Mercurial > p > roundup > code

annotate test/test_cgi.py @ 7178:db06d4aeb978

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
unshadow stdlib token from roundup's token. This bites me every now and again when running pytest and pdb. Some submodules want to load the stdlib python and end up getting roundup's python and thing break with N_TOKENS not defined etc. So rename token.py to token_r.py (token_r(oundup)... hey naming things is hard) an change code as needed.
author John Rouillard <rouilj@ieee.org>
date Sun, 26 Feb 2023 12:00:35 -0500
parents 1549c7e74ef8
children 8b2287d850c8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 # Copyright (c) 2003 Richard Jones, rjones@ekit-inc.com
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # This module is free software, and you may redistribute it and/or modify
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # under the same terms as Python, so long as this copyright message and
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # disclaimer are retained in their original form.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # This module is distributed in the hope that it will be useful,
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
11 from __future__ import print_function
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
12 import unittest, os, shutil, errno, sys, difflib, cgi, re, io
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
14 import pytest
6651
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
15 import copy
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
16
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
17 from roundup.cgi import client, actions, exceptions
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
18 from roundup.cgi.exceptions import FormError, NotFound, Redirect
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
19 from roundup.exceptions import UsageError, Reject
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
20 from roundup.cgi.templating import HTMLItem, HTMLRequest, NoTemplate
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
21 from roundup.cgi.templating import HTMLProperty, _HTMLItem, anti_csrf_nonce
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
22 from roundup.cgi.form_parser import FormParser
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
23 from roundup import init, instance, password, hyperdb, date
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
24 from roundup.anypy.strings import u2s, b2s, s2b
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6268
diff changeset
25 from roundup.test.tx_Source_detector import init as tx_Source_init
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
27 from time import sleep
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
28
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
29 # For testing very simple rendering
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
30 from roundup.cgi.engine_zopetal import RoundupPageTemplate
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
31
6366
f2c31f5ec50b Move mocknull from test to roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6361
diff changeset
32 from roundup.test.mocknull import MockNull
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
33
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
34 from . import db_test_base
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
35 from .db_test_base import FormTestParent, setupTracker, FileUpload
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
36 from .cmp_helper import StringFragmentCmpHelper
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
37 from .test_postgresql import skip_postgresql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
38 from .test_mysql import skip_mysql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
39
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
40
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
41 class FileList:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
42 def __init__(self, name, *files):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
43 self.name = name
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
44 self.files = files
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
45 def items (self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
46 for f in self.files:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
47 yield (self.name, f)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
48
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
49 class testFtsQuery(object):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
50
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
51 def testRenderContextFtsQuery(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
52 self.db.issue.create(title='i1 is found', status="chatting")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
53
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
54 self.client.form=db_test_base.makeForm(
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
55 { "@ok_message": "ok message", "@template": "index",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
56 "@search_text": "found"})
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
57 self.client.path = 'issue'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
58 self.client.determine_context()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
59
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
60 result = self.client.renderContext()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
61
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
62 expected = '">i1 is found</a>'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
63
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
64 self.assertIn(expected, result)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
65 self.assertEqual(self.client.response_code, 200)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
66
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
67 cm = client.add_message
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
68 class MessageTestCase(unittest.TestCase):
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
69 # Note: Escaping is now handled on a message-by-message basis at a
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
70 # point where we still know what generates a message. In this way we
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
71 # can decide when to escape and when not. We test the add_message
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
72 # routine here.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
73 # Of course we won't catch errors in judgement when to escape here
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
74 # -- but at the time of this change only one message is not escaped.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
75 def testAddMessageOK(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
76 self.assertEqual(cm([],'a\nb'), ['a<br />\nb'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
77 self.assertEqual(cm([],'a\nb\nc\n'), ['a<br />\nb<br />\nc<br />\n'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
78
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
79 def testAddMessageBAD(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
80 self.assertEqual(cm([],'<script>x</script>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
81 ['&lt;script&gt;x&lt;/script&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
82 self.assertEqual(cm([],'<iframe>x</iframe>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
83 ['&lt;iframe&gt;x&lt;/iframe&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
84 self.assertEqual(cm([],'<<script >>alert(42);5<</script >>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
85 ['&lt;&lt;script &gt;&gt;alert(42);5&lt;&lt;/script &gt;&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
86 self.assertEqual(cm([],'<a href="y">x</a>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
87 ['&lt;a href="y"&gt;x&lt;/a&gt;'])
5805
39a5f40ae4d4 Extra test of < and > inside quotes.
