Mercurial > p > roundup > code

annotate test/test_security.py @ 8580:5cba36e42b8f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
chore: refactor replace urlparse with urlsplit and use urllib_ Python docs recommend use of urlsplit() rather than urlparse(). urlsplit() is a little faster and doesn't try to split the path into path and params using the rules from an obsolete RFC. actions.py, demo.py, rest.py, client.py Replace urlparse() with urlsplit() actions.py urlsplit() produces a named tuple with one fewer elements (no .param). So fixup calls to urlunparse() so they have the proper number of elements in the tuple. also merge url filtering for param and path. demo.py, rest.py: Replace imports from urlparse/urllib.parse with roundup.anypy.urllib_ so we use the same interface throughout the code base. test/test_cgi.py: Since actions.py filtering for invali urls not split by path/param, fix tests for improperly quoted url's.
author John Rouillard <rouilj@ieee.org>
date Sun, 19 Apr 2026 22:58:59 -0400
parents 9c3ec0a5c7fc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # of this software and associated documentation files (the "Software"), to deal
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # in the Software without restriction, including without limitation the rights
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # copies of the Software, and to permit persons to whom the Software is
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # furnished to do so, subject to the following conditions:
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # The above copyright notice and this permission notice shall be included in
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # all copies or substantial portions of the Software.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 # SOFTWARE.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
21 import os
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
22 import shutil
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
23 import unittest
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
25 from roundup import backends
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
26 import roundup.password
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
27 from .db_test_base import setupSchema, MyTestCase, config
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
29
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
30 class PermissionTest(MyTestCase, unittest.TestCase):
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 def setUp(self):
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
32 backend = backends.get_backend('anydbm')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 # remove previous test, ignore errors
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 if os.path.exists(config.DATABASE):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 shutil.rmtree(config.DATABASE)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36 os.makedirs(config.DATABASE + '/files')
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
37 self.db = backend.Database(config, 'admin')
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
38 setupSchema(self.db, 1, backend)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 def testInterfaceSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 ' test that the CGI and mailgw have initialised security OK '
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 # TODO: some asserts
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 def testInitialiseSecurity(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
45 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
46 name="Edit", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
47 description="User is allowed to edit issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 self.db.security.addPermissionToRole('User', ei)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
49 ai = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
50 name="View", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
51 description="User is allowed to access issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 self.db.security.addPermissionToRole('User', ai)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
54 def testAdmin(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
55 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
56 name="Edit", klass="issue",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
57 description="User is allowed to edit issues")
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
58 self.db.security.addPermissionToRole('User', ei)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
59 ei = self.db.security.addPermission(
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
60 name="Edit", klass=None,
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
61 description="User is allowed to edit issues")
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
62 self.db.security.addPermissionToRole('Admin', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
63
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
64 u1 = self.db.user.create(username='one', roles='Admin')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
65 u2 = self.db.user.create(username='two', roles='User')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
66
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
67 self.assertTrue(self.db.security.hasPermission('Edit', u1, None))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5388
diff changeset
68 self.assertTrue(not self.db.security.hasPermission('Edit', u2, None))
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
69
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
70 def testGetPermission(self):
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
71 self.db.security.getPermission('Edit')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
72 self.db.security.getPermission('View')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
73 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
74 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
75 'fubar')
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
76
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
77 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
78 get = self.db.security.getPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
79
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
80 # class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
81 ei = add(name="Edit", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
82 self.assertEqual(get('Edit', 'issue'), ei)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
83 ai = add(name="View", klass="issue")
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
84 self.assertEqual(get('View', 'issue'), ai)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
85
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
86 # property
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
87 epi1 = add(name="Edit", klass="issue", properties=['title'])
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5649
diff changeset
88 self.assertEqual(get('Edit', 'issue', properties=['title']), epi1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
89 epi2 = add(name="Edit", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
90 props_only=True)
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
91 self.assertEqual(get('Edit', 'issue', properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
92 props_only=False), epi1)
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
93 self.assertEqual(get('Edit', 'issue', properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
94 props_only=True), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
