Mercurial > p > roundup > code
annotate test/test_anypy.py @ 8265:35beff316883
fix(api): issue2551384. Verify REST authorization earlier
To reduce the ability of bad actors to spam (DOS) the REST endpoint
with bad data and generate logs meant for debugging, modify the flow
in client.py's REST handler to verify authorization earlier.
If the anonymous user is allowed to use REST, this won't make a
difference for a DOS attempt. The templates don't enable REST for the
anonymous user by default. Most admins don't change this.
The validation order for REST requests has been changed.
CORS identfied an handled
User authorization to use REST (return 403 on failure)
REST request validated (Origin header valid etc.) (return 400 for
bad request)
Incorrectly formatted CORS preflight requests (e.g. missing Origin
header) that are not recogized as a CORS request can now return HTTP
status 403 as well as status 400 (when anonymous is allowed
access). Note all CORS preflights are sent without authentication so
appear as anonymous requests.
The tests were updated to compensate, but it is not obvious to me from
specs what the proper evaulation order/return codes should be for this
case. Both 403/400 are failures and cause CORS to fail so there should
be no difference but...
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 09 Jan 2025 09:30:08 -0500 |
| parents | ebb03b8cee4d |
| children |
| rev | line source |
|---|---|
|
6532
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 """Random tests for anypy modules""" |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 import unittest |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 from roundup.anypy.strings import repr_export, eval_import |
|
7824
ebb03b8cee4d
test: invoke test function in cmp_.py.
John Rouillard <rouilj@ieee.org>
parents:
7766
diff
changeset
|
6 from roundup.anypy.cmp_ import _test |
|
6532
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 import sys |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 _py3 = sys.version_info[0] > 2 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 class StringsTest(unittest.TestCase): |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 def test_import_params(self): |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 """ issue2551170 - handle long int in history/journal |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 params tuple |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 """ |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 # python2 export with id as number |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 val = eval_import("('issue', 2345L, 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 self.assertSequenceEqual(val, ('issue', 2345, 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 |
|
7766
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
21 # eval a tuple e.g. date representation |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
22 val = eval_import("(2022, 9, 6, 3, 58, 4.776, 0, 0, 0)") |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
23 self.assertSequenceEqual(val, (2022, 9, 6, 3, 58, 4.776, 0, 0, 0)) |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
24 |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
25 # eval a boolean |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
26 val = eval_import("False") |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
27 self.assertEqual(val, False) |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
28 val = eval_import("True") |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
29 self.assertEqual(val, True) |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
30 |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
31 # check syntax error |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
32 for testcase in ['true', '(2004, 10, 20', "2000, 10, 22)", |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
33 "test'", '"test']: |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
34 with self.assertRaises(ValueError) as m: |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
35 val = eval_import(testcase) |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
36 print(m.exception) |
|
c65e0a725c88
fix: replace eval with ast.literal_eval; ruff linting
John Rouillard <rouilj@ieee.org>
parents:
6532
diff
changeset
|
37 |
|
6532
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
38 # python3 export with id as number |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
39 val = eval_import("('issue', 2345, 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
40 self.assertSequenceEqual(val, ('issue', 2345, 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
41 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
42 # python2 or python3 export with id as string |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
43 val = eval_import("('issue', '2345', 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
44 self.assertSequenceEqual(val, ('issue', '2345', 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
45 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
46 def test_export_params(self): |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
47 """ issue2551170 - handle long int in history/journal |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
48 params tuple |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
49 """ |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
50 # python2 export with id as number |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
51 if _py3: |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
52 val = repr_export(('issue', 2345, 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
53 self.assertEqual(val, "('issue', 2345, 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
54 else: |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
55 val = repr_export(('issue', long(2345), 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
56 self.assertEqual(val, "('issue', 2345L, 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
57 |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
58 # python2 or python3 export with id as string |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
59 val = repr_export(('issue', '2345', 'status')) |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
60 self.assertEqual(val, "('issue', '2345', 'status')") |
|
e4db9d0b85c7
test for issue2551170 process python 2 long under python3
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
61 |
|
7824
ebb03b8cee4d
test: invoke test function in cmp_.py.
John Rouillard <rouilj@ieee.org>
parents:
7766
diff
changeset
|
62 class MiscTest(unittest.TestCase): |
|
ebb03b8cee4d
test: invoke test function in cmp_.py.
John Rouillard <rouilj@ieee.org>
parents:
7766
diff
changeset
|
63 |
|
ebb03b8cee4d
test: invoke test function in cmp_.py.
John Rouillard <rouilj@ieee.org>
parents:
7766
diff
changeset
|
64 def test_cmp_(self): |
|
ebb03b8cee4d
test: invoke test function in cmp_.py.
John Rouillard <rouilj@ieee.org>
parents:
7766
diff
changeset
|
65 _test() |