Mercurial > p > roundup > code
annotate test/test_xmlrpc.py @ 8237:57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
defusedxml will be used to moneypatch the problematic client and
server modules.
Test added using an xml bomb.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 29 Dec 2024 19:11:01 -0500 |
| parents | 978285986b2c |
| children | 05405220dc38 |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
7 from __future__ import print_function |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
8 import unittest, os, shutil, errno, pytest, sys, difflib, re |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
9 |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5388
diff
changeset
|
10 from roundup.anypy import xmlrpc_ |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5388
diff
changeset
|
11 MultiCall = xmlrpc_.client.MultiCall |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
12 from roundup.cgi.exceptions import * |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
13 from roundup import init, instance, password, hyperdb, date |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
14 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
15 from roundup.backends import list_backends |
| 4781 | 16 from roundup.hyperdb import String |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
17 from roundup.cgi import TranslationService |
| 6361 | 18 from roundup.test.tx_Source_detector import init as tx_Source_init |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
19 |
|
5388
d26921b851c3
Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5385
diff
changeset
|
20 from . import db_test_base |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
21 from .test_mysql import skip_mysql |
|
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
22 from .test_postgresql import skip_postgresql |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
23 |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
24 from .pytest_patcher import mark_class |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
25 from roundup.anypy.xmlrpc_ import client |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
26 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
27 if client.defusedxml: |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
28 skip_defusedxml = lambda func, *args, **kwargs: func |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
29 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
30 skip_defusedxml_used = mark_class(pytest.mark.skip( |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
31 reason='Skipping non-defusedxml tests: defusedxml library in use')) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
32 else: |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
33 skip_defusedxml = mark_class(pytest.mark.skip( |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
34 reason='Skipping defusedxml tests: defusedxml library not available')) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
35 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
36 skip_defusedxml_used = lambda func, *args, **kwargs: func |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
37 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
38 class XmlrpcTest(object): |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
39 |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
40 backend = None |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
41 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
42 def setUp(self): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
43 self.dirname = '_test_xmlrpc' |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
44 # set up and open a tracker |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
45 self.instance = db_test_base.setupTracker(self.dirname, self.backend) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
46 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
47 # open the database |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
48 self.db = self.instance.open('admin') |
| 4781 | 49 |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
50 print("props_only default", self.db.security.get_props_only_default()) |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
51 |
| 4781 | 52 # Get user id (user4 maybe). Used later to get data from db. |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
53 self.joeid = 'user' + self.db.user.create(username='joe', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
54 password=password.Password('random'), address='random@home.org', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
55 realname='Joe Random', roles='User') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
56 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
57 self.db.commit() |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
58 self.db.close() |
| 4083 | 59 self.db = self.instance.open('joe') |
| 4781 | 60 |
| 61 self.db.tx_Source = 'web' | |
| 62 | |
| 63 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 64 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 65 | |
| 66 self.db.post_init() | |
| 67 | |
| 6361 | 68 tx_Source_init(self.db) |
| 4781 | 69 |
| 4083 | 70 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
71 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
72 def tearDown(self): |
|
4104
d8c2d214d688
do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents:
4083
diff
changeset
|
73 self.db.close() |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
74 try: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
75 shutil.rmtree(self.dirname) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
76 except OSError as error: |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
77 if error.errno not in (errno.ENOENT, errno.ESRCH): raise |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
78 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
79 def testAccess(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
80 # Retrieve all three users. |
| 4083 | 81 results = self.server.list('user', 'id') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
82 self.assertEqual(len(results), 3) |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
83 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
84 # Obtain data for 'joe'. |
| 4083 | 85 results = self.server.display(self.joeid) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
86 self.assertEqual(results['username'], 'joe') |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
87 self.assertEqual(results['realname'], 'Joe Random') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
88 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
89 def testChange(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
90 # Reset joe's 'realname'. |
| 4083 | 91 results = self.server.set(self.joeid, 'realname=Joe Doe') |
| 92 results = self.server.display(self.joeid, 'realname') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
93 self.assertEqual(results['realname'], 'Joe Doe') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
94 |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
95 # check we can't change admin's details |
| 4083 | 96 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe') |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
97 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
98 def testCreate(self): |
| 4083 | 99 results = self.server.create('issue', 'title=foo') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
100 issueid = 'issue' + results |
| 4083 | 101 results = self.server.display(issueid, 'title') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
102 self.assertEqual(results['title'], 'foo') |
| 4781 | 103 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
104 |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
105 def testFileCreate(self): |
| 4083 | 106 results = self.server.create('file', 'content=hello\r\nthere') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
