Mercurial > p > roundup > code

annotate test/test_cgi.py @ 5201:a9ace22e0a2f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue 2550690 - Adding anti-csrf measures to roundup following https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet and https://seclab.stanford.edu/websec/csrf/csrf.pdf Basically implement Synchronizer (CSRF) Tokens per form on a page. Single use (destroyed once used). Random input data for the token includes: system random implementation in python using /dev/urandom (fallback to random based on timestamp as the seed. Not as good, but should be ok for the short lifetime of the token??) the id (in cpython it's the memory address) of the object requesting a token. In theory this depends on memory layout, the history of the process (how many previous objects have been allocated from the heap etc.) I claim without any proof that for long running processes this is another source of randomness. For short running processes with little activity it could be guessed. last the floating point time.time() value is added. This may only have 1 second resolution so may be guessable. Hopefully for a short lived (2 week by default) token this is sufficient. Also in the current implementation the user is notified when validation fails and is told why. This allows the roundup admin to find the log entry (at error level) and try to resolve the issue. In the future user notification may change but for now this is probably best.
author John Rouillard <rouilj@ieee.org>
date Sat, 18 Mar 2017 16:59:01 -0400
parents 349bef975367
children 9f490cc0effe
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 # Copyright (c) 2003 Richard Jones, rjones@ekit-inc.com
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # This module is free software, and you may redistribute it and/or modify
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # under the same terms as Python, so long as this copyright message and
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # disclaimer are retained in their original form.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # This module is distributed in the hope that it will be useful,
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
11 import unittest, os, shutil, errno, sys, difflib, cgi, re, StringIO
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
13 from roundup.cgi import client, actions, exceptions
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
14 from roundup.cgi.exceptions import FormError
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
15 from roundup.cgi.templating import HTMLItem, HTMLRequest, NoTemplate
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
16 from roundup.cgi.templating import HTMLProperty, _HTMLItem
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
17 from roundup.cgi.form_parser import FormParser
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
18 from roundup import init, instance, password, hyperdb, date
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
20 # For testing very simple rendering
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
21 from roundup.cgi.engine_zopetal import RoundupPageTemplate
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
22
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
23 from mocknull import MockNull
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
24
2821
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
25 import db_test_base
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
26
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
27 class FileUpload:
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
28 def __init__(self, content, filename):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
29 self.content = content
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
30 self.filename = filename
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
31
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
32 class FileList:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
33 def __init__(self, name, *files):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
34 self.name = name
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
35 self.files = files
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
36 def items (self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
37 for f in self.files:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
38 yield (self.name, f)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
39
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 def makeForm(args):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 form = cgi.FieldStorage()
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 for k,v in args.items():
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 if type(v) is type([]):
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
44 [form.list.append(cgi.MiniFieldStorage(k, x)) for x in v]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
45 elif isinstance(v, FileUpload):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
46 x = cgi.MiniFieldStorage(k, v.content)
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
47 x.filename = v.filename
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
48 form.list.append(x)
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 else:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 form.list.append(cgi.MiniFieldStorage(k, v))
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 return form
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
53 cm = client.add_message
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
54 class MessageTestCase(unittest.TestCase):
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
55 # Note: Escaping is now handled on a message-by-message basis at a
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
56 # point where we still know what generates a message. In this way we
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
57 # can decide when to escape and when not. We test the add_message
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
58 # routine here.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
59 # Of course we won't catch errors in judgement when to escape here
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
60 # -- but at the time of this change only one message is not escaped.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
61 def testAddMessageOK(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
62 self.assertEqual(cm([],'a\nb'), ['a<br />\nb'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
63 self.assertEqual(cm([],'a\nb\nc\n'), ['a<br />\nb<br />\nc<br />\n'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
64
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
65 def testAddMessageBAD(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
66 self.assertEqual(cm([],'<script>x</script>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
67 ['&lt;script&gt;x&lt;/script&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
68 self.assertEqual(cm([],'<iframe>x</iframe>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
69 ['&lt;iframe&gt;x&lt;/iframe&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
70 self.assertEqual(cm([],'<<script >>alert(42);5<</script >>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
71 ['&lt;&lt;script &gt;&gt;alert(42);5&lt;&lt;/script &gt;&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
72 self.assertEqual(cm([],'<a href="y">x</a>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
73 ['&lt;a href="y"&gt;x&lt;/a&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
74 self.assertEqual(cm([],'<A HREF="y">x</A>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
75 ['&lt;A HREF="y"&gt;x&lt;/A&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
76 self.assertEqual(cm([],'<br>x<br />'), ['&lt;br&gt;x&lt;br /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
77 self.assertEqual(cm([],'<i>x</i>'), ['&lt;i&gt;x&lt;/i&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
78 self.assertEqual(cm([],'<b>x</b>'), ['&lt;b&gt;x&lt;/b&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
79 self.assertEqual(cm([],'<BR>x<BR />'), ['&lt;BR&gt;x&lt;BR /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
80 self.assertEqual(cm([],'<I>x</I>'), ['&lt;I&gt;x&lt;/I&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
81 self.assertEqual(cm([],'<B>x</B>'), ['&lt;B&gt;x&lt;/B&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
82
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
83 def testAddMessageNoEscape(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
84 self.assertEqual(cm([],'<i>x</i>',False), ['<i>x</i>'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
85 self.assertEqual(cm([],'<i>x</i>\n<b>x</b>',False),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
86 ['<i>x</i><br />\n<b>x</b>'])
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
87
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88 class FormTestCase(unittest.TestCase):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 def setUp(self):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 self.dirname = '_test_cgi_form'
2821
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
91 # set up and open a tracker
0f0299b2a5e8 use tracker setup function from db_test_base;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2696
diff changeset
92 self.instance = db_test_base.setupTracker(self.dirname)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
93
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
94 # open the database
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 self.db = self.instance.open('admin')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
96 self.db.tx_Source = "web"
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
98 realname='Bork, Chef', roles='User')
3902
21420ba64b0d fuller email validition (request [SF#216291])
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3859
diff changeset
99 self.db.user.create(username='mary', address='mary@test.test',
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
100 roles='User', realname='Contrary, Mary')
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
102 self.db.issue.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
103 self.db.msg.addprop(tx_Source=hyperdb.String())
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
104
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
105 self.db.post_init()
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
106
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
107 vars = {}
4795
dad18ee491a9 Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
108 thisdir = os.path.dirname(__file__)
dad18ee491a9 Fix minor problems in tests
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4781
diff changeset
109 execfile(os.path.join(thisdir, "tx_Source_detector.py"), vars)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
110 vars['init'](self.db)
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
111
2929
7a8a02646d4e backend is an attribute of tracker instances
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2821
diff changeset
112 test = self.instance.backend.Class(self.db, "test",
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
113 string=hyperdb.String(), number=hyperdb.Number(),
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
114 intval=hyperdb.Integer(), boolean=hyperdb.Boolean(),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
115 link=hyperdb.Link('test'), multilink=hyperdb.Multilink('test'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
116 date=hyperdb.Date(), messages=hyperdb.Multilink('msg'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
117 interval=hyperdb.Interval())
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
118
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
119 # compile the labels re
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
120 classes = '|'.join(self.db.classes.keys())
2004
1782fe36e7b8 Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1873
diff changeset
121 self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
122 re.VERBOSE)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
123
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
124 def setupClient(self, form, classname, nodeid=None, template='item', env_addon=None):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
125 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
126 'REQUEST_METHOD':'POST'}, makeForm(form))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
127 cl.classname = classname
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
128 cl.base = 'http://whoami.com/path/'
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
129 cl.nodeid = nodeid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
130 cl.language = ('en',)
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
131 cl.userid = '1'
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
132 cl.db = self.db
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
133 cl.user = 'admin'
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
134 cl.template = template
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
135 if env_addon is not None:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
136 cl.env.update(env_addon)
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
137 return cl
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
138
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
139 def parseForm(self, form, classname='test', nodeid=None):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
140 cl = self.setupClient(form, classname, nodeid)
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
141 return cl.parsePropsFromForm(create=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
142
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
143 def tearDown(self):
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
144 self.db.close()
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
145 try:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
146 shutil.rmtree(self.dirname)
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
147 except OSError, error:
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
148 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
149