95 self.db.security.set_props_only_default(True)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
96 self.assertEqual(get('Edit', 'issue', properties=['title']), epi2)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
97 api1 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
98 self.assertEqual(get('View', 'issue', properties=['title']), api1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
99 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
100 api2 = add(name="View", klass="issue", properties=['title'])
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
101 self.assertEqual(get('View', 'issue', properties=['title']), api2)
5795
10747e4e4ec4 replace assertNotEquals with assertNotEqual
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
102 self.assertNotEqual(get('View', 'issue', properties=['title']), api1)
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
103
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
104 # check function
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
105 dummy = lambda: 0
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
106 eci = add(name="Edit", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
107 self.assertEqual(get('Edit', 'issue', check=dummy), eci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
108 # props_only only makes sense if you are setting props.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
109 # make it a no-op unless properties is set.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
110 self.assertEqual(get('Edit', 'issue', check=dummy,
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
111 props_only=True), eci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
112 aci = add(name="View", klass="issue", check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
113 self.assertEqual(get('View', 'issue', check=dummy), aci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
114
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
115 # all
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
116 epci = add(name="Edit", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
117 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
118
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
119 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
120 # implicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
121 self.assertEqual(get('Edit', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
122 check=dummy), epci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
123 # explicit props_only=False
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
124 self.assertEqual(get('Edit', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
125 check=dummy, props_only=False), epci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
126
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
127 # implicit props_only=True
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
128 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
129 self.assertRaises(ValueError, get, 'Edit', 'issue',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
130 properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
131 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
132 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
133 self.assertRaises(ValueError, get, 'Edit', 'issue',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
134 properties=['title'],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
135 check=dummy, props_only=True)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
136
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
137 apci = add(name="View", klass="issue", properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
138 check=dummy)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
139 self.assertEqual(get('View', 'issue', properties=['title'],
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
140 check=dummy), apci)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
141
5200
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
142 # Reset to default. Somehow this setting looks like it
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
143 # was bleeding through to other tests in test_xmlrpc.
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
144 # Is the security module being loaded only once for all tests??
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
145 self.db.security.set_props_only_default(False)
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
146
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
147 def testDBinit(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
148 self.db.user.create(username="demo", roles='User')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
149 self.db.user.create(username="anonymous", roles='Anonymous')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
150
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
151 def testAccessControls(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
152 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
153 has = self.db.security.hasPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
154 addRole = self.db.security.addRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
155 addToRole = self.db.security.addPermissionToRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
156
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
157 none = self.db.user.create(username='none', roles='None')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
158
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
159 # test admin access
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
160 addRole(name='Super')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
161 addToRole('Super', add(name="Test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
162 super = self.db.user.create(username='super', roles='Super')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
163
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
164 # test class-level access
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
165 addRole(name='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
166 addToRole('Role1', add(name="Test", klass="test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
167 user1 = self.db.user.create(username='user1', roles='Role1')
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
168 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
169 self.assertEqual(has('Test', super, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
170 self.assertEqual(has('Test', none, 'test'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
171
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
172 # property
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
173 addRole(name='Role2')
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
174 addToRole('Role2', add(name="Test", klass="test",
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
175 properties=['a', 'b']))
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
176 user2 = self.db.user.create(username='user2', roles='Role2')
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
177
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
178 # check function
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
179 check_old_style = lambda db, userid, itemid: itemid == '2'
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
180 # def check_old_style(db, userid, itemid):
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
181 # print "checking userid, itemid: %r"%((userid,itemid),)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
182 # return(itemid == '2')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
183
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
184 # setup to check function new style. Make sure that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
185 # other args are passed.