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
88 self.assertEqual(cm([],'<a href="<y>">x</a>'),
39a5f40ae4d4 Extra test of < and > inside quotes.
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
89 ['&lt;a href="&lt;y&gt;"&gt;x&lt;/a&gt;'])
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
90 self.assertEqual(cm([],'<A HREF="y">x</A>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
91 ['&lt;A HREF="y"&gt;x&lt;/A&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
92 self.assertEqual(cm([],'<br>x<br />'), ['&lt;br&gt;x&lt;br /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
93 self.assertEqual(cm([],'<i>x</i>'), ['&lt;i&gt;x&lt;/i&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
94 self.assertEqual(cm([],'<b>x</b>'), ['&lt;b&gt;x&lt;/b&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
95 self.assertEqual(cm([],'<BR>x<BR />'), ['&lt;BR&gt;x&lt;BR /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
96 self.assertEqual(cm([],'<I>x</I>'), ['&lt;I&gt;x&lt;/I&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
97 self.assertEqual(cm([],'<B>x</B>'), ['&lt;B&gt;x&lt;/B&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
98
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
99 def testAddMessageNoEscape(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
100 self.assertEqual(cm([],'<i>x</i>',False), ['<i>x</i>'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
101 self.assertEqual(cm([],'<i>x</i>\n<b>x</b>',False),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
102 ['<i>x</i><br />\n<b>x</b>'])
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
103
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
104 class testCsvExport(object):
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
105
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
106 def testCSVExportBase(self):
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
107 cl = self._make_client(
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
108 {'@columns': 'id,title,status,keyword,assignedto,nosy,creation'},
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
109 nodeid=None, userid='1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
110 cl.classname = 'issue'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
111
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
112 demo_id=self.db.user.create(username='demo', address='demo@test.test',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
113 roles='User', realname='demo')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
114 key_id1=self.db.keyword.create(name='keyword1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
115 key_id2=self.db.keyword.create(name='keyword2')
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
116
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
117 originalDate = date.Date
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
118 dummy=date.Date('2000-06-26.00:34:02.0')
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
119 # is a closure the best way to return a static Date object??
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
120 def dummyDate(adate=None):
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
121 def dummyClosure(adate=None, translator=None):
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
122 return dummy
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
123 return dummyClosure
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
124 date.Date = dummyDate()
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
125
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
126 self.db.issue.create(title='foo1', status='2', assignedto='4', nosy=['3',demo_id])
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
127 self.db.issue.create(title='bar2', status='1', assignedto='3', keyword=[key_id1,key_id2])
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
128 self.db.issue.create(title='baz32', status='4')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
129 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
130 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
131 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
132 # call export version that outputs names
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
133 actions.ExportCSVAction(cl).handle()
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
134 should_be=(s2b('"id","title","status","keyword","assignedto","nosy","creation"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
135 '"1","foo1","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo","2000-06-26 00:34"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
136 '"2","bar2","unread","keyword1;keyword2","Bork, Chef","Bork, Chef","2000-06-26 00:34"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
137 '"3","baz32","need-eg","","","","2000-06-26 00:34"\r\n'))
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
138
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
139
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
140 #print(should_be)
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
141 #print(output.getvalue())
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
142 self.assertEqual(output.getvalue(), should_be)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
143 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
144 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
145 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
146 # call export version that outputs id numbers
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
147 actions.ExportCSVWithIdAction(cl).handle()
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
148 should_be = s2b('"id","title","status","keyword","assignedto","nosy","creation"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
149 '''"1","foo1","2","[]","4","['3', '4', '5']","2000-06-26.00:34:02"\r\n'''
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
150 '''"2","bar2","1","['1', '2']","3","['3']","2000-06-26.00:34:02"\r\n'''
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
151 '''"3","baz32","4","[]","None","[]","2000-06-26.00:34:02"\r\n''')
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
152 #print(should_be)
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
153 #print(output.getvalue())
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
154 self.assertEqual(output.getvalue(), should_be)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
155
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
156 # reset the real date command
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
157 date.Date = originalDate
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
158
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
159 # test full text search
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
160 # call export version that outputs names
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
161 cl = self._make_client(
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
162 {'@columns': 'id,title,status,keyword,assignedto,nosy',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
163 "@search_text": "bar2"}, nodeid=None, userid='1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
164 cl.classname = 'issue'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
165 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
166 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
167 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
168 actions.ExportCSVAction(cl).handle()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
169 should_be=(s2b('"id","title","status","keyword","assignedto","nosy"\r\n'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
170 '"2","bar2","unread","keyword1;keyword2","Bork, Chef","Bork, Chef"\r\n'))
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
171
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
172 self.assertEqual(output.getvalue(), should_be)
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
173
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
174 # call export version that outputs id numbers
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
175 output = io.BytesIO()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
176 cl.request = MockNull()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
177 cl.request.wfile = output
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
178 actions.ExportCSVWithIdAction(cl).handle()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
179 should_be = s2b('"id","title","status","keyword","assignedto","nosy"\r\n'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