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
150 #
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
151 # form label extraction
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
152 #
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
153 def tl(self, s, c, i, a, p):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
154 m = self.FV_SPECIAL.match(s)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
155 self.assertNotEqual(m, None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
156 d = m.groupdict()
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
157 self.assertEqual(d['classname'], c)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
158 self.assertEqual(d['id'], i)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
159 for action in 'required add remove link note file'.split():
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
160 if a == action:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
161 self.assertNotEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
162 else:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
163 self.assertEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
164 self.assertEqual(d['propname'], p)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
165
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
166 def testLabelMatching(self):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
167 self.tl('<propname>', None, None, None, '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
168 self.tl(':required', None, None, 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
169 self.tl(':confirm:<propname>', None, None, 'confirm', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
170 self.tl(':add:<propname>', None, None, 'add', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
171 self.tl(':remove:<propname>', None, None, 'remove', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
172 self.tl(':link:<propname>', None, None, 'link', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
173 self.tl('test1:<prop>', 'test', '1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
174 self.tl('test1:required', 'test', '1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
175 self.tl('test1:add:<prop>', 'test', '1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
176 self.tl('test1:remove:<prop>', 'test', '1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
177 self.tl('test1:link:<prop>', 'test', '1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
178 self.tl('test1:confirm:<prop>', 'test', '1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
179 self.tl('test-1:<prop>', 'test', '-1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
180 self.tl('test-1:required', 'test', '-1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
181 self.tl('test-1:add:<prop>', 'test', '-1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
182 self.tl('test-1:remove:<prop>', 'test', '-1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
183 self.tl('test-1:link:<prop>', 'test', '-1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
184 self.tl('test-1:confirm:<prop>', 'test', '-1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
185 self.tl(':note', None, None, 'note', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
186 self.tl(':file', None, None, 'file', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
187
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
188 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
189 # Empty form
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
190 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
191 def testNothing(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
192 self.assertEqual(self.parseForm({}), ({('test', None): {}}, []))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
193
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
194 def testNothingWithRequired(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
195 self.assertRaises(FormError, self.parseForm, {':required': 'string'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
196 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
197 {':required': 'title,status', 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
198 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
199 {':required': ['title','status'], 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
200 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
201 {':required': 'status', 'status':''}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
202 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
203 {':required': 'nosy', 'nosy':''}, 'issue')
3656
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
204 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
205 {':required': 'msg-1@content', 'msg-1@content':''}, 'issue')
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
206 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
207 {':required': 'msg-1@content'}, 'issue')
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
208
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
209 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
210 # Nonexistant edit
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
211 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
212 def testEditNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
213 self.assertRaises(FormError, self.parseForm, {'boolean': ''},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
214 'test', '1')
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
215
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
216 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
217 # String
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
218 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
219 def testEmptyString(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
220 self.assertEqual(self.parseForm({'string': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
221 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
222 self.assertEqual(self.parseForm({'string': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
223 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
224 self.assertRaises(FormError, self.parseForm, {'string': ['', '']})
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
225
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
226 def testSetString(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
227 self.assertEqual(self.parseForm({'string': 'foo'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
228 ({('test', None): {'string': 'foo'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
229 self.assertEqual(self.parseForm({'string': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
230 ({('test', None): {'string': 'a\nb'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
231 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
232 self.assertEqual(self.parseForm({'title': 'foo'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
233 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
234
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
235 def testEmptyStringSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
236 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
237 self.assertEqual(self.parseForm({'title': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
238 ({('issue', nodeid): {'title': None}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
239 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
240 self.assertEqual(self.parseForm({'title': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
241 ({('issue', nodeid): {'title': None}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
242
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
243 def testStringLinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
244 self.db.status.set('1', name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
245 self.db.status.set('2', name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
246 issue = self.db.issue.create(title='i1-status1', status='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
247 self.assertEqual(self.db.issue.get(issue,'status'),'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
248 self.assertEqual(self.db.status.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
249 self.assertEqual(self.db.status.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
250 self.assertEqual(self.db.issue.get('1','tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
251 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
252 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
253 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
254 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
255 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
256 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
257 item = HTMLItem(cl, 'issue', issue)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
258 self.assertEqual(item.status.id, '1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
259 self.assertEqual(item.status.name, '2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
260
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
261 def testStringMultilinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
262 id = self.db.keyword.create(name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
263 self.assertEqual(id,'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
264 id = self.db.keyword.create(name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
265 self.assertEqual(id,'2')
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
266 issue = self.db.issue.create(title='i1-status1', keyword=['1'])
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
267 self.assertEqual(self.db.issue.get(issue,'keyword'),['1'])
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
268 self.assertEqual(self.db.keyword.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
269 self.assertEqual(self.db.keyword.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
270 self.assertEqual(self.db.issue.get(issue,'tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
271 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
272 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
273 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
274 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
275 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
276 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
277 cl.userid = '1'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
278 item = HTMLItem(cl, 'issue', issue)
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
279 for keyword in item.keyword:
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
280 self.assertEqual(keyword.id, '1')
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
281 self.assertEqual(keyword.name, '2')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
282
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
283 def testFileUpload(self):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
284 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
285 self.assertEqual(self.parseForm({'content': file}, 'file'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
286 ({('file', None): {'content': 'foo', 'name': 'foo.txt',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
287 'type': 'text/plain'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
288
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
289 def testSingleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
290 file = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
291 self.assertEqual(self.parseForm({'@file': file}, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
292 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
293 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
294 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
295 [('issue', None, 'files', [('file', '-1')])]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
296
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
297 def testMultipleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
298 f1 = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
299 f2 = FileUpload('bar', 'bar.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
300 f3 = FileUpload('baz', 'baz.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
301 files = FileList('@file', f1, f2, f3)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
302
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
303 self.assertEqual(self.parseForm(files, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
304 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
305 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
306 ('file', '-2'): {'content': 'bar', 'name': 'bar.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
307 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
308 ('file', '-3'): {'content': 'baz', 'name': 'baz.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
309 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
310 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
311 [ ('issue', None, 'files', [('file', '-1')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
312 , ('issue', None, 'files', [('file', '-2')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
313 , ('issue', None, 'files', [('file', '-3')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
314 ]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
315
1734
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
316 def testEditFileClassAttributes(self):
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
317 self.assertEqual(self.parseForm({'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
318 'type': 'application/octet-stream'},
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
319 'file'),
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
320 ({('file', None): {'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
321 'type': 'application/octet-stream'}},[]))
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
322
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
323 #
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
324 # Link
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
325 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
326 def testEmptyLink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