107 fileid = 'file' + results |
| 4083 | 108 results = self.server.display(fileid, 'content') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
109 self.assertEqual(results['content'], 'hello\r\nthere') |
|
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
110 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
111 def testSchema(self): |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
112 schema={'status': [('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
113 ('order', '<roundup.hyperdb.Number>')], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
114 'keyword': [('name', '<roundup.hyperdb.String>')], |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
115 'priority': [('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
116 ('order', '<roundup.hyperdb.Number>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
117 'user': [('address', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
118 ('alternate_addresses', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
119 ('organisation', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
120 ('password', '<roundup.hyperdb.Password>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
121 ('phone', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
122 ('queries', '<roundup.hyperdb.Multilink to "query">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
123 ('realname', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
124 ('roles', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
125 ('timezone', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
126 ('username', '<roundup.hyperdb.String>')], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
127 'file': [('content', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
128 ('name', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
129 ('type', '<roundup.hyperdb.String>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
130 'msg': [('author', '<roundup.hyperdb.Link to "user">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
131 ('content', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
132 ('date', '<roundup.hyperdb.Date>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
133 ('files', '<roundup.hyperdb.Multilink to "file">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
134 ('inreplyto', '<roundup.hyperdb.String>'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
135 ('messageid', '<roundup.hyperdb.String>'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
136 ('recipients', '<roundup.hyperdb.Multilink to "user">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
137 ('summary', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
138 ('tx_Source', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
139 ('type', '<roundup.hyperdb.String>')], |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
140 'query': [('klass', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
141 ('name', '<roundup.hyperdb.String>'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
142 ('private_for', '<roundup.hyperdb.Link to "user">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
143 ('url', '<roundup.hyperdb.String>')], |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
144 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
145 ('files', '<roundup.hyperdb.Multilink to "file">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
146 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
147 ('messages', '<roundup.hyperdb.Multilink to "msg">'), |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
148 ('nosy', '<roundup.hyperdb.Multilink to "user">'), |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
149 ('priority', '<roundup.hyperdb.Link to "priority">'), |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
150 ('status', '<roundup.hyperdb.Link to "status">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
151 ('superseder', '<roundup.hyperdb.Multilink to "issue">'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
152 ('title', '<roundup.hyperdb.String>'), |
|
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5471
diff
changeset
|
153 ('tx_Source', '<roundup.hyperdb.String>')]} |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
154 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
155 results = self.server.schema() |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
156 self.assertEqual(results, schema) |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
157 |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
158 def testLookup(self): |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
159 self.assertRaises(KeyError, self.server.lookup, 'user', '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
160 results = self.server.lookup('user', 'admin') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
161 self.assertEqual(results, '1') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
162 |
| 4083 | 163 def testAction(self): |
| 164 # As this action requires special previledges, we temporarily switch | |
| 165 # to 'admin' | |
| 166 self.db.setCurrentUser('admin') | |
| 167 users_before = self.server.list('user') | |
| 168 try: | |
| 169 tmp = 'user' + self.db.user.create(username='tmp') | |
| 170 self.server.action('retire', tmp) | |
| 171 finally: | |
| 172 self.db.setCurrentUser('joe') | |
| 173 users_after = self.server.list('user') | |
| 174 self.assertEqual(users_before, users_after) | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
175 |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
176 # test a bogus action |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
177 with self.assertRaises(Exception) as cm: |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
178 self.server.action('bogus') |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
179 print(cm.exception) |
|
5471
28613ada27db
check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5408
diff
changeset
|
180 self.assertEqual(cm.exception.args[0], |
|
5153
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
181 'action "bogus" is not supported ') |
|
e9801faebbe4
added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents:
5105
diff
changeset
|
182 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
183 def testAuthDeniedEdit(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
184 # Wrong permissions (caught by roundup security module). |
|
3829
d0ac8188d274
Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents:
3828
diff
changeset
|
185 self.assertRaises(Unauthorised, self.server.set, |
| 4083 | 186 'user1', 'realname=someone') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
187 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
188 def testAuthDeniedCreate(self): |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
189 self.assertRaises(Unauthorised, self.server.create, |
| 4083 | 190 'user', {'username': 'blah'}) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
191 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
192 def testAuthAllowedEdit(self): |
| 4083 | 193 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
194 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
195 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
196 self.server.set('user2', 'realname=someone') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
197 except Unauthorised as err: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
198 self.fail('raised %s'%err) |
| 4083 | 199 finally: |
| 200 self.db.setCurrentUser('joe') | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
201 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
202 def testAuthAllowedCreate(self): |
| 4083 | 203 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
204 try: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
205 try: |
|
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
206 self.server.create('user', 'username=blah') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5199