180 "\"2\",\"bar2\",\"1\",\"['1', '2']\",\"3\",\"['3']\"\r\n")
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
181 self.assertEqual(output.getvalue(), should_be)
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
182
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
183 class FormTestCase(FormTestParent, StringFragmentCmpHelper, testCsvExport, unittest.TestCase):
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
184
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
185 def setUp(self):
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
186 FormTestParent.setUp(self)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
187
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6268
diff changeset
188 tx_Source_init(self.db)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
189
2929
7a8a02646d4e backend is an attribute of tracker instances
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2821
diff changeset
190 test = self.instance.backend.Class(self.db, "test",
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
191 string=hyperdb.String(), number=hyperdb.Number(),
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
192 intval=hyperdb.Integer(), boolean=hyperdb.Boolean(),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
193 link=hyperdb.Link('test'), multilink=hyperdb.Multilink('test'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
194 date=hyperdb.Date(), messages=hyperdb.Multilink('msg'),
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
195 interval=hyperdb.Interval(), pw=hyperdb.Password() )
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
196
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
197 # compile the labels re
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
198 classes = '|'.join(self.db.classes.keys())
2004
1782fe36e7b8 Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1873
diff changeset
199 self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
200 re.VERBOSE)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
201
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
202 #
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
203 # form label extraction
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
204 #
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
205 def tl(self, s, c, i, a, p):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
206 m = self.FV_SPECIAL.match(s)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
207 self.assertNotEqual(m, None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
208 d = m.groupdict()
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
209 self.assertEqual(d['classname'], c)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
210 self.assertEqual(d['id'], i)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
211 for action in 'required add remove link note file'.split():
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
212 if a == action:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
213 self.assertNotEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
214 else:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
215 self.assertEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
216 self.assertEqual(d['propname'], p)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
217
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
218 def testLabelMatching(self):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
219 self.tl('<propname>', None, None, None, '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
220 self.tl(':required', None, None, 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
221 self.tl(':confirm:<propname>', None, None, 'confirm', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
222 self.tl(':add:<propname>', None, None, 'add', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
223 self.tl(':remove:<propname>', None, None, 'remove', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
224 self.tl(':link:<propname>', None, None, 'link', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
225 self.tl('test1:<prop>', 'test', '1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
226 self.tl('test1:required', 'test', '1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
227 self.tl('test1:add:<prop>', 'test', '1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
228 self.tl('test1:remove:<prop>', 'test', '1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
229 self.tl('test1:link:<prop>', 'test', '1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
230 self.tl('test1:confirm:<prop>', 'test', '1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
231 self.tl('test-1:<prop>', 'test', '-1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
232 self.tl('test-1:required', 'test', '-1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
233 self.tl('test-1:add:<prop>', 'test', '-1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
234 self.tl('test-1:remove:<prop>', 'test', '-1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
235 self.tl('test-1:link:<prop>', 'test', '-1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
236 self.tl('test-1:confirm:<prop>', 'test', '-1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
237 self.tl(':note', None, None, 'note', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
238 self.tl(':file', None, None, 'file', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
239
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
240 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
241 # Empty form
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
242 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
243 def testNothing(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
244 self.assertEqual(self.parseForm({}), ({('test', None): {}}, []))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
245
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
246 def testNothingWithRequired(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
247 self.assertRaises(FormError, self.parseForm, {':required': 'string'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
248 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
249 {':required': 'title,status', 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
250 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
251 {':required': ['title','status'], 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
252 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
253 {':required': 'status', 'status':''}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
254 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
255 {':required': 'nosy', 'nosy':''}, 'issue')
3656
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
256 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
257 {':required': 'msg-1@content', 'msg-1@content':''}, 'issue')
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
258 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
259 {':required': 'msg-1@content'}, 'issue')
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
260
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
261 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
262 # Nonexistant edit
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
263 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
264 def testEditNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
265 self.assertRaises(FormError, self.parseForm, {'boolean': ''},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
266 'test', '1')
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
267
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
268 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
269 # String
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
270 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
271 def testEmptyString(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
272 self.assertEqual(self.parseForm({'string': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
273 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
274 self.assertEqual(self.parseForm({'string': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
275 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
276 self.assertRaises(FormError, self.parseForm, {'string': ['', '']})
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
277
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
278 def testSetString(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
279 self.assertEqual(self.parseForm({'string': 'foo'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
280 ({('test', None): {'string': 'foo'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