327 self.assertEqual(self.parseForm({'link': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
328 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
329 self.assertEqual(self.parseForm({'link': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
330 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
331 self.assertRaises(FormError, self.parseForm, {'link': ['', '']})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
332 self.assertEqual(self.parseForm({'link': '-1'}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
333 ({('test', None): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
334
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
335 def testSetLink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
336 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
337 ({('issue', None): {'status': '1'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
338 self.assertEqual(self.parseForm({'status': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
339 ({('issue', None): {'status': '1'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
340 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
341 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
342 ({('issue', nodeid): {}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
343 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
344
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
345 def testUnsetLink(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
346 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
347 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
348 ({('issue', nodeid): {'status': None}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
349 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
350
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
351 def testInvalidLinkValue(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
352 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
353 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
354 # {'status': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
355 self.assertRaises(FormError, self.parseForm, {'link': 'frozzle'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
356 self.assertRaises(FormError, self.parseForm, {'status': 'frozzle'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
357 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
358
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
359 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
360 # Multilink
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
361 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
362 def testEmptyMultilink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
363 self.assertEqual(self.parseForm({'nosy': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
364 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
365 self.assertEqual(self.parseForm({'nosy': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
366 ({('test', None): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
367
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
368 def testSetMultilink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
369 self.assertEqual(self.parseForm({'nosy': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
370 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
371 self.assertEqual(self.parseForm({'nosy': 'admin'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
372 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
373 self.assertEqual(self.parseForm({'nosy': ['1','2']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
374 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
375 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
376 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
377 self.assertEqual(self.parseForm({'nosy': 'admin,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
378 ({('issue', None): {'nosy': ['1','2']}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
379
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
380 def testMixedMultilink(self):
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
381 form = cgi.FieldStorage()
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
382 form.list.append(cgi.MiniFieldStorage('nosy', '1,2'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
383 form.list.append(cgi.MiniFieldStorage('nosy', '3'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
384 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
385 cl.classname = 'issue'
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
386 cl.nodeid = None
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
387 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
388 cl.language = ('en',)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
389 self.assertEqual(cl.parsePropsFromForm(create=1),
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
390 ({('issue', None): {'nosy': ['1','2', '3']}}, []))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
391
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
392 def testEmptyMultilinkSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
393 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
394 self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
395 ({('issue', nodeid): {'nosy': []}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
396 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
397 self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
398 ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
399 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
400 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
401
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
402 def testInvalidMultilinkValue(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
403 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
404 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
405 # {'nosy': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
406 self.assertRaises(FormError, self.parseForm, {'nosy': 'frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
407 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
408 self.assertRaises(FormError, self.parseForm, {'nosy': '1,frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
409 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
410 self.assertRaises(FormError, self.parseForm, {'multilink': 'frozzle'})
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
411
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
412 def testMultilinkAdd(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
413 nodeid = self.db.issue.create(nosy=['1'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
414 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
415 self.assertEqual(self.parseForm({':add:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
416 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
417
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
418 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
419 self.assertEqual(self.parseForm({':add:nosy': '2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
420 ({('issue', nodeid): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
421 self.assertEqual(self.parseForm({':add:nosy': '2,mary'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
422 nodeid), ({('issue', nodeid): {'nosy': ['1','2','4']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
423 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
424 nodeid), ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
425
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
426 def testMultilinkAddNew(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
427 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
428 ({('issue', None): {'nosy': ['2','3']}}, []))
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
429
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
430 def testMultilinkRemove(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
431 nodeid = self.db.issue.create(nosy=['1','2'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
432 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
433 self.assertEqual(self.parseForm({':remove:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
434 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
435
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
436 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
437 self.assertEqual(self.parseForm({':remove:nosy': '1'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
438 nodeid), ({('issue', nodeid): {'nosy': ['2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
439 self.assertEqual(self.parseForm({':remove:nosy': 'admin,2'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
440 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
441 self.assertEqual(self.parseForm({':remove:nosy': ['1','2']},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
442 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
443
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
444 # add and remove
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
445 self.assertEqual(self.parseForm({':add:nosy': ['3'],
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
446 ':remove:nosy': ['1','2']},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
447 'issue', nodeid), ({('issue', nodeid): {'nosy': ['3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
448
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
449 # remove one that doesn't exist?
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
450 self.assertRaises(FormError, self.parseForm, {':remove:nosy': '4'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
451 'issue', nodeid)
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
452
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
453 def testMultilinkRetired(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
454 self.db.user.retire('2')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
455 self.assertEqual(self.parseForm({'nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
456 ({('issue', None): {'nosy': ['2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
457 nodeid = self.db.issue.create(nosy=['1','2'])
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
458 self.assertEqual(self.parseForm({':remove:nosy': '2'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
459 nodeid), ({('issue', nodeid): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
460 self.assertEqual(self.parseForm({':add:nosy': '3'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
461 ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
462
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
463 def testAddRemoveNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
464 self.assertRaises(FormError, self.parseForm, {':remove:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
465 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
466 self.assertRaises(FormError, self.parseForm, {':add:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
467 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
468
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
469 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
470 # Password
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
471 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
472 def testEmptyPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
473 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
474 ({('user', None): {}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
475 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
476 ({('user', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
477 self.assertRaises(FormError, self.parseForm, {'password': ['', '']},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
478 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
479 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
480 ':confirm:password': ['', '']}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
481
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
482 def testSetPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
483 self.assertEqual(self.parseForm({'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
484 ':confirm:password': 'foo'}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
485 ({('user', None): {'password': 'foo'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
486
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
487 def testSetPasswordConfirmBad(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
488 self.assertRaises(FormError, self.parseForm, {'password': 'foo'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
489 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
490 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
491 ':confirm:password': 'bar'}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
492
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
493 def testEmptyPasswordNotSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
494 nodeid = self.db.user.create(username='1',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
495 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
496 self.assertEqual(self.parseForm({'password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
497 ({('user', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
498 nodeid = self.db.user.create(username='2',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
499 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
500 self.assertEqual(self.parseForm({'password': '',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
501 ':confirm:password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
502 ({('user', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
503
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
504 def testPasswordMigration(self):
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
505 chef = self.db.user.lookup('Chef')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
506 form = dict(__login_name='Chef', __login_password='foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
507 cl = self._make_client(form)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
508 # assume that the "best" algorithm is the first one and doesn't
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
509 # need migration, all others should be migrated.
