Mercurial > p > roundup > code
annotate test/test_xmlrpc.py @ 4083:bbab97f8ffb2
XMLRPC improvements:
* Add support for actions to XMLRPC interface.
* Provide bridge so user actions may be executed
either via CGI or XMLRPC.
* Adjust XMLRPC tests to recent work.
* Cleanup.
| author | Stefan Seefeld <stefan@seefeld.name> |
|---|---|
| date | Fri, 27 Feb 2009 17:46:47 +0000 |
| parents | fe2af84a5ca5 |
| children | d8c2d214d688 |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
7 import unittest, os, shutil, errno, sys, difflib, cgi, re |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
9 from roundup.cgi.exceptions import * |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
10 from roundup import init, instance, password, hyperdb, date |
| 4083 | 11 from roundup.xmlrpc import RoundupInstance |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
12 from roundup.backends import list_backends |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
13 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
14 import db_test_base |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
15 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
16 NEEDS_INSTANCE = 1 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
17 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
18 class TestCase(unittest.TestCase): |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
19 |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
20 backend = None |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
21 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
22 def setUp(self): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
23 self.dirname = '_test_xmlrpc' |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
24 # set up and open a tracker |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
25 self.instance = db_test_base.setupTracker(self.dirname, self.backend) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
26 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
27 # open the database |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
28 self.db = self.instance.open('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
29 self.joeid = 'user' + self.db.user.create(username='joe', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
30 password=password.Password('random'), address='random@home.org', |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
31 realname='Joe Random', roles='User') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
32 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
33 self.db.commit() |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
34 self.db.close() |
| 4083 | 35 self.db = self.instance.open('joe') |
| 36 self.server = RoundupInstance(self.db, self.instance.actions, None) | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
37 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
38 def tearDown(self): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
39 try: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
40 shutil.rmtree(self.dirname) |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
41 except OSError, error: |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
42 if error.errno not in (errno.ENOENT, errno.ESRCH): raise |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
43 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
44 def testAccess(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
45 # Retrieve all three users. |
| 4083 | 46 results = self.server.list('user', 'id') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
47 self.assertEqual(len(results), 3) |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
48 |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
49 # Obtain data for 'joe'. |
| 4083 | 50 results = self.server.display(self.joeid) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
51 self.assertEqual(results['username'], 'joe') |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
52 self.assertEqual(results['realname'], 'Joe Random') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
53 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
54 def testChange(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
55 # Reset joe's 'realname'. |
| 4083 | 56 results = self.server.set(self.joeid, 'realname=Joe Doe') |
| 57 results = self.server.display(self.joeid, 'realname') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
58 self.assertEqual(results['realname'], 'Joe Doe') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
59 |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
60 # check we can't change admin's details |
| 4083 | 61 self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe') |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
62 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
63 def testCreate(self): |
| 4083 | 64 results = self.server.create('issue', 'title=foo') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
65 issueid = 'issue' + results |
| 4083 | 66 results = self.server.display(issueid, 'title') |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
67 self.assertEqual(results['title'], 'foo') |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
68 |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
69 def testFileCreate(self): |
| 4083 | 70 results = self.server.create('file', 'content=hello\r\nthere') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
71 fileid = 'file' + results |
| 4083 | 72 results = self.server.display(fileid, 'content') |
|
3992
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
73 self.assertEqual(results['content'], 'hello\r\nthere') |
|
fe2af84a5ca5
allow binary data for "content" props through rawToHyperdb
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
74 |
| 4083 | 75 def testAction(self): |
| 76 # As this action requires special previledges, we temporarily switch | |
| 77 # to 'admin' | |
| 78 self.db.setCurrentUser('admin') | |
| 79 users_before = self.server.list('user') | |
| 80 try: | |
| 81 tmp = 'user' + self.db.user.create(username='tmp') | |
| 82 self.server.action('retire', tmp) | |
| 83 finally: | |
| 84 self.db.setCurrentUser('joe') | |
| 85 users_after = self.server.list('user') | |
| 86 self.assertEqual(users_before, users_after) | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
87 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
88 def testAuthDeniedEdit(self): |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
89 # Wrong permissions (caught by roundup security module). |
|
3829
d0ac8188d274
Re-add failing test to make sure permissions are respected.
Stefan Seefeld <stefan@seefeld.name>
parents:
3828
diff
changeset
|
90 self.assertRaises(Unauthorised, self.server.set, |
| 4083 | 91 'user1', 'realname=someone') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
92 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
93 def testAuthDeniedCreate(self): |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
94 self.assertRaises(Unauthorised, self.server.create, |
| 4083 | 95 'user', {'username': 'blah'}) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
96 |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
97 def testAuthAllowedEdit(self): |
| 4083 | 98 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
99 try: |
| 4083 | 100 self.server.set('user2', 'realname=someone') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
101 except Unauthorised, err: |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
102 self.fail('raised %s'%err) |
| 4083 | 103 finally: |
| 104 self.db.setCurrentUser('joe') | |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
105 |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
106 def testAuthAllowedCreate(self): |
| 4083 | 107 self.db.setCurrentUser('admin') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
108 try: |
| 4083 | 109 self.server.create('user', 'username=blah') |
|
3937
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
110 except Unauthorised, err: |
|
3c3077582c16
Add security checks and tests for xmlrpc interface.
Richard Jones <richard@users.sourceforge.net>
parents:
3839
diff
changeset
|
111 self.fail('raised %s'%err) |
| 4083 | 112 finally: |
| 113 self.db.setCurrentUser('joe') | |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
114 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
115 def test_suite(): |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
116 suite = unittest.TestSuite() |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
117 for l in list_backends(): |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
118 dct = dict(backend = l) |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
119 subcls = type(TestCase)('TestCase_%s'%l, (TestCase,), dct) |
|
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
120 suite.addTest(unittest.makeSuite(subcls)) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
121 return suite |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
122 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
123 if __name__ == '__main__': |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
124 runner = unittest.TextTestRunner() |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
125 unittest.main(testRunner=runner) |