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
186 def check(db, userid, itemid, **other):
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
187 prop = other['property']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
188 prop = other['classname']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
189 prop = other['permission']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
190 return (itemid == '1')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
191
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
192 # also create a check as a callable of a class
6268
bdcccd2b2141 Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents: 5797
diff changeset
193 # https://issues.roundup-tracker.org/issue2550952
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
194 class CheckClass(object):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
195 def __call__(self, db, userid, itemid, **other):
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
196 prop = other['property']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
197 prop = other['classname']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
198 prop = other['permission']
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
199 return (itemid == '1')
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
200
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
201 addRole(name='Role3')
5269
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
202 # make sure check=CheckClass() and not check=CheckClass
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
203 # otherwise we get:
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
204 # inspectible <slot wrapper '__init__' of 'object' objects>
c94fd717e28c Fix http://issues.roundup-tracker.org/issue2550952 make __call__
John Rouillard <rouilj@ieee.org>
parents: 5200
diff changeset
205 addToRole('Role3', add(name="Test", klass="test", check=CheckClass()))
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
206 user3 = self.db.user.create(username='user3', roles='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
207
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
208 addRole(name='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
209 addToRole('Role4', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
210 properties='a', props_only=True))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
211 user4 = self.db.user.create(username='user4', roles='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
212
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
213 self.db.security.set_props_only_default(props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
214 addRole(name='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
215 addToRole('Role5', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
216 check=check_old_style, properties=['a']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
217 user5 = self.db.user.create(username='user5', roles='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
218
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
219 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
220 addRole(name='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
221 addToRole('Role6', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
222 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
223 user6 = self.db.user.create(username='user6', roles='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
224
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
225 addRole(name='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
226 addToRole('Role7', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
227 check=check_old_style,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
228 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
229 user7 = self.db.user.create(username='user7', roles='Role7')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5269
diff changeset
230 print(user7)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
231
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
232 # *any* access to class
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
233 self.assertEqual(has('Test', user1, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
234 self.assertEqual(has('Test', user2, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
235 self.assertEqual(has('Test', user3, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
236 # user4 and user5 should not return true as the permission
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
237 # is limited to property checks
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
238 self.assertEqual(has('Test', user4, 'test'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
239 self.assertEqual(has('Test', user5, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
240 # user6 will will return access
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
241 self.assertEqual(has('Test', user6, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
242 # will work because check is ignored, if check was
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
243 # used this would work but next test would fail
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
244 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
245 # returns true because class tests ignore the check command
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
246 # if there is no itemid no check command is run
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
247 self.assertEqual(has('Test', user7, 'test'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
248 self.assertEqual(has('Test', none, 'test'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
249
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
250 # *any* access to item
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
251 self.assertEqual(has('Test', user1, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
252 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
253 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
254 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
255 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
256 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
257 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
258 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
259 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
260 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
261
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
262 # now property test: no default itemid so check functions not run.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
263 self.assertEqual(has('Test', user7, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
264 self.assertEqual(has('Test', user7, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
265 self.assertEqual(has('Test', user7, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
266
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
267 self.assertEqual(has('Test', user6, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
268 self.assertEqual(has('Test', user6, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
269 self.assertEqual(has('Test', user6, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
270
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
271 self.assertEqual(has('Test', user5, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
272 self.assertEqual(has('Test', user5, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
273 self.assertEqual(has('Test', user5, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
274
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
275 self.assertEqual(has('Test', user4, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
276 self.assertEqual(has('Test', user4, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
277 self.assertEqual(has('Test', user4, 'test', property='c'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
278
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
279 self.assertEqual(has('Test', user3, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
280 self.assertEqual(has('Test', user3, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
281 self.assertEqual(has('Test', user3, 'test', property='c'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
282
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
283 self.assertEqual(has('Test', user2, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
284 self.assertEqual(has('Test', user2, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
285 self.assertEqual(has('Test', user2, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
286 self.assertEqual(has('Test', user1, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
287 self.assertEqual(has('Test', user1, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
288 self.assertEqual(has('Test', user1, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
289 self.assertEqual(has('Test', super, 'test', property='a'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
290 self.assertEqual(has('Test', super, 'test', property='b'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
291 self.assertEqual(has('Test', super, 'test', property='c'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
292 self.assertEqual(has('Test', none, 'test', property='a'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
293 self.assertEqual(has('Test', none, 'test', property='b'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
294 self.assertEqual(has('Test', none, 'test', property='c'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
295 self.assertEqual(has('Test', none, 'test'), 0)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
296
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
297 # now check function
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
298 self.assertEqual(has('Test', user7, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
299 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
300 self.assertEqual(has('Test', user6, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
301 self.assertEqual(has('Test', user6, 'test', itemid='2'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
302 # check functions will not run for user4/user5 since the
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
303 # only perms are for properties only.