4485
95aace124a8e use idea from Eli Collins to use a list of deprecated password encoding schemes
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
510 for scheme in password.Password.deprecated_schemes:
4684
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
511 if scheme == 'crypt' and os.name == 'nt':
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
512 continue # crypt is not available on Windows
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
513 pw1 = password.Password('foo', scheme=scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
514 self.assertEqual(pw1.needs_migration(), True)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
515 self.db.user.set(chef, password=pw1)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
516 self.db.commit()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
517 actions.LoginAction(cl).handle()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
518 pw = self.db.user.get(chef, 'password')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
519 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
520 self.assertEqual(pw.needs_migration(), False)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
521 pw1 = pw
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
522 self.assertEqual(pw1.needs_migration(), False)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
523 scheme = password.Password.known_schemes[0]
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
524 self.assertEqual(scheme, pw1.scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
525 actions.LoginAction(cl).handle()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
526 pw = self.db.user.get(chef, 'password')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
527 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
528 self.assertEqual(pw, pw1)
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
529 cl.db.close()
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
530
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
531 def testPasswordConfigOption(self):
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
532 chef = self.db.user.lookup('Chef')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
533 form = dict(__login_name='Chef', __login_password='foo')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
534 cl = self._make_client(form)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
535 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 1000
4683
2f66d44616ad windows: Fix failing password tests due to missing crypt module
anatoly techtonik <techtonik@gmail.com>
parents: 4624
diff changeset
536 pw1 = password.Password('foo', scheme='MD5')
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
537 self.assertEqual(pw1.needs_migration(), True)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
538 self.db.user.set(chef, password=pw1)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
539 self.db.commit()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
540 actions.LoginAction(cl).handle()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
541 pw = self.db.user.get(chef, 'password')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
542 self.assertEqual('PBKDF2', pw.scheme)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
543 self.assertEqual(1000, password.pbkdf2_unpack(pw.password)[0])
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
544 cl.db.close()
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
545
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
546 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
547 # Boolean
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
548 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
549 def testEmptyBoolean(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
550 self.assertEqual(self.parseForm({'boolean': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
551 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
552 self.assertEqual(self.parseForm({'boolean': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
553 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
554 self.assertRaises(FormError, self.parseForm, {'boolean': ['', '']})
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
555
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
556 def testSetBoolean(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
557 self.assertEqual(self.parseForm({'boolean': 'yes'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
558 ({('test', None): {'boolean': 1}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
559 self.assertEqual(self.parseForm({'boolean': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
560 ({('test', None): {'boolean': 0}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
561 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
562 self.assertEqual(self.parseForm({'boolean': 'yes'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
563 ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
564 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
565 self.assertEqual(self.parseForm({'boolean': 'no'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
566 ({('test', nodeid): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
567
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
568 def testEmptyBooleanSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
569 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
570 self.assertEqual(self.parseForm({'boolean': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
571 ({('test', nodeid): {'boolean': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
572 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
573 self.assertEqual(self.parseForm({'boolean': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
574 ({('test', nodeid): {'boolean': None}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
575
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
576 def testRequiredBoolean(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
577 self.assertRaises(FormError, self.parseForm, {'boolean': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
578 ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
579 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
580 self.parseForm({'boolean': 'no', ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
581 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
582 self.fail('boolean "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
583
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
584 #
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
585 # Number
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
586 #
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
587 def testEmptyNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
588 self.assertEqual(self.parseForm({'number': ''}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
589 ({('test', None): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
590 self.assertEqual(self.parseForm({'number': ' '}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
591 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
592 self.assertRaises(FormError, self.parseForm, {'number': ['', '']})
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
593
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
594 def testInvalidNumber(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
595 self.assertRaises(FormError, self.parseForm, {'number': 'hi, mum!'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
596
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
597 def testSetNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
598 self.assertEqual(self.parseForm({'number': '1'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
599 ({('test', None): {'number': 1}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
600 self.assertEqual(self.parseForm({'number': '0'}),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
601 ({('test', None): {'number': 0}}, []))
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
602 self.assertEqual(self.parseForm({'number': '\n0\n'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
603 ({('test', None): {'number': 0}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
604
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
605 def testSetNumberReplaceOne(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
606 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
607 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
608 ({('test', nodeid): {}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
609 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
610 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
611
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
612 def testSetNumberReplaceZero(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
613 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
614 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
615 ({('test', nodeid): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
616
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
617 def testSetNumberReplaceNone(self):
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
618 nodeid = self.db.test.create()
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
619 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
620 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
621 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
622 ({('test', nodeid): {'number': 1}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
623
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
624 def testEmptyNumberSet(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
625 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
626 self.assertEqual(self.parseForm({'number': ''}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
627 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
628 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
629 self.assertEqual(self.parseForm({'number': ' '}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
630 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
631
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
632 def testRequiredNumber(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
633 self.assertRaises(FormError, self.parseForm, {'number': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
634 ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
635 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
636 self.parseForm({'number': '0', ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
637 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
638 self.fail('number "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
639
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
640 #
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
641 # Integer
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
642 #
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
643 def testEmptyInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
644 self.assertEqual(self.parseForm({'intval': ''}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
645 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
646 self.assertEqual(self.parseForm({'intval': ' '}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
647 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
648 self.assertRaises(FormError, self.parseForm, {'intval': ['', '']})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
649
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
650 def testInvalidInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
651 self.assertRaises(FormError, self.parseForm, {'intval': 'hi, mum!'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
652
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
653 def testSetInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
654 self.assertEqual(self.parseForm({'intval': '1'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
655 ({('test', None): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
656 self.assertEqual(self.parseForm({'intval': '0'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
657 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
658 self.assertEqual(self.parseForm({'intval': '\n0\n'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
659 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
660
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
661 def testSetIntegerReplaceOne(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
662 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
663 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
664 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
665 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
666 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
667
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
668 def testSetIntegerReplaceZero(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
669 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
670 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
671 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
672
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
673 def testSetIntegerReplaceNone(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
674 nodeid = self.db.test.create()
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
675 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
676 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
677 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
678 ({('test', nodeid): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
679
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
680 def testEmptyIntegerSet(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
681 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
682 self.assertEqual(self.parseForm({'intval': ''}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
683 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
684 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
685 self.assertEqual(self.parseForm({'intval': ' '}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
686 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
687
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
688 def testRequiredInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
689 self.assertRaises(FormError, self.parseForm, {'intval': '',
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
690 ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
691 try:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
692 self.parseForm({'intval': '0', ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
693 except FormError:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
694 self.fail('intval "no" raised "required missing"')
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
695
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
696 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
697 # Date
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
698 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
699 def testEmptyDate(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
700 self.assertEqual(self.parseForm({'date': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
701 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
702 self.assertEqual(self.parseForm({'date': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
703 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
704 self.assertRaises(FormError, self.parseForm, {'date': ['', '']})
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
705
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
706 def testInvalidDate(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
707 self.assertRaises(FormError, self.parseForm, {'date': '12'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
708
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
709 def testSetDate(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
710 self.assertEqual(self.parseForm({'date': '2003-01-01'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
711 ({('test', None): {'date': date.Date('2003-01-01')}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
712 nodeid = self.db.test.create(date=date.Date('2003-01-01'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
