Mercurial > p > roundup > code

annotate test/test_xmlrpc.py @ 8580:5cba36e42b8f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
chore: refactor replace urlparse with urlsplit and use urllib_ Python docs recommend use of urlsplit() rather than urlparse(). urlsplit() is a little faster and doesn't try to split the path into path and params using the rules from an obsolete RFC. actions.py, demo.py, rest.py, client.py Replace urlparse() with urlsplit() actions.py urlsplit() produces a named tuple with one fewer elements (no .param). So fixup calls to urlunparse() so they have the proper number of elements in the tuple. also merge url filtering for param and path. demo.py, rest.py: Replace imports from urlparse/urllib.parse with roundup.anypy.urllib_ so we use the same interface throughout the code base. test/test_cgi.py: Since actions.py filtering for invali urls not split by path/param, fix tests for improperly quoted url's.
author John Rouillard <rouilj@ieee.org>
date Sun, 19 Apr 2026 22:58:59 -0400
parents 9c3ec0a5c7fc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3829
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
7 import unittest, os, shutil, errno, pytest, sys, difflib, re
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
8
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
9 from contextlib import contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
10
5408
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
11 from roundup.anypy import xmlrpc_
e46ce04d5bbc Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5388
diff changeset
12 MultiCall = xmlrpc_.client.MultiCall
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
13 from roundup.cgi.exceptions import *
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
14 from roundup import init, instance, password, hyperdb, date
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
15 from roundup.xmlrpc import RoundupInstance, RoundupDispatcher
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
16 from roundup.backends import list_backends
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
17 from roundup.hyperdb import String
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
18 from roundup.cgi import TranslationService
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
19 from roundup.test.tx_Source_detector import init as tx_Source_init
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
20
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
21 from . import db_test_base
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
22 from .test_mysql import skip_mysql
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
23 from .test_postgresql import skip_postgresql
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
24
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
25 from .pytest_patcher import mark_class
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
26 from roundup.anypy.xmlrpc_ import client
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
27
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
28 if client.defusedxml:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
29 skip_defusedxml = lambda func, *args, **kwargs: func
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
30 else:
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
31 skip_defusedxml = mark_class(pytest.mark.skip(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
32 reason='Skipping defusedxml tests: defusedxml library not available'))
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
33
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
34 if sys.version_info[0] > 2:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
35 skip_python2 = lambda func, *args, **kwargs: func
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
36 else:
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
37 skip_python2 = mark_class(pytest.mark.skip(
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
38 reason='Skipping test under python 2'))
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
39
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
40 @contextmanager
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
41 def disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
42 # if defusedxml not loaded, do nothing
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
43 if 'defusedxml' not in sys.modules:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
44 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
45 return
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
46
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
47 sys.modules['defusedxml'].xmlrpc.unmonkey_patch()
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
48 try:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
49 yield
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
50 finally:
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
51 # restore normal defused xmlrpc functions
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
52 sys.modules['defusedxml'].xmlrpc.monkey_patch()
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
53
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
54 class XmlrpcTest(object):
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
55
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
56 backend = None
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
57
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
58 def setUp(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
59 self.dirname = '_test_xmlrpc'
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
60 # set up and open a tracker
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
61 self.instance = db_test_base.setupTracker(self.dirname, self.backend)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
62
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
63 # open the database
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
64 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
65
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
66 print("props_only default", self.db.security.get_props_only_default())
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
67
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
68 # Get user id (user4 maybe). Used later to get data from db.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
69 self.joeid = 'user' + self.db.user.create(username='joe',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
70 password=password.Password('random'), address='random@home.org',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
71 realname='Joe Random', roles='User')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
72
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
73 self.db.commit()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
74 self.db.close()
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
75 self.db = self.instance.open('joe')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
76
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
77 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
78
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
79 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
80 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
81
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
82 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
83
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5504
diff changeset
84 tx_Source_init(self.db)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
85
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
86 self.server = RoundupInstance(self.db, self.instance.actions, None)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
87
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
88 def tearDown(self):
4104
d8c2d214d688 do all the pre-release stuff...
