Mercurial > p > roundup > code

annotate test/session_common.py @ 4880:ca692423e401

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Different approach to fix XSS in issue2550817 Encapsulate the error/ok message append method as add_ok_message and add_error_message. The new approach escapes the messages when appending -- at a point in the code where we still know where the message comes from. Escaping is the default but can bei turned off. This also fixes issue2550836 where certain messages may contain links. Another advantage of the new fix is that users don't need to change installed trackers and are secure by default.
author Ralf Schlatterbeck <rsc@runtux.com>
date Mon, 31 Mar 2014 18:19:23 +0200
parents cc33dc9aa3f2
children 63c79c0992ae
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2082
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 import os, shutil, unittest
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 from db_test_base import config
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 class SessionTest(unittest.TestCase):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 def setUp(self):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # remove previous test, ignore errors
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 if os.path.exists(config.DATABASE):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 shutil.rmtree(config.DATABASE)
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 os.makedirs(config.DATABASE + '/files')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 self.db = self.module.Database(config, 'admin')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 self.sessions = self.sessions_module.Sessions(self.db)
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 self.otks = self.sessions_module.OneTimeKeys(self.db)
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 def tearDown(self):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 del self.otks
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 del self.sessions
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 if hasattr(self, 'db'):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 self.db.close()
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20 if os.path.exists(config.DATABASE):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21 shutil.rmtree(config.DATABASE)
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22
4386
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
23 def testList(self):
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
24 self.sessions.list()
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
25 self.sessions.set('random_key', text='hello, world!')
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
26 self.sessions.list()
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
27
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
28 def testGetAll(self):
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
29 self.sessions.set('random_key', text='hello, world!')
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
30 self.assertEqual(self.sessions.getall('random_key'),
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
31 {'text': 'hello, world!'})
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
32
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
33 def testDestroy(self):
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
34 self.sessions.set('random_key', text='hello, world!')
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
35 self.assertEquals(self.sessions.getall('random_key'),
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
36 {'text': 'hello, world!'})
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
37 self.sessions.destroy('random_key')
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
38 self.assertRaises(KeyError, self.sessions.getall, 'random_key')
cc33dc9aa3f2 moar test coverage
Richard Jones <richard@users.sourceforge.net>
parents: 2089
diff changeset
39
2082
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 def testSetSession(self):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 self.sessions.set('random_key', text='hello, world!')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 self.assertEqual(self.sessions.get('random_key', 'text'),
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 'hello, world!')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 def testUpdateSession(self):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 self.sessions.set('random_key', text='hello, world!')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47 self.assertEqual(self.sessions.get('random_key', 'text'),
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 'hello, world!')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 self.sessions.set('random_key', text='nope')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 self.assertEqual(self.sessions.get('random_key', 'text'), 'nope')
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 class DBMTest(SessionTest):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53 import roundup.backends.sessions_dbm as sessions_module
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
54
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
55 class RDBMSTest(SessionTest):
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56 import roundup.backends.sessions_rdbms as sessions_module
c091cacdc505 Finished implementation of session and one-time-key stores for RDBMS backends.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57
Roundup Issue Tracker: http://roundup-tracker.org/