713 self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
714 nodeid), ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
715
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
716 def testEmptyDateSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
717 nodeid = self.db.test.create(date=date.Date('.'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
718 self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
719 ({('test', nodeid): {'date': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
720 nodeid = self.db.test.create(date=date.Date('1970-01-01.00:00:00'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
721 self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
722 ({('test', nodeid): {'date': None}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
723
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
724 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
725 # Test multiple items in form
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
726 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
727 def testMultiple(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
728 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'}),
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
729 ({('test', None): {'string': 'a'},
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
730 ('issue', '-1'): {'title': 'b'}
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
731 }, []))
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
732
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
733 def testMultipleExistingContext(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
734 nodeid = self.db.test.create()
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
735 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
736 'test', nodeid),({('test', nodeid): {'string': 'a'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
737 ('issue', '-1'): {'title': 'b'}}, []))
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
738
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
739 def testLinking(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
740 self.assertEqual(self.parseForm({
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
741 'string': 'a',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
742 'issue-1@add@nosy': '1',
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
743 'issue-2@link@superseder': 'issue-1',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
744 }),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
745 ({('test', None): {'string': 'a'},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
746 ('issue', '-1'): {'nosy': ['1']},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
747 },
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
748 [('issue', '-2', 'superseder', [('issue', '-1')])
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
749 ]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
750 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
751 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
752
3982
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
753 def testMessages(self):
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
754 self.assertEqual(self.parseForm({
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
755 'msg-1@content': 'asdf',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
756 'msg-2@content': 'qwer',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
757 '@link@messages': 'msg-1, msg-2'}),
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
758 ({('test', None): {},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
759 ('msg', '-2'): {'content': 'qwer'},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
760 ('msg', '-1'): {'content': 'asdf'}},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
761 [('test', None, 'messages', [('msg', '-1'), ('msg', '-2')])]
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
762 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
763 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
764
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
765 def testLinkBadDesignator(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
766 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
767 {'test-1@link@link': 'blah'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
768 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
769 {'test-1@link@link': 'issue'})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
770
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
771 def testLinkNotLink(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
772 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
773 {'test-1@link@boolean': 'issue-1'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
774 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
775 {'test-1@link@string': 'issue-1'})
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
776
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
777 def testBackwardsCompat(self):
1431
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
778 res = self.parseForm({':note': 'spam'}, 'issue')
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
779 date = res[0][('msg', '-1')]['date']
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
780 self.assertEqual(res, ({('issue', None): {}, ('msg', '-1'):
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
781 {'content': 'spam', 'author': '1', 'date': date}},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
782 [('issue', None, 'messages', [('msg', '-1')])]))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
783 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
784 self.assertEqual(self.parseForm({':file': file}, 'issue'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
785 ({('issue', None): {}, ('file', '-1'): {'content': 'foo',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
786 'name': 'foo.txt', 'type': 'text/plain'}},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
787 [('issue', None, 'files', [('file', '-1')])]))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
788
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
789 def testFormValuePreserveOnError(self):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
790 page_template = """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
791 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
792 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
793 <p tal:condition="options/error_message|nothing"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
794 tal:repeat="m options/error_message"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
795 tal:content="structure m"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
796 <p tal:content="context/title/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
797 <p tal:content="context/priority/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
798 <p tal:content="context/status/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
799 <p tal:content="context/nosy/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
800 <p tal:content="context/keyword/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
801 <p tal:content="structure context/superseder/field"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
802 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
803 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
804 """.strip ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
805 self.db.keyword.create (name = 'key1')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
806 self.db.keyword.create (name = 'key2')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
807 nodeid = self.db.issue.create (title = 'Title', priority = '1',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
808 status = '1', nosy = ['1'], keyword = ['1'])
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
809 self.db.commit ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
810 form = {':note': 'msg-content', 'title': 'New title',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
811 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
812 'superseder': '5000', ':action': 'edit'}
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
813 cl = self.setupClient(form, 'issue', '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
814 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
815 pt = RoundupPageTemplate()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
816 pt.pt_edit(page_template, 'text/html')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
817 out = []
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
818 def wh(s):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
819 out.append(s)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
820 cl.write_html = wh
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
821 # Enable the following if we get a templating error:
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
822 #def send_error (*args, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
823 # import pdb; pdb.set_trace()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
824 #cl.send_error_to_admin = send_error
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
825 # Need to rollback the database on error -- this usually happens
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
826 # in web-interface (and for other databases) anyway, need it for
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
827 # testing that the form values are really used, not the database!
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
828 # We do this together with the setup of the easy template above
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
829 def load_template(x):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
830 cl.db.rollback()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
831 return pt
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
832 cl.instance.templates.load = load_template
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
833 cl.selectTemplate = MockNull()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
834 cl.determine_context = MockNull ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
835 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
836 return True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
837 actions.Action.hasPermission = hasPermission
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
838 e1 = _HTMLItem.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
839 _HTMLItem.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
840 e2 = HTMLProperty.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
841 HTMLProperty.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
842 cl.inner_main()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
843 _HTMLItem.is_edit_ok = e1
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
844 HTMLProperty.is_edit_ok = e2
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
845 self.assertEqual(len(out), 1)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
846 self.assertEqual(out [0].strip (), """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
847 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
848 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
849 <p>Edit Error: issue has no node 5000</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
850 <p>New title</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
851 <p>urgent</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
852 <p>deferred</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
853 <p>admin, anonymous</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
854 <p></p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
855 <p><input type="text" name="superseder" value="5000" size="30"></p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
856 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
857 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
858 """.strip ())
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
859
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
860 def testCsrfHeaderProtection(self):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
861 # need to set SENDMAILDEBUG to prevent
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
862 # downstream issue when email is sent on successful
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
863 # issue creation. Also delete the file afterwards
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
864 # just tomake sure that someother test looking for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
865 # SENDMAILDEBUG won't trip over ours.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
866 if not os.environ.has_key('SENDMAILDEBUG'):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
867 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
868 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
869
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
870 page_template = """
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
871 <html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
872 <body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
873 <p tal:condition="options/error_message|nothing"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
874 tal:repeat="m options/error_message"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
875 tal:content="structure m"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
876 <p tal:content="context/title/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
877 <p tal:content="context/priority/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
878 <p tal:content="context/status/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
879 <p tal:content="context/nosy/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
880 <p tal:content="context/keyword/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
881 <p tal:content="structure context/superseder/field"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
882 </body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
883 </html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
884 """.strip ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
885 self.db.keyword.create (name = 'key1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
886 self.db.keyword.create (name = 'key2')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
887 nodeid = self.db.issue.create (title = 'Title', priority = '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
888 status = '1', nosy = ['1'], keyword = ['1'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
889 self.db.commit ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
890 form = {':note': 'msg-content', 'title': 'New title',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
891 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
892 ':action': 'edit'}
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
893 cl = self.setupClient(form, 'issue', '1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
894 pt = RoundupPageTemplate()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
895 pt.pt_edit(page_template, 'text/html')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
896 out = []
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
897 print "out1: ", id(out), out
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
898 def wh(s):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
899 out.append(s)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
900 cl.write_html = wh
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
901 # Enable the following if we get a templating error:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
902 #def send_error (*args, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
903 # import pdb; pdb.set_trace()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
904 #cl.send_error_to_admin = send_error
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
905 # Need to rollback the database on error -- this usually happens
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
906 # in web-interface (and for other databases) anyway, need it for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
907 # testing that the form values are really used, not the database!