Richard Jones <richard@users.sourceforge.net>
parents: 4083
diff changeset
89 self.db.close()
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
90 try:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
91 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
92 except OSError as error:
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
93 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
94
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
95 def testAccess(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
96 # Retrieve all three users.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
97 results = self.server.list('user', 'id')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
98 self.assertEqual(len(results), 3)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
99
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
100 # Obtain data for 'joe'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
101 results = self.server.display(self.joeid)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
102 self.assertEqual(results['username'], 'joe')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
103 self.assertEqual(results['realname'], 'Joe Random')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
104
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
105 def testChange(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
106 # Reset joe's 'realname'.
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
107 results = self.server.set(self.joeid, 'realname=Joe Doe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
108 results = self.server.display(self.joeid, 'realname')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
109 self.assertEqual(results['realname'], 'Joe Doe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
110
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
111 # check we can't change admin's details
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
112 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe')
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
113
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
114 def testCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
115 results = self.server.create('issue', 'title=foo')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
116 issueid = 'issue' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
117 results = self.server.display(issueid, 'title')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
118 self.assertEqual(results['title'], 'foo')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
119 self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
120
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
121 def testFileCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
122 results = self.server.create('file', 'content=hello\r\nthere')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
123 fileid = 'file' + results
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
124 results = self.server.display(fileid, 'content')
3992
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
125 self.assertEqual(results['content'], 'hello\r\nthere')
fe2af84a5ca5 allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
126
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
127 def testSchema(self):
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
128 schema={'status': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
129 ('order', '<roundup.hyperdb.Number>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
130 'keyword': [('name', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
131 'priority': [('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
132 ('order', '<roundup.hyperdb.Number>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
133 'user': [('address', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
134 ('alternate_addresses', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
135 ('organisation', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
136 ('password', '<roundup.hyperdb.Password>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
137 ('phone', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
138 ('queries', '<roundup.hyperdb.Multilink to "query">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
139 ('realname', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
140 ('roles', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
141 ('timezone', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
142 ('username', '<roundup.hyperdb.String>')],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
143 'file': [('content', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
144 ('name', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
145 ('type', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
146 'msg': [('author', '<roundup.hyperdb.Link to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
147 ('content', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
148 ('date', '<roundup.hyperdb.Date>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
149 ('files', '<roundup.hyperdb.Multilink to "file">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
150 ('inreplyto', '<roundup.hyperdb.String>'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
151 ('messageid', '<roundup.hyperdb.String>'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
152 ('recipients', '<roundup.hyperdb.Multilink to "user">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
153 ('summary', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
154 ('tx_Source', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
155 ('type', '<roundup.hyperdb.String>')],
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
156 'query': [('klass', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
157 ('name', '<roundup.hyperdb.String>'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
158 ('private_for', '<roundup.hyperdb.Link to "user">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
159 ('url', '<roundup.hyperdb.String>')],
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
160 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
161 ('files', '<roundup.hyperdb.Multilink to "file">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
162 ('keyword', '<roundup.hyperdb.Multilink to "keyword">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
163 ('messages', '<roundup.hyperdb.Multilink to "msg">'),
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
164 ('nosy', '<roundup.hyperdb.Multilink to "user">'),
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
165 ('priority', '<roundup.hyperdb.Link to "priority">'),
5504
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
166 ('status', '<roundup.hyperdb.Link to "status">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
167 ('superseder', '<roundup.hyperdb.Multilink to "issue">'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
168 ('title', '<roundup.hyperdb.String>'),
7f3dfdd6a620 make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5471
diff changeset
169 ('tx_Source', '<roundup.hyperdb.String>')]}
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
170
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
171 results = self.server.schema()
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
172 self.assertEqual(results, schema)
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
173
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
174 def testLookup(self):
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
175 self.assertRaises(KeyError, self.server.lookup, 'user', '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
176 results = self.server.lookup('user', 'admin')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
177 self.assertEqual(results, '1')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
178
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
179 def testAction(self):
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
180 # As this action requires special previledges, we temporarily switch
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
181 # to 'admin'
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
182 self.db.setCurrentUser('admin')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
183 users_before = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
184 try:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
185 tmp = 'user' + self.db.user.create(username='tmp')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
186 self.server.action('retire', tmp)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
187 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
188 self.db.setCurrentUser('joe')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
189 users_after = self.server.list('user')
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
190 self.assertEqual(users_before, users_after)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
191
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
192 # test a bogus action
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
193 with self.assertRaises(Exception) as cm:
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
194 self.server.action('bogus')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
195 print(cm.exception)
5471
28613ada27db check excpetion.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5408
diff changeset
196 self.assertEqual(cm.exception.args[0],
5153
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
197 'action "bogus" is not supported ')
e9801faebbe4 added a couple of xmlrpc tests for untested functions/codepaths
John Rouillard <rouilj@ieee.org>
parents: 5105
diff changeset
198
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
199 def testAuthDeniedEdit(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
200 # Wrong permissions (caught by roundup security module).