281 self.assertEqual(self.parseForm({'string': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
282 ({('test', None): {'string': 'a\nb'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
283 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
284 self.assertEqual(self.parseForm({'title': 'foo'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
285 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
286
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
287 def testEmptyStringSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
288 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
289 self.assertEqual(self.parseForm({'title': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
290 ({('issue', nodeid): {'title': None}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
291 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
292 self.assertEqual(self.parseForm({'title': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
293 ({('issue', nodeid): {'title': None}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
294
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
295 def testStringLinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
296 self.db.status.set('1', name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
297 self.db.status.set('2', name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
298 issue = self.db.issue.create(title='i1-status1', status='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
299 self.assertEqual(self.db.issue.get(issue,'status'),'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
300 self.assertEqual(self.db.status.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
301 self.assertEqual(self.db.status.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
302 self.assertEqual(self.db.issue.get('1','tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
303 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
304 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
305 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
306 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
307 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
308 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
309 item = HTMLItem(cl, 'issue', issue)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
310 self.assertEqual(item.status.id, '1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
311 self.assertEqual(item.status.name, '2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
312
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
313 def testStringMultilinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
314 id = self.db.keyword.create(name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
315 self.assertEqual(id,'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
316 id = self.db.keyword.create(name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
317 self.assertEqual(id,'2')
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
318 issue = self.db.issue.create(title='i1-status1', keyword=['1'])
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
319 self.assertEqual(self.db.issue.get(issue,'keyword'),['1'])
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
320 self.assertEqual(self.db.keyword.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
321 self.assertEqual(self.db.keyword.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
322 self.assertEqual(self.db.issue.get(issue,'tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
323 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
324 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
325 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
326 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
327 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
328 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
329 cl.userid = '1'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
330 item = HTMLItem(cl, 'issue', issue)
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
331 for keyword in item.keyword:
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
332 self.assertEqual(keyword.id, '1')
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
333 self.assertEqual(keyword.name, '2')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
334
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
335 def testFileUpload(self):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
336 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
337 self.assertEqual(self.parseForm({'content': file}, 'file'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
338 ({('file', None): {'content': 'foo', 'name': 'foo.txt',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
339 'type': 'text/plain'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
340
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
341 def testSingleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
342 file = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
343 self.assertEqual(self.parseForm({'@file': file}, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
344 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
345 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
346 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
347 [('issue', None, 'files', [('file', '-1')])]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
348
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
349 def testMultipleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
350 f1 = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
351 f2 = FileUpload('bar', 'bar.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
352 f3 = FileUpload('baz', 'baz.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
353 files = FileList('@file', f1, f2, f3)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
354
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
355 self.assertEqual(self.parseForm(files, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
356 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
357 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
358 ('file', '-2'): {'content': 'bar', 'name': 'bar.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
359 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
360 ('file', '-3'): {'content': 'baz', 'name': 'baz.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
361 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
362 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
363 [ ('issue', None, 'files', [('file', '-1')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
364 , ('issue', None, 'files', [('file', '-2')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
365 , ('issue', None, 'files', [('file', '-3')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
366 ]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
367
1734
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
368 def testEditFileClassAttributes(self):
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
369 self.assertEqual(self.parseForm({'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
370 'type': 'application/octet-stream'},
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
371 'file'),
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
372 ({('file', None): {'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
373 'type': 'application/octet-stream'}},[]))
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
374
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
375 #
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
376 # Link
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
377 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
378 def testEmptyLink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
379 self.assertEqual(self.parseForm({'link': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
380 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
381 self.assertEqual(self.parseForm({'link': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
382 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
383 self.assertRaises(FormError, self.parseForm, {'link': ['', '']})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
384 self.assertEqual(self.parseForm({'link': '-1'}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
385 ({('test', None): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
386
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
387 def testSetLink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
388 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
389 ({('issue', None): {'status': '1'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