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
908 # We do this together with the setup of the easy template above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
909 def load_template(x):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
910 cl.db.rollback()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
911 return pt
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
912 cl.instance.templates.load = load_template
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
913 cl.selectTemplate = MockNull()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
914 cl.determine_context = MockNull ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
915 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
916 return True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
917 actions.Action.hasPermission = hasPermission
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
918 e1 = _HTMLItem.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
919 _HTMLItem.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
920 e2 = HTMLProperty.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
921 HTMLProperty.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
922
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
923 # test with no headers and config by default requires 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
924 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
925 match_at=out[0].find('Unable to verify sufficient headers')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
926 print out[0]
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
927 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
928 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
929
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
930 # all the rest of these allow at least one header to pass
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
931 # and the edit happens with a redirect back to issue 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
932 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
933 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
934 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
935 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
936 del(cl.env['HTTP_REFERER'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
937 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
938
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
939 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
940 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
941 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
942 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
943 del(cl.env['HTTP_ORIGIN'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
944 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
945
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
946 cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
947 # if there is an X-FORWARDED-HOST header it is used and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
948 # HOST header is ignored. X-FORWARDED-HOST should only be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
949 # passed/set by a proxy. In this case the HOST header is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
950 # the proxy's name for the web server and not the name
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
951 # thatis exposed to the world.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
952 cl.env['HTTP_HOST'] = 'frontend1.whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
953 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
954 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
955 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
956 del(cl.env['HTTP_X-FORWARDED-HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
957 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
958 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
959
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
960 cl.env['HTTP_HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
961 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
962 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
963 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
964 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
965 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
966
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
967 # try failing headers
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
968 cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
969 # this raises an error as the header check passes and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
970 # it did the edit and tries to send mail.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
971 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
972 match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
973 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
974 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
975
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
976 # clean up from email log
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
977 if os.path.exists(SENDMAILDEBUG):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
978 os.remove(SENDMAILDEBUG)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
979 #raise ValueError
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
980
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
981 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
982 # SECURITY
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
983 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
984 # XXX test all default permissions
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
985 def _make_client(self, form, classname='user', nodeid='1',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
986 userid='2', template='item'):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
987 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
988 'REQUEST_METHOD':'POST'}, makeForm(form))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
989 cl.classname = classname
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
990 if nodeid is not None:
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
991 cl.nodeid = nodeid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
992 cl.db = self.db
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
993 cl.userid = userid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
994 cl.language = ('en',)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
995 cl._error_message = []
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
996 cl._ok_message = []
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
997 cl.template = template
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
998 return cl
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
999
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1000 def testClassPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1001 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1002 self.failUnlessRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1003 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1004 cl.nodeid = '1'
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1005 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1006 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1007
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1008 def testCheckAndPropertyPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1009 self.db.security.permissions = {}
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1010 def own_record(db, userid, itemid):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1011 return userid == itemid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1012 p = self.db.security.addPermission(name='Edit', klass='user',
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1013 check=own_record, properties=("password", ))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1014 self.db.security.addPermissionToRole('User', p)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1015
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1016 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1017 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1018 actions.EditItemAction(cl).handle)
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1019 cl = self._make_client(dict(roles='User,Admin'), userid='4', nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1020 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1021 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1022 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1023 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1024 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1025 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1026 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1027 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1028 # working example, mary may change her pw
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1029 cl = self._make_client({'password':'ob', '@confirm@password':'ob'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1030 nodeid='4', userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1031 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1032 actions.EditItemAction(cl).handle)
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1033 cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1034 self.failUnlessRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1035 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1036
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1037 def testCreatePermission(self):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1038 # this checks if we properly differentiate between create and
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1039 # edit permissions
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1040 self.db.security.permissions = {}
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1041 self.db.security.addRole(name='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1042 # Don't allow roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1043 p = self.db.security.addPermission(name='Create', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1044 properties=("username", "password", "address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1045 "alternate_address", "realname", "phone", "organisation",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1046 "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1047 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1048 # Don't allow roles *and* don't allow username
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1049 p = self.db.security.addPermission(name='Edit', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1050 properties=("password", "address", "alternate_address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1051 "realname", "phone", "organisation", "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1052 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1053 self.db.user.set('4', roles='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1054
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1055 # anonymous may not
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1056 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1057 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1058 'roles':'Admin'}, nodeid=None, userid='2')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1059 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1060 actions.NewItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1061 # Don't allow creating new user with roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1062 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1063 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1064 'roles':'Admin'}, nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1065 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1066 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1067 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1068 # this should work
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1069 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1070 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1071 nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1072 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1073 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1074 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1075 # don't allow changing (my own) username (in this example)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1076 cl = self._make_client(dict(username='new_user42'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1077 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1078 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1079 cl = self._make_client(dict(username='new_user42'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1080 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1081 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1082 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1083 # don't allow changing (my own) roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1084 cl = self._make_client(dict(roles='User,Admin'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1085 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1086 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1087 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1088 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1089 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1090 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1091 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1092 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1093 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1094
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1095 def testSearchPermission(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1096 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1097 self.db.security.permissions = {}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1098 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1099 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1100 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1101 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1102 # Allow viewing department
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1103 p = self.db.security.addPermission(name='View', klass='department')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1104 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1105 # Allow viewing interesting things (but not department) on iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1106 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1107 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1108 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1109 properties=("title", "status"), check=lambda x,y,z: True)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1110 self.db.security.addPermissionToRole('User', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1111 # Allow all relevant roles access to stat
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1112 p = self.db.security.addPermission(name='View', klass='stat')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1113 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
1114 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1115 # Allow role "Project" access to whole iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1116 p = self.db.security.addPermission(name='View', klass='iss')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1117 self.db.security.addPermissionToRole('Project', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1118
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1119 department = self.instance.backend.Class(self.db, "department",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1120 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1121 status = self.instance.backend.Class(self.db, "stat",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1122 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1123 issue = self.instance.backend.Class(self.db, "iss",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1124 title=hyperdb.String(), status=hyperdb.Link('stat'),
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1125 department=hyperdb.Link('department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1126
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1127 d1 = department.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1128 d2 = department.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1129 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1130 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1131 issue.create(title='i1', status=open, department=d2)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1132 issue.create(title='i2', status=open, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1133 issue.create(title='i2', status=closed, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1134
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1135 chef = self.db.user.lookup('Chef')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1136 mary = self.db.user.lookup('mary')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1137 self.db.user.set(chef, roles = 'User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1138
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1139 perm = self.db.security.hasPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1140 search = self.db.security.hasSearchPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1141 self.assert_(perm('View', chef, 'iss', 'department', '1'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1142 self.assert_(perm('View', chef, 'iss', 'department', '2'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1143 self.assert_(perm('View', chef, 'iss', 'department', '3'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1144 self.assert_(search(chef, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1145
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1146 self.assert_(not perm('View', mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1147 self.assert_(perm('View', mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1148 # Conditionally allow view of whole iss (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1149 # this might check for department owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1150 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1151 check=lambda x,y,z: False)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1152 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1153 self.assert_(perm('View', mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1154 self.assert_(not perm('View', mary, 'iss', 'department', '1'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1155 self.assert_(not search(mary, 'iss', 'department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1156