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
304 self.assertEqual(has('Test', user5, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
305 self.assertEqual(has('Test', user5, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
306 self.assertEqual(has('Test', user4, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
307 self.assertEqual(has('Test', user4, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
308 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
309 self.assertEqual(has('Test', user3, 'test', itemid='2'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
310 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
311 self.assertEqual(has('Test', user2, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
312 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
313 self.assertEqual(has('Test', user1, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
314 self.assertEqual(has('Test', super, 'test', itemid='1'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
315 self.assertEqual(has('Test', super, 'test', itemid='2'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
316 self.assertEqual(has('Test', none, 'test', itemid='1'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
317 self.assertEqual(has('Test', none, 'test', itemid='2'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
318
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
319 # now mix property and check commands
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
320 # check is old style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
321 self.assertEqual(has('Test', user7, 'test', property="c",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
322 itemid='2'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
323 self.assertEqual(has('Test', user7, 'test', property="c",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
324 itemid='1'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
325
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
326 self.assertEqual(has('Test', user7, 'test', property="a",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
327 itemid='2'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
328 self.assertEqual(has('Test', user7, 'test', property="a",
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
329 itemid='1'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
330
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
331 # check is new style props_only = false
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
332 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
333 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
334 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
335 property='c'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
336 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
337 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
338 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
339 property='b'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
340 self.assertEqual(has('Test', user6, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
341 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
342 self.assertEqual(has('Test', user6, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
343 property='a'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
344
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
345 # check is old style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
346 self.assertEqual(has('Test', user5, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
347 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
348 self.assertEqual(has('Test', user5, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
349 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
350 self.assertEqual(has('Test', user5, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
351 property='a'), 1)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
352 self.assertEqual(has('Test', user5, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
353 property='a'), 0)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
354
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
355 # check is new style props_only = true
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
356 self.assertEqual(has('Test', user4, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
357 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
358 self.assertEqual(has('Test', user4, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
359 property='b'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
360 self.assertEqual(has('Test', user4, 'test', itemid='2',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
361 property='a'), 0)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
362 self.assertEqual(has('Test', user4, 'test', itemid='1',
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
363 property='a'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
364
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
365 def testTransitiveSearchPermissions(self):
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
366 add = self.db.security.addPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
367 has = self.db.security.hasSearchPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
368 addRole = self.db.security.addRole
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
369 addToRole = self.db.security.addPermissionToRole
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
370 addRole(name='User')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
371 addRole(name='Anonymous')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
372 addRole(name='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
373 addRole(name='Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
374 addRole(name='UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
375 user = self.db.user.create(username='user1', roles='User')
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
376 anon = self.db.user.create(username='anonymous', roles='Anonymous')
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
377 ui = self.db.user.create(username='user2', roles='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
378 uim = self.db.user.create(username='user3', roles='Issue,Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
379 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
380 iv = add(name="View", klass="issue")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
381 addToRole('User', iv)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
382 addToRole('Anonymous', iv)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
383 addToRole('Issue', iv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
384 ms = add(name="Search", klass="msg")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
385 addToRole('User', ms)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
386 addToRole('Anonymous', ms)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
387 addToRole('Msg', ms)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
388 uv = add(name="View", klass="user")
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
389 addToRole('User', uv)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
390 addToRole('UV', uv)
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
391 self.assertEqual(has(anon, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
392 self.assertEqual(has(anon, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
393 self.assertEqual(has(anon, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
394 self.assertEqual(has(anon, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
395 self.assertEqual(has(anon, 'issue', 'messages.recipients.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
396 self.assertEqual(has(user, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
397 self.assertEqual(has(user, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
398 self.assertEqual(has(user, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
399 self.assertEqual(has(user, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
400 self.assertEqual(has(user, 'issue', 'messages.recipients.username'), 1)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
401
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
402 self.assertEqual(has(ui, 'issue', 'messages'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
403 self.assertEqual(has(ui, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
404 self.assertEqual(has(ui, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
405 self.assertEqual(has(ui, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
406 self.assertEqual(has(ui, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
407
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
408 self.assertEqual(has(uim, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
409 self.assertEqual(has(uim, 'issue', 'messages.author'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
410 self.assertEqual(has(uim, 'issue', 'messages.author.username'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
411 self.assertEqual(has(uim, 'issue', 'messages.recipients'), 0)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
412 self.assertEqual(has(uim, 'issue', 'messages.recipients.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
413
5797
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
414 self.assertEqual(has(uimu, 'issue', 'messages'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
415 self.assertEqual(has(uimu, 'issue', 'messages.author'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
416 self.assertEqual(has(uimu, 'issue', 'messages.author.username'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
417 self.assertEqual(has(uimu, 'issue', 'messages.recipients'), 1)
d2805ea1a2c3 replace assertEquals with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5795
diff changeset
418 self.assertEqual(has(uimu, 'issue', 'messages.recipients.username'), 1)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
419
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
420 # roundup.password has its own built-in tests, call them.