3829
d0ac8188d274 Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
201 self.assertRaises(Unauthorised, self.server.set,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
202 'user1', 'realname=someone')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
203
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
204 def testAuthDeniedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
205 self.assertRaises(Unauthorised, self.server.create,
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
206 'user', {'username': 'blah'})
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
207
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
208 def testAuthAllowedEdit(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
209 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
210 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
211 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
212 self.server.set('user2', 'realname=someone')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
213 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
214 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
215 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
216 self.db.setCurrentUser('joe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
217
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
218 def testAuthAllowedCreate(self):
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
219 self.db.setCurrentUser('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
220 try:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
221 try:
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
222 self.server.create('user', 'username=blah')
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5199
diff changeset
223 except Unauthorised as err:
4241
1555a73f6451 py2.4 compat
Richard Jones <richard@users.sourceforge.net>
parents: 4104
diff changeset
224 self.fail('raised %s'%err)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
225 finally:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 3992
diff changeset
226 self.db.setCurrentUser('joe')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
227
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
228 def testAuthFilter(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
229 # this checks if we properly check for search permissions
5199
1f72b73d7770 Still trying to figure out why travis ci fails without a call to
John Rouillard <rouilj@ieee.org>
parents: 5198
diff changeset
230 # self.db.security.set_props_only_default(props_only=False)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
231 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
232 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
233 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
234 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
235 # Allow viewing keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
236 p = self.db.security.addPermission(name='View', klass='keyword')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
237 print("View keyword class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
238 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
239 # Allow viewing interesting things (but not keyword) on issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
240 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
241 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
242 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
243 properties=("title", "status"), check=lambda x,y,z: True)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
244 print("View keyword class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
245 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
246 # Allow role "Project" access to whole issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
247 p = self.db.security.addPermission(name='View', klass='issue')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
248 self.db.security.addPermissionToRole('Project', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
249 # Allow all access to status:
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
250 p = self.db.security.addPermission(name='View', klass='status')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
251 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
252 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
253
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
254 keyword = self.db.keyword
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
255 status = self.db.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
256 issue = self.db.issue
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
257
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
258 d1 = keyword.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
259 d2 = keyword.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
260 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
261 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
262 issue.create(title='i1', status=open, keyword=[d2])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
263 issue.create(title='i2', status=open, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
264 issue.create(title='i2', status=closed, keyword=[d1])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
265
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
266 chef = self.db.user.create(username = 'chef', roles='User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
267 joe = self.db.user.lookup('joe')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
268
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
269 # Conditionally allow view of whole issue (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
270 # this might check for keyword owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
271 p = self.db.security.addPermission(name='View', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
272 check=lambda x,y,z: False)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
273 print("View issue class: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
274 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
275 # Allow user to search for issue.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
276 p = self.db.security.addPermission(name='Search', klass='issue',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
277 properties=("status",))
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5248
diff changeset
278 print("View Search class w/ props: %r"%p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
279 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
280
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
281 keyw = {'keyword':self.db.keyword.lookup('d1')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
282 stat = {'status':self.db.status.lookup('open')}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
283 keygroup = keysort = [('+', 'keyword')]
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
284 self.db.commit()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
285
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
286 # Filter on keyword ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
287 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
288 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
289 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
290 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
291 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
292 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
293 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
294 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
295 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
296 self.assertEqual(r, ['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
297
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
298 self.db.close()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
299 self.db = self.instance.open('chef')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
300 self.db.tx_Source = 'web'
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
301
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
302 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
303 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
304 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4446
diff changeset
305
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
306 self.server = RoundupInstance(self.db, self.instance.actions, None)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
307
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