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1157 self.assert_(perm('View', mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1158 self.assert_(not search(mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1159 # Allow user to search for iss.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1160 p = self.db.security.addPermission(name='Search', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1161 properties=("status",))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1162 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1163 self.assert_(search(mary, 'iss', 'status'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1164
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1165 dep = {'@action':'search','columns':'id','@filter':'department',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1166 'department':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1167 stat = {'@action':'search','columns':'id','@filter':'status',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1168 'status':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1169 depsort = {'@action':'search','columns':'id','@sort':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1170 depgrp = {'@action':'search','columns':'id','@group':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1171
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1172 # Filter on department ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1173 cl = self._make_client(dep, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1174 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1175 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1176 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1177 # Filter on department works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1178 cl = self._make_client(dep, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1179 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1180 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1181 self.assertEqual([x.id for x in h.batch()],['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1182 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1183 cl = self._make_client(stat, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1184 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1185 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1186 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1187 cl = self._make_client(stat, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1188 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1189 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1190 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1191 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1192 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1193 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1194 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1195 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1196 self.assertEqual(cl._error_message, []) # test for empty _error_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1197 self.assertEqual(cl._ok_message, []) # test for empty _ok_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1198
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1199 # Test for correct _error_message for invalid sort/group properties
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1200 baddepsort = {'@action':'search','columns':'id','@sort':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1201 baddepgrp = {'@action':'search','columns':'id','@group':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1202 cl = self._make_client(baddepsort, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1203 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1204 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1205 self.assertEqual(cl._error_message, ['Unknown sort property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1206 cl = self._make_client(baddepgrp, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1207 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1208 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1209 self.assertEqual(cl._error_message, ['Unknown group property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1210
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1211 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1212 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1213 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1214 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1215 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1216 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1217 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1218 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1219 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1220 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1221 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1222 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1223 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1224
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1225 def testEditCSV(self):
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1226 form = dict(rows='id,name\n1,newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1227 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1228 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1229 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1230 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1231 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1232 self.assertEqual(k.name, 'newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1233 form = dict(rows=u'id,name\n1,\xe4\xf6\xfc'.encode('utf-8'))
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1234 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1235 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1236 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1237 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1238 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1239 self.assertEqual(k.name, u'\xe4\xf6\xfc'.encode('utf-8'))
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
1240
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1241 def testRoles(self):
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1242 cl = self._make_client({})
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1243 self.db.user.set('1', roles='aDmin, uSer')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1244 item = HTMLItem(cl, 'user', '1')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1245 self.assert_(item.hasRole('Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1246 self.assert_(item.hasRole('User'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1247 self.assert_(item.hasRole('AdmiN'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1248 self.assert_(item.hasRole('UseR'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1249 self.assert_(item.hasRole('UseR','Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1250 self.assert_(item.hasRole('UseR','somethingelse'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1251 self.assert_(item.hasRole('somethingelse','Admin'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1252 self.assert_(not item.hasRole('userr'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1253 self.assert_(not item.hasRole('adminn'))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1254 self.assert_(not item.hasRole(''))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1255 self.assert_(not item.hasRole(' '))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1256 self.db.user.set('1', roles='')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1257 self.assert_(not item.hasRole(''))
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
1258
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1259 def testCSVExport(self):
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1260 cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1261 userid='1')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1262 cl.classname = 'status'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1263 output = StringIO.StringIO()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1264 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1265 cl.request.wfile = output
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1266 actions.ExportCSVAction(cl).handle()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1267 self.assertEquals('id,name\r\n1,unread\r\n2,deferred\r\n3,chatting\r\n'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1268 '4,need-eg\r\n5,in-progress\r\n6,testing\r\n7,done-cbb\r\n'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1269 '8,resolved\r\n',
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1270 output.getvalue())
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1271
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1272 def testCSVExportBadColumnName(self):
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1273 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1274 userid='1')
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1275 cl.classname = 'status'
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1276 output = StringIO.StringIO()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1277 cl.request = MockNull()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1278 cl.request.wfile = output
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1279 self.assertRaises(exceptions.NotFound,
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1280 actions.ExportCSVAction(cl).handle)
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1281
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1282 def testCSVExportFailPermissionBadColumn(self):
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1283 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1284 userid='2')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1285 cl.classname = 'user'
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1286 output = StringIO.StringIO()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1287 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1288 cl.request.wfile = output
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1289 # used to be self.assertRaises(exceptions.Unauthorised,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
1290 # but not acting like the column name is not found
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1291 # see issue2550755 - should this return Unauthorised?
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1292 # The unauthorised user should never get to the point where
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1293 # they can determine if the column name is valid or not.
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1294 self.assertRaises(exceptions.NotFound,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1295 actions.ExportCSVAction(cl).handle)
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1296
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1297 def testCSVExportFailPermissionValidColumn(self):
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1298 cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1299 userid='2')
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1300 cl.classname = 'user'
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1301 output = StringIO.StringIO()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1302 cl.request = MockNull()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1303 cl.request.wfile = output
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1304 # used to be self.assertRaises(exceptions.Unauthorised,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1305 # but not acting like the column name is not found
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
1306 self.assertRaises(exceptions.Unauthorised,
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1307 actions.ExportCSVAction(cl).handle)
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1308
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1309 class TemplateHtmlRendering(unittest.TestCase):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1310 ''' try to test the rendering code for tal '''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1311 def setUp(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1312 self.dirname = '_test_template'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1313 # set up and open a tracker
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1314 self.instance = db_test_base.setupTracker(self.dirname)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1315
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1316 # open the database
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1317 self.db = self.instance.open('admin')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1318 self.db.tx_Source = "web"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1319 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1320 realname='Bork, Chef', roles='User')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1321 self.db.user.create(username='mary', address='mary@test.test',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1322 roles='User', realname='Contrary, Mary')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1323 self.db.post_init()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1324
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1325 # create a client instance and hijack write_html
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1326 self.client = client.Client(self.instance, "user",
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1327 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1328 form=makeForm({"@template": "item"}))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1329
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1330 self.client._error_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1331 self.client._ok_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1332 self.client.db = self.db
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1333 self.client.userid = '1'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1334 self.client.language = ('en',)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1335
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1336 self.output = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1337 # ugly hack to get html_write to return data here.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1338 def html_write(s):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1339 self.output.append(s)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1340
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1341 # hijack html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1342 self.client.write_html = html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1343
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1344 self.db.issue.create(title='foo')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1345
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1346 def tearDown(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1347 self.db.close()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1348 try:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1349 shutil.rmtree(self.dirname)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1350 except OSError, error:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1351 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1352
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1353 def testrenderFrontPage(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1354 self.client.renderFrontPage("hello world RaNdOmJunk")
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1355 # make sure we can find the "hello world RaNdOmJunk"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1356 # message in the output.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1357 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1358 self.output[0].index('<p class="error-message">hello world RaNdOmJunk <br/ > </p>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1359 # make sure we can find issue 1 title foo in the output
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1360 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1361 self.output[0].index('<a href="issue1">foo</a>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1362
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1363 # make sure we can find the last SHA1 sum line at the end of the
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1364 # page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1365 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1366 self.output[0].index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1367
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1368 def testrenderContext(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1369 # set up the client;
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1370 # run determine_context to set the required client attributes
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1371 # run renderContext(); check result for proper page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1372
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1373 # this will generate the default home page like
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1374 # testrenderFrontPage
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1375 self.client.form=makeForm({})
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1376 self.client.path = ''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1377 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1378 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), (None, '', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1379 self.assertEqual(self.client._ok_message, [])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1380
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1381 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1382 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1383 result.index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1384
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1385 # now look at the user index page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1386 self.client.form=makeForm({ "@ok_message": "ok message", "@template": "index"})
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1387 self.client.path = 'user'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1388 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1389 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'index', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1390 self.assertEqual(self.client._ok_message, ['ok message'])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1391
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1392 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1393 self.assertNotEqual(-1, result.index('<title>User listing - Roundup issue tracker</title>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1394 self.assertNotEqual(-1, result.index('ok message'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1395 # print result
