Mercurial > p > roundup > code

annotate test/test_xmlrpc.py @ 3973:85cbaa50eba1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
xml-rpc security checks and tests across all backends [SF#1907211] also add some leap year tests
author Richard Jones <richard@users.sourceforge.net>
date Fri, 07 Mar 2008 01:11:55 +0000
parents 3c3077582c16
children fe2af84a5ca5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3829
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
7 import unittest, os, shutil, errno, sys, difflib, cgi, re
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
8
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
9 from roundup.cgi.exceptions import *
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
10 from roundup import init, instance, password, hyperdb, date
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
11 from roundup.xmlrpc import RoundupServer
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
12 from roundup.backends import list_backends
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
13
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
14 import db_test_base
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
15
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
16 NEEDS_INSTANCE = 1
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
17
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
18 class TestCase(unittest.TestCase):
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
19
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
20 backend = None
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
21
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
22 def setUp(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
23 self.dirname = '_test_xmlrpc'
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
24 # set up and open a tracker
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
25 self.instance = db_test_base.setupTracker(self.dirname, self.backend)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
26
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
27 # open the database
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
28 self.db = self.instance.open('admin')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
29 self.joeid = 'user' + self.db.user.create(username='joe',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
30 password=password.Password('random'), address='random@home.org',
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
31 realname='Joe Random', roles='User')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
32
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
33 self.db.commit()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
34 self.db.close()
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
35
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
36 self.server = RoundupServer(self.dirname)
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
37
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
38 def tearDown(self):
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
39 try:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
40 shutil.rmtree(self.dirname)
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
41 except OSError, error:
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
42 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
43
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
44 def testAccess(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
45 # Retrieve all three users.
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
46 results = self.server.list('joe', 'random', 'user', 'id')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
47 self.assertEqual(len(results), 3)
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
48
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
49 # Obtain data for 'joe'.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
50 results = self.server.display('joe', 'random', self.joeid)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
51 self.assertEqual(results['username'], 'joe')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
52 self.assertEqual(results['realname'], 'Joe Random')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
53
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
54 def testChange(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
55 # Reset joe's 'realname'.
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
56 results = self.server.set('joe', 'random', self.joeid,
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
57 'realname=Joe Doe')
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
58 results = self.server.display('joe', 'random', self.joeid,
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
59 'realname')
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
60 self.assertEqual(results['realname'], 'Joe Doe')
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
61
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
62 # check we can't change admin's details
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
63 self.assertRaises(Unauthorised, self.server.set, 'joe', 'random',
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
64 'user1', 'realname=Joe Doe')
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
65
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
66 def testCreate(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
67 results = self.server.create('joe', 'random', 'issue', 'title=foo')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
68 issueid = 'issue' + results
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
69 results = self.server.display('joe', 'random', issueid, 'title')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
70 self.assertEqual(results['title'], 'foo')
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
71
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
72 def testAuthUnknown(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
73 # Unknown user (caught in XMLRPC frontend).
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
74 self.assertRaises(Unauthorised, self.server.list,
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
75 'nobody', 'nobody', 'user', 'id')
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
76
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
77 def testAuthDeniedEdit(self):
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
78 # Wrong permissions (caught by roundup security module).
3829
d0ac8188d274 Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
79 self.assertRaises(Unauthorised, self.server.set,
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
80 'joe', 'random', 'user1', 'realname=someone')
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
81
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
82 def testAuthDeniedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
83 self.assertRaises(Unauthorised, self.server.create,
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
84 'joe', 'random', 'user', {'username': 'blah'})
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
85
3937
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
86 def testAuthAllowedEdit(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
87 try:
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
88 self.server.set('admin', 'sekrit', 'user2', 'realname=someone')
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
89 except Unauthorised, err:
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
90 self.fail('raised %s'%err)
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
91
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
92 def testAuthAllowedCreate(self):
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
93 try:
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
94 self.server.create('admin', 'sekrit', 'user', 'username=blah')
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
95 except Unauthorised, err:
3c3077582c16 Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents: 3839
diff changeset
96 self.fail('raised %s'%err)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
97
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
98 def test_suite():
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
99 suite = unittest.TestSuite()
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
100 for l in list_backends():
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
101 dct = dict(backend = l)
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
102 subcls = type(TestCase)('TestCase_%s'%l, (TestCase,), dct)
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
103 suite.addTest(unittest.makeSuite(subcls))
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
104 return suite
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
105
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
106 if __name__ == '__main__':
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
107 runner = unittest.TextTestRunner()
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
108 unittest.main(testRunner=runner)
Roundup Issue Tracker: http://roundup-tracker.org/