], "Invalid base64 input") |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
571 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
572 # poor man's fuzzer |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
573 if bytes == str: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
574 # alias range to xrange for python2, more efficient. |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
575 range_ = xrange # noqa: F821 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
576 else: |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
577 range_ = range |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
578 |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
579 for i in range_(25): |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
580 plain = bytearray(random.getrandbits(8) for _ in range_(i*4)) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
581 e = roundup.password.h64encode(plain) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
582 self.assertEqual(roundup.password.h64decode(e), plain) |
|
5b1b876054ef
Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents:
7224
diff
changeset
|
583 |
|
7167
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
584 def test_encodePasswordNoConfig(self): |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
585 # should run cleanly as we are in a test. |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
586 # |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
587 p = roundup.password.encodePassword('sekrit', 'PBKDF2') |
| 7224 | 588 # verify 1000 rounds being used becaue we are in test mode |
| 589 self.assertTrue(p.startswith("1000$")) | |
|
7167
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
590 |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
591 del(os.environ["PYTEST_CURRENT_TEST"]) |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
592 self.assertNotIn("PYTEST_CURRENT_TEST", os.environ) |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
593 |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
594 with self.assertRaises(roundup.password.ConfigNotSet) as ctx: |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
595 roundup.password.encodePassword('sekrit', 'PBKDF2') |
|
f6b24a8524cd
Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents:
7165
diff
changeset
|
596 |
| 7224 | 597 self.assertEqual(ctx.exception.args[0], |
| 598 "encodePassword called without config.") | |
|
2926
79f91a6dbc7f
use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
1873
diff
changeset
|
599 # vim: set filetype=python sts=4 sw=4 et si : |