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
1396
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1397 def testRenderAltTemplates(self):
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1398 # check that right page is returned when rendering
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1399 # @template=oktempl|errortmpl
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1400
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1401 # set up the client;
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1402 # run determine_context to set the required client attributes
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1403 # run renderContext(); check result for proper page
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1404
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1405 # Test ok state template that uses user.forgotten.html
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1406 self.client.form=makeForm({"@template": "forgotten|item"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1407 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1408 self.client.determine_context()
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1409 self.client.session_api = MockNull(_sid="1234567890")
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1410 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'forgotten|item', None))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1411 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1412
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1413 result = self.client.renderContext()
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1414 self.assertNotEqual(-1,
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1415 result.index('<!-- SHA: 6fdb58c55fd854904ae98906d5935549a221fabf -->'))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1416
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1417 # now set an error in the form to get error template user.item.html
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1418 self.client.form=makeForm({"@template": "forgotten|item",
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1419 "@error_message": "this is an error"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1420 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1421 self.client.determine_context()
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1422 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'forgotten|item', None))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1423 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1424 self.assertEqual(self.client._error_message, ["this is an error"])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1425
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1426 result = self.client.renderContext()
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1427 print result
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1428 self.assertNotEqual(-1,
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1429 result.index('<!-- SHA: 3b7ce7cbf24f77733c9b9f64a569d6429390cc3f -->'))
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1430
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
1431
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1432 def testexamine_url(self):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1433 ''' test the examine_url function '''
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1434
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1435 def te(url, exception, raises=ValueError):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1436 with self.assertRaises(raises) as cm:
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1437 examine_url(url)
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1438 self.assertEqual(cm.exception.message, exception)
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1439
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1440
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1441 action = actions.Action(self.client)
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1442 examine_url = action.examine_url
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1443
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1444 # Christmas tree url: test of every component that passes
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1445 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1446 examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1447 'http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1448
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1449 # allow replacing http with https if base is http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1450 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1451 examine_url("https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1452 'https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1453
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1454
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1455 # change base to use https and make sure we don't redirect to http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1456 saved_base = action.base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1457 action.base = "https://tracker.example/cgi-bin/roundup.cgi/bugs/"
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1458 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1459 'Base url https://tracker.example/cgi-bin/roundup.cgi/bugs/ requires https. Redirect url http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue uses http.')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1460 action.base = saved_base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1461
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1462 # url doesn't have to be valid to roundup, just has to be contained
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1463 # inside of roundup. No zoik class is defined
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1464 self.assertEqual(examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue"), "http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue")
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1465
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1466 # test with wonky schemes
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1467 te("email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1468 'Unrecognized scheme in email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1469
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1470 te("http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Unrecognized scheme in http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1471
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1472 # test different netloc/path prefix
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1473 # assert port
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1474 te("http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",'Net location in http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1475
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1476 #assert user
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1477 te("http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1478
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1479 #assert user:password
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1480 te("http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1481
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1482 # try localhost http scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1483 te("http://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in http://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1484
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1485 # try localhost https scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1486 te("https://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in https://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1487
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1488 # try different host
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1489 te("http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1490
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1491 # change the base path to .../bug from .../bugs
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1492 te("http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1493
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1494 # change the base path eliminate - in cgi-bin
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1495 te("http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue",'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1496
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1497
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1498 # scan for unencoded characters
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1499 # we skip schema and net location since unencoded character
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1500 # are allowed only by an explicit match to a reference.
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1501 #
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1502 # break components with unescaped character '<'
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1503 # path component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1504 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue", 'Path component (/cgi-bin/roundup.cgi/bugs/<user3) in http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1505
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1506 # params component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1507 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue", 'Params component (parm=b<ar) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1508
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1509 # query component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1510 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue", 'Query component (@template=<foo>&parm=(zot)) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1511
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1512 # fragment component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1513 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue", 'Fragment component (iss<ue) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
1514
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1515 class TemplateTestCase(unittest.TestCase):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1516 ''' Test the template resolving code, i.e. what can be given to @template
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1517 '''
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1518 def setUp(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1519 self.dirname = '_test_template'
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1520 # set up and open a tracker
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1521 self.instance = db_test_base.setupTracker(self.dirname)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1522
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1523 # open the database
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1524 self.db = self.instance.open('admin')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1525 self.db.tx_Source = "web"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1526 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1527 realname='Bork, Chef', roles='User')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1528 self.db.user.create(username='mary', address='mary@test.test',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1529 roles='User', realname='Contrary, Mary')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1530 self.db.post_init()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1531
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1532 def tearDown(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1533 self.db.close()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1534 try:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1535 shutil.rmtree(self.dirname)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1536 except OSError, error:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1537 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1538
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1539 def testTemplateSubdirectory(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1540 # test for templates in subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1541
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1542 # make the directory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1543 subdir = self.dirname + "/html/subdir"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1544 os.mkdir(subdir)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1545
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1546 # get the client instance The form is needed to initialize,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1547 # but not used since I call selectTemplate directly.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1548 t = client.Client(self.instance, "user",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1549 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1550 form=makeForm({"@template": "item"}))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1551
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1552 # create new file in subdir and a dummy file outside of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1553 # the tracker's html subdirectory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1554 shutil.copyfile(self.dirname + "/html/issue.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1555 subdir + "/issue.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1556 shutil.copyfile(self.dirname + "/html/user.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1557 self.dirname + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1558
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1559 # create link outside the html subdir. This should fail due to
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1560 # path traversal check.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1561 os.symlink("../../user.item.html", subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1562 # it will be removed and replaced by a later test
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1563
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1564 # make sure a simple non-subdir template works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1565 # user.item.html exists so this works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1566 # note that the extension is not included just the basename
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1567 self.assertEqual("user.item", t.selectTemplate("user", "item"))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1568
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1569
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1570 # make sure home templates work
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1571 self.assertEqual("home", t.selectTemplate(None, ""))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1572 self.assertEqual("home.classlist", t.selectTemplate(None, "classlist"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1573
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1574 # home.item doesn't exist should return _generic.item.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1575 self.assertEqual("_generic.item", t.selectTemplate(None, "item"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1576
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1577 # test case where there is no view so generic template can't
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1578 # be determined.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1579 with self.assertRaises(NoTemplate) as cm:
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1580 t.selectTemplate("user", "")
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1581 self.assertEqual(cm.exception.message,
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1582 '''Template "user" doesn't exist''')
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1583
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1584 # there is no html/subdir/user.item.{,xml,html} so it will
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1585 # raise NoTemplate.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1586 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1587 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1588
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1589 # there is an html/subdir/issue.item.html so this succeeeds
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1590 r = t.selectTemplate("issue", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1591 self.assertEqual("subdir/issue.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1592
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1593 # there is a self.directory + /html/subdir/user.item.html file,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1594 # but it is a link to self.dir /user.item.html which is outside
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1595 # the html subdir so is rejected by the path traversal check.
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1596 # Prefer NoTemplate here, or should the code be changed to
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1597 # report a new PathTraversal exception? Could the PathTraversal
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1598 # exception leak useful info to an attacker??
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1599 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1600 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1601
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1602 # clear out the link and create a new one to self.dirname +
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1603 # html/user.item.html which is inside the html subdir
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1604 # so the template check returns the symbolic link path.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1605 os.remove(subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1606 os.symlink("../user.item.html", subdir + "/user.item.xml")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1607
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1608 # template check works
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1609 r = t.selectTemplate("user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1610 self.assertEquals("subdir/user.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
1611
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
1612 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/