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
421 def test_password(self):
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
422 roundup.password.test()
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
423
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
424 # pretend import of crypt failed
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
425 orig_crypt = roundup.password.crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
426 roundup.password.crypt = None
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
427 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
428 roundup.password.test_missing_crypt()
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
429 self.assertEqual(ctx.exception.args[0],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
430 "Unsupported encryption scheme 'crypt'")
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
431 roundup.password.crypt = orig_crypt
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6268
diff changeset
432
7222
b124c38930ed renname test to test_pbkdf2_unpack_errors
John Rouillard <rouilj@ieee.org>
parents: 7221
diff changeset
433 def test_pbkdf2_unpack_errors(self):
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
434 pbkdf2_unpack = roundup.password.pbkdf2_unpack
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
435
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
436 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
437 pbkdf2_unpack("fred$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
438
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
439 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
440 'invalid PBKDF2 hash (wrong number of separators)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
441
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
442 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
443 pbkdf2_unpack("0200000$salt$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
444
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
445 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
446 'invalid PBKDF2 hash (zero-padded rounds)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
447
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
448 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
449 pbkdf2_unpack("fred$salt$password")
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
450
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
451 self.assertEqual(ctx.exception.args[0],
7221
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
452 'invalid PBKDF2 hash (invalid rounds)')
cbeac604d9d5 Test pbkdf2_unpack error conditions
John Rouillard <rouilj@ieee.org>
parents: 7184
diff changeset
453
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
454 def test_empty_passwords(self):
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
455
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
456 p = roundup.password.Password()
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
457
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
458 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
459 p == "foo"
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
460
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
461 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
462 'Password not set')
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
463
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
464 with self.assertRaises(ValueError) as ctx:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
465 p.__str__()
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
466
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
467 self.assertEqual(ctx.exception.args[0],
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
468 'Password not set')
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
469
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
470 # make sure it uses the default scheme
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
471 default_scheme = roundup.password.Password.default_scheme
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
472 p.setPassword("sekret", config=self.db.config)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
473 self.assertEqual(p.scheme, default_scheme)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
474
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
475 def test_migrate_deprecated(self):
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
476
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
477 # migrate: deprecated encryption
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
478
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
479 # force test to use config file settings
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
480 # rather than the testing default of 1000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
481 os.environ["PYTEST_USE_CONFIG"] = "True"
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
482 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
483
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
484 p = roundup.password.Password('sekrit', 'SSHA',
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
485 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
486 self.assertEqual(p.needs_migration(config=self.db.config), True)
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
487
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
488 p = roundup.password.Password('sekrit', 'PBKDF2',
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
489 config=self.db.config)
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
490
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
491 self.assertEqual(p.needs_migration(config=self.db.config), True)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
492
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
493 # no need to migrate
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
494 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 200000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
495
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
496 p = roundup.password.Password('sekrit', 'PBKDF2S5',
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
497 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
498
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
499 self.assertEqual(p.needs_migration(config=self.db.config), False)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
500
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
501 self.assertEqual(p.password.find('200000$'), 0)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
502 del(os.environ["PYTEST_USE_CONFIG"])
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
503
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
504 def test_pbkdf2_migrate_rounds(self):
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
505 '''Check that migration happens when number of rounds in
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
506 config is larger than number of rounds in current password.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
507 '''
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
508 default_scheme = roundup.password.Password.default_scheme
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
509 # will only have 1000 rounds since it's running under
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
510 # pytest but without PYTEST_USE_CONFIG set in environment.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
511 p = roundup.password.Password('sekrit', default_scheme,
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
512 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
513
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
514 self.assertEqual(p.password.find('1000$'), 0)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
515
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
516 # reduce it a bit to save runtime
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
517 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 200000
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
518
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
519 # now set PYTEST_USE_CONFIG so we test rounds against
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
520 # config setting.
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
521 os.environ["PYTEST_USE_CONFIG"] = "True"
7165
970cd6d2b8ea issue2551251 - migrate pbkdf2 passwords if more rounds configured
John Rouillard <rouilj@ieee.org>
parents: 7163
diff changeset
522 self.assertEqual(p.needs_migration(config=self.db.config), True)
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
523 del(os.environ["PYTEST_USE_CONFIG"])
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7167
diff changeset
524
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
525
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
526 # Set up p with rounds under 1000. This is usually prevented,
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
527 # but older software could generate smaller rounds.
8548
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
528 p = roundup.password.Password('sekrit', default_scheme,
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
529 config=self.db.config)
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
530
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
531 # Can't actaully generate a password with fewer than 1000 rounds.