390 self.assertEqual(self.parseForm({'status': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
391 ({('issue', None): {'status': '1'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
392 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
393 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
394 ({('issue', nodeid): {}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
395 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
396
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
397 def testUnsetLink(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
398 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
399 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
400 ({('issue', nodeid): {'status': None}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
401 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
402
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
403 def testInvalidLinkValue(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
404 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
405 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
406 # {'status': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
407 self.assertRaises(FormError, self.parseForm, {'link': 'frozzle'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
408 self.assertRaises(FormError, self.parseForm, {'status': 'frozzle'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
409 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
410
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
411 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
412 # Multilink
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
413 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
414 def testEmptyMultilink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
415 self.assertEqual(self.parseForm({'nosy': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
416 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
417 self.assertEqual(self.parseForm({'nosy': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
418 ({('test', None): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
419
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
420 def testSetMultilink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
421 self.assertEqual(self.parseForm({'nosy': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
422 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
423 self.assertEqual(self.parseForm({'nosy': 'admin'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
424 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
425 self.assertEqual(self.parseForm({'nosy': ['1','2']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
426 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
427 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
428 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
429 self.assertEqual(self.parseForm({'nosy': 'admin,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
430 ({('issue', None): {'nosy': ['1','2']}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
431
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
432 def testMixedMultilink(self):
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
433 form = cgi.FieldStorage()
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
434 form.list.append(cgi.MiniFieldStorage('nosy', '1,2'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
435 form.list.append(cgi.MiniFieldStorage('nosy', '3'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
436 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
437 cl.classname = 'issue'
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
438 cl.nodeid = None
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
439 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
440 cl.language = ('en',)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
441 self.assertEqual(cl.parsePropsFromForm(create=1),
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
442 ({('issue', None): {'nosy': ['1','2', '3']}}, []))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
443
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
444 def testEmptyMultilinkSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
445 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
446 self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
447 ({('issue', nodeid): {'nosy': []}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
448 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
449 self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
450 ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
451 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
452 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
453
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
454 def testInvalidMultilinkValue(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
455 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
456 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
457 # {'nosy': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
458 self.assertRaises(FormError, self.parseForm, {'nosy': 'frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
459 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
460 self.assertRaises(FormError, self.parseForm, {'nosy': '1,frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
461 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
462 self.assertRaises(FormError, self.parseForm, {'multilink': 'frozzle'})
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
463
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
464 def testMultilinkAdd(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
465 nodeid = self.db.issue.create(nosy=['1'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
466 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
467 self.assertEqual(self.parseForm({':add:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
468 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
469
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
470 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
471 self.assertEqual(self.parseForm({':add:nosy': '2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
472 ({('issue', nodeid): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
473 self.assertEqual(self.parseForm({':add:nosy': '2,mary'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
474 nodeid), ({('issue', nodeid): {'nosy': ['1','2','4']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
475 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
476 nodeid), ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
477
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
478 def testMultilinkAddNew(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
479 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
480 ({('issue', None): {'nosy': ['2','3']}}, []))
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
481
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
482 def testMultilinkRemove(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
483 nodeid = self.db.issue.create(nosy=['1','2'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
484 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
485 self.assertEqual(self.parseForm({':remove:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
486 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
487
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
488 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
489 self.assertEqual(self.parseForm({':remove:nosy': '1'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
490 nodeid), ({('issue', nodeid): {'nosy': ['2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
491 self.assertEqual(self.parseForm({':remove:nosy': 'admin,2'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
492 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
493 self.assertEqual(self.parseForm({':remove:nosy': ['1','2']},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
494 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
495
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
496 # add and remove
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
497 self.assertEqual(self.parseForm({':add:nosy': ['3'],
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
498 ':remove:nosy': ['1','2']},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
499 'issue', nodeid), ({('issue', nodeid): {'nosy': ['3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
500
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
501 # remove one that doesn't exist?