diff
changeset
|
207 except Unauthorised as err: |
|
4241
1555a73f6451
py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents:
4104
diff
changeset
|
208 self.fail('raised %s'%err) |
| 4083 | 209 finally: |
| 210 self.db.setCurrentUser('joe') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
211 |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
212 def testAuthFilter(self): |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
213 # this checks if we properly check for search permissions |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
214 self.db.security.permissions = {} |
|
5199
1f72b73d7770
Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents:
5198
diff
changeset
|
215 # self.db.security.set_props_only_default(props_only=False) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
216 self.db.security.addRole(name='User') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
217 self.db.security.addRole(name='Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
218 self.db.security.addPermissionToRole('User', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
219 self.db.security.addPermissionToRole('Project', 'Web Access') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
220 # Allow viewing keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
221 p = self.db.security.addPermission(name='View', klass='keyword') |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
222 print("View keyword class: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
223 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
224 # Allow viewing interesting things (but not keyword) on issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
225 # But users might only view issues where they are on nosy |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
226 # (so in the real world the check method would be better) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
227 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
228 properties=("title", "status"), check=lambda x,y,z: True) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
229 print("View keyword class w/ props: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
230 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
231 # Allow role "Project" access to whole issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
232 p = self.db.security.addPermission(name='View', klass='issue') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
233 self.db.security.addPermissionToRole('Project', p) |
|
4446
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
234 # Allow all access to status: |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
235 p = self.db.security.addPermission(name='View', klass='status') |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
236 self.db.security.addPermissionToRole('User', p) |
|
17f796a78647
fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
237 self.db.security.addPermissionToRole('Project', p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
238 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
239 keyword = self.db.keyword |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
240 status = self.db.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
241 issue = self.db.issue |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
242 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
243 d1 = keyword.create(name='d1') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
244 d2 = keyword.create(name='d2') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
245 open = status.create(name='open') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
246 closed = status.create(name='closed') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
247 issue.create(title='i1', status=open, keyword=[d2]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
248 issue.create(title='i2', status=open, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
249 issue.create(title='i2', status=closed, keyword=[d1]) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
250 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
251 chef = self.db.user.create(username = 'chef', roles='User, Project') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
252 joe = self.db.user.lookup('joe') |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
253 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
254 # Conditionally allow view of whole issue (check is False here, |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
255 # this might check for keyword owner in the real world) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
256 p = self.db.security.addPermission(name='View', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
257 check=lambda x,y,z: False) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
258 print("View issue class: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
259 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
260 # Allow user to search for issue.status |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
261 p = self.db.security.addPermission(name='Search', klass='issue', |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
262 properties=("status",)) |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5248
diff
changeset
|
263 print("View Search class w/ props: %r"%p) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
264 self.db.security.addPermissionToRole('User', p) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
265 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
266 keyw = {'keyword':self.db.keyword.lookup('d1')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
267 stat = {'status':self.db.status.lookup('open')} |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
268 keygroup = keysort = [('+', 'keyword')] |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
269 self.db.commit() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
270 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
271 # Filter on keyword ignored for role 'User': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
272 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
273 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
274 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
275 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
276 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
277 # Sorting and grouping for class User fails: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
278 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
279 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
280 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
281 self.assertEqual(r, ['1', '2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
282 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
283 self.db.close() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
284 self.db = self.instance.open('chef') |
| 4781 | 285 self.db.tx_Source = 'web' |
| 286 | |
| 287 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 288 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 289 self.db.post_init() | |
| 290 | |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
291 self.server = RoundupInstance(self.db, self.instance.actions, None) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
292 |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
293 # Filter on keyword works for role 'Project': |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
294 r = self.server.filter('issue', None, keyw) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
295 self.assertEqual(r, ['2', '3']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
296 # Filter on status works for all: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
297 r = self.server.filter('issue', None, stat) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
298 self.assertEqual(r, ['1', '2']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