98011edc6c60 refactor: remove duplicate code block
John Rouillard <rouilj@ieee.org>
parents: 7226
diff changeset
532 # so edit p.password to fake 900 rounds.
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
533 p.password = p.password.replace('1000$', '900$')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
534 self.assertEqual(p.needs_migration(config=self.db.config), True)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
535
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
536 def test_encodePassword_errors(self):
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
537 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
538
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
539 os.environ["PYTEST_USE_CONFIG"] = "True"
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
540 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
541 roundup.password.encodePassword('sekrit', 'PBKDF2',
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
542 config=self.db.config)
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
543
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
544 self.assertEqual(ctx.exception.args[0],
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
545 'invalid PBKDF2 hash (rounds too low)')
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
546
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
547 del(os.environ["PYTEST_USE_CONFIG"])
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
548
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
549 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
550 roundup.password.encodePassword('sekrit', 'fred',
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
551 config=self.db.config)
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
552
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
553 self.assertEqual(ctx.exception.args[0],
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
554 "Unknown encryption scheme 'fred'")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
555
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
556 def test_pbkdf2_errors(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
557
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
558 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
559 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 41)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
560
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
561 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
562 "key length too large")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
563
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
564 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
565 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 40)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
566
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
567 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
568 "rounds must be positive number")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
569
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
570 def test_pbkdf2_sha512_errors(self):
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
571
7223
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
572 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
573 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 65)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
574
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
575 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
576 "key length too large")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
577
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
578 with self.assertRaises(ValueError) as ctx:
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
579 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64)
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
580
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
581 self.assertEqual(ctx.exception.args[0],
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
582 "rounds must be positive number")
19db61be18e0 more tests for password.py
John Rouillard <rouilj@ieee.org>
parents: 7222
diff changeset
583
7226
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
584 def test_misc_functions(self):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
585 import random # for fuzzing later
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
586
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
587 v = roundup.password.bchr(64)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
588 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
589 self.assertEqual(v, '@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
590 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
591 self.assertEqual(v, b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
592
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
593 v = roundup.password.bord(b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
594 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
595 self.assertEqual(v, 64)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
596 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
597 self.assertEqual(v, b'@')
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
598
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
599 for plain, encode in (
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
600 (b'tes', 'dGVz'),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
601 (b'test', 'dGVzdA'),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
602 (b'testb', "dGVzdGI"),
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
603 ):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
604 v = roundup.password.h64encode(plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
605 self.assertEqual(v, encode)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
606 v = roundup.password.h64decode(v)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
607 self.assertEqual(v, plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
608
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
609 with self.assertRaises(ValueError) as ctx:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
610 v = roundup.password.h64decode("dGVzd")
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
611 self.assertEqual(ctx.exception.args[0], "Invalid base64 input")
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
612
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
613 # poor man's fuzzer
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
614 if bytes == str:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
615 # alias range to xrange for python2, more efficient.
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
616 range_ = xrange # noqa: F821
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
617 else:
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
618 range_ = range
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
619
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
620 for i in range_(25):
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
621 plain = bytearray(random.getrandbits(8) for _ in range_(i*4))
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
622 e = roundup.password.h64encode(plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
623 self.assertEqual(roundup.password.h64decode(e), plain)
5b1b876054ef Add test for misc functions; addl. testing
John Rouillard <rouilj@ieee.org>
parents: 7224
diff changeset
624
7167
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
625 def test_encodePasswordNoConfig(self):
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
626 # should run cleanly as we are in a test.
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
627 #
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
628 p = roundup.password.encodePassword('sekrit', 'PBKDF2')
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
629 # verify 1000 rounds being used becaue we are in test mode
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
630 self.assertTrue(p.startswith("1000$"))
7167
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
631
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
632 del(os.environ["PYTEST_CURRENT_TEST"])
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
633 self.assertNotIn("PYTEST_CURRENT_TEST", os.environ)
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
634
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
635 with self.assertRaises(roundup.password.ConfigNotSet) as ctx:
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
636 roundup.password.encodePassword('sekrit', 'PBKDF2')
f6b24a8524cd Modify code to reduce runtime when testing
John Rouillard <rouilj@ieee.org>
parents: 7165
diff changeset
637
7224
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
638 self.assertEqual(ctx.exception.args[0],
01c1f357363f flake8 fixes
John Rouillard <rouilj@ieee.org>
parents: 7223
diff changeset
639 "encodePassword called without config.")
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
640 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/