308 # Filter on keyword works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
309 r = self.server.filter('issue', None, keyw)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
310 self.assertEqual(r, ['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
311 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
312 r = self.server.filter('issue', None, stat)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
313 self.assertEqual(r, ['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
314 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
315 r = self.server.filter('issue', None, {}, sort=keysort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
316 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
317 r = self.server.filter('issue', None, {}, group=keygroup)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
318 self.assertEqual(r, ['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4241
diff changeset
319
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
320 def testMulticall(self):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
321 translator = TranslationService.get_translation(
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
322 language=self.instance.config["TRACKER_LANGUAGE"],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
323 tracker_home=self.instance.config["TRACKER_HOME"])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
324 self.server = RoundupDispatcher(self.db, self.instance.actions,
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
325 translator, allow_none = True)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
326 class S:
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
327 multicall=self.server.funcs['system.multicall']
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
328 self.server.system = S()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
329 self.db.issue.create(title='i1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
330 self.db.issue.create(title='i2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
331 m = MultiCall(self.server)
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
332 m.display('issue1')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
333 m.display('issue2')
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
334 result = m()
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
335 results = [
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
336 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
337 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
338 'priority': None, 'assignedto': None, 'superseder': []},
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
339 {'files': [], 'status': '1', 'tx_Source': 'web',
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
340 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [],
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
341 'priority': None, 'assignedto': None, 'superseder': []}]
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
342 for n, r in enumerate(result):
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
343 self.assertEqual(r, results[n])
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
344
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
345 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
346 @skip_defusedxml
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
347 def testDefusedXmlBomb(self):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
348 self.XmlBomb(expectIn=b"defusedxml.common.EntitiesForbidden")
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
349
8238
05405220dc38 issue2551116 - difusedxml support - python2 fixups.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
350 @skip_python2
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
351 def testNonDefusedXmlBomb(self):
8381
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
352 with disable_defusedxml():
31f86326bee8 test: test regular xmlrpc codepath even when defusedxml installed
John Rouillard <rouilj@ieee.org>
parents: 8238
diff changeset
353 self.XmlBomb(expectIn=b"1234567890"*511)
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
354
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
355 def XmlBomb(self, expectIn=None):
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
356
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
357 bombInput = """<?xml version='1.0'?>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
358 <!DOCTYPE xmlbomb [
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
359 <!ENTITY a "1234567890" >
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
360 <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
361 <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
362 <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;">
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
363 ]>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
364 <methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
365 <methodName>filter</methodName>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
366 <params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
367 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
368 <value><string>&d;</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
369 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
370 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
371 <value><array><data>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
372 <value><string>0</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
373 <value><string>2</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
374 <value><string>3</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
375 </data></array></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
376 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
377 <param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
378 <value><struct>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
379 <member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
380 <name>username</name>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
381 <value><string>demo</string></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
382 </member>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
383 </struct></value>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
384 </param>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
385 </params>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
386 </methodCall>
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
387 """
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
388 translator = TranslationService.get_translation(
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
389 language=self.instance.config["TRACKER_LANGUAGE"],
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
390 tracker_home=self.instance.config["TRACKER_HOME"])
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
391 self.server = RoundupDispatcher(self.db, self.instance.actions,
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
392 translator, allow_none = True)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
393 response = self.server.dispatch(bombInput)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
394 print(response)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
395 self.assertIn(expectIn, response)
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
396
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
397 class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
398 backend = 'anydbm'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
399
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
400
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
401 @skip_mysql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
402 class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
403 backend = 'mysql'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
404
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
405
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
406 class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
407 backend = 'sqlite'
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
408
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
409
5036
380d8d8b30a3 Replace existing run_tests.py script with a pytest script
John Kristensen <john@jerrykan.com>
parents: 5033
diff changeset
410 @skip_postgresql
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
411 class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase):
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 5008
diff changeset
412 backend = 'postgresql'
Roundup Issue Tracker: http://roundup-tracker.org/