299 # Sorting and grouping for class Project works: |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
300 r = self.server.filter('issue', None, {}, sort=keysort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
301 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
302 r = self.server.filter('issue', None, {}, group=keygroup) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
303 self.assertEqual(r, ['2', '3', '1']) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4241
diff
changeset
|
304 |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
305 def testMulticall(self): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
306 translator = TranslationService.get_translation( |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
307 language=self.instance.config["TRACKER_LANGUAGE"], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
308 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
309 self.server = RoundupDispatcher(self.db, self.instance.actions, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
310 translator, allow_none = True) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
311 class S: |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
312 multicall=self.server.funcs['system.multicall'] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
313 self.server.system = S() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
314 self.db.issue.create(title='i1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
315 self.db.issue.create(title='i2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
316 m = MultiCall(self.server) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
317 m.display('issue1') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
318 m.display('issue2') |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
319 result = m() |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
320 results = [ |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
321 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
322 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
323 'priority': None, 'assignedto': None, 'superseder': []}, |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
324 {'files': [], 'status': '1', 'tx_Source': 'web', |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
325 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [], |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
326 'priority': None, 'assignedto': None, 'superseder': []}] |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
327 for n, r in enumerate(result): |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
328 self.assertEqual(r, results[n]) |
|
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
329 |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
330 @skip_defusedxml |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
331 def testDefusedXmlBomb(self): |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
332 self.XmlBomb(expectIn=b"defusedxml.common.EntitiesForbidden") |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
333 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
334 @skip_defusedxml_used |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
335 def testNonDefusedXmlBomb(self): |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
336 self.XmlBomb(expectIn=b"1234567890"*511) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
337 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
338 def XmlBomb(self, expectIn=None): |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
339 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
340 bombInput = """<?xml version='1.0'?> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
341 <!DOCTYPE xmlbomb [ |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
342 <!ENTITY a "1234567890" > |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
343 <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;"> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
344 <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;"> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
345 <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;"> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
346 ]> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
347 <methodCall> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
348 <methodName>filter</methodName> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
349 <params> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
350 <param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
351 <value><string>&d;</string></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
352 </param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
353 <param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
354 <value><array><data> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
355 <value><string>0</string></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
356 <value><string>2</string></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
357 <value><string>3</string></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
358 </data></array></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
359 </param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
360 <param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
361 <value><struct> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
362 <member> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
363 <name>username</name> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
364 <value><string>demo</string></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
365 </member> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
366 </struct></value> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
367 </param> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
368 </params> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
369 </methodCall> |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
370 """ |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
371 translator = TranslationService.get_translation( |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
372 language=self.instance.config["TRACKER_LANGUAGE"], |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
373 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
374 self.server = RoundupDispatcher(self.db, self.instance.actions, |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
375 translator, allow_none = True) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
376 response = self.server.dispatch(bombInput) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
377 print(response) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
378 self.assertIn(expectIn, response) |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
379 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
380 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
381 backend = 'anydbm' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
382 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
383 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
384 @skip_mysql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
385 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
386 backend = 'mysql' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
387 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
388 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
389 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
390 backend = 'sqlite' |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
391 |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
392 |
|
5036
380d8d8b30a3
Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents:
5033
diff
changeset
|
393 @skip_postgresql |
|
5033
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
394 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase): |
|
63c79c0992ae
Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents:
5008
diff
changeset
|
395 backend = 'postgresql' |