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
502 self.assertRaises(FormError, self.parseForm, {':remove:nosy': '4'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
503 'issue', nodeid)
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
504
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
505 def testMultilinkRetired(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
506 self.db.user.retire('2')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
507 self.assertEqual(self.parseForm({'nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
508 ({('issue', None): {'nosy': ['2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
509 nodeid = self.db.issue.create(nosy=['1','2'])
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
510 self.assertEqual(self.parseForm({':remove:nosy': '2'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
511 nodeid), ({('issue', nodeid): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
512 self.assertEqual(self.parseForm({':add:nosy': '3'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
513 ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
514
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
515 def testAddRemoveNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
516 self.assertRaises(FormError, self.parseForm, {':remove:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
517 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
518 self.assertRaises(FormError, self.parseForm, {':add:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
519 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
520
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
521 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
522 # Password
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
523 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
524 def testEmptyPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
525 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
526 ({('user', None): {}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
527 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
528 ({('user', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
529 self.assertRaises(FormError, self.parseForm, {'password': ['', '']},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
530 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
531 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
532 ':confirm:password': ['', '']}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
533
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
534 def testSetPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
535 self.assertEqual(self.parseForm({'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
536 ':confirm:password': 'foo'}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
537 ({('user', None): {'password': 'foo'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
538
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
539 def testSetPasswordConfirmBad(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
540 self.assertRaises(FormError, self.parseForm, {'password': 'foo'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
541 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
542 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
543 ':confirm:password': 'bar'}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
544
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
545 def testEmptyPasswordNotSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
546 nodeid = self.db.user.create(username='1',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
547 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
548 self.assertEqual(self.parseForm({'password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
549 ({('user', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
550 nodeid = self.db.user.create(username='2',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
551 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
552 self.assertEqual(self.parseForm({'password': '',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
553 ':confirm:password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
554 ({('user', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
555
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
556 def testPasswordMigration(self):
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
557 chef = self.db.user.lookup('Chef')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
558 form = dict(__login_name='Chef', __login_password='foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
559 cl = self._make_client(form)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
560 # assume that the "best" algorithm is the first one and doesn't
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
561 # need migration, all others should be migrated.
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
562 cl.db.config.WEB_LOGIN_ATTEMPTS_MIN = 200
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
563 cl.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 10000
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
564 # The third item always fails. Regardless of what is there.
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
565 # ['plaintext', 'SHA', 'crypt', 'MD5']:
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
566 print(password.Password.deprecated_schemes)
4485
95aace124a8e use idea from Eli Collins to use a list of deprecated password encoding schemes
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
567 for scheme in password.Password.deprecated_schemes:
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
568 print(scheme)
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
569 cl.db.Otk = self.db.Otk
4684
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
570 if scheme == 'crypt' and os.name == 'nt':
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
571 continue # crypt is not available on Windows
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
572 pw1 = password.Password('foo', scheme=scheme)
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
573 print(pw1)
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
574 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
575 self.db.user.set(chef, password=pw1)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
576 self.db.commit()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
577 actions.LoginAction(cl).handle()
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
578 pw = cl.db.user.get(chef, 'password')
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
579 print(pw)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
580 self.assertEqual(pw, 'foo')
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
581 self.assertEqual(pw.needs_migration(config=cl.db.config), False)
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
582 cl.db.Otk = self.db.Otk
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
583 pw1 = pw
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
584 self.assertEqual(pw1.needs_migration(config=cl.db.config), False)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
585 scheme = password.Password.known_schemes[0]
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
586 self.assertEqual(scheme, pw1.scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
587 actions.LoginAction(cl).handle()
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
588 pw = cl.db.user.get(chef, 'password')
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
589 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
590 self.assertEqual(pw, pw1)
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
591
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
592 # migrate if rounds has increased above rounds was 10000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
593 # below will be 100000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
594 cl.db.Otk = self.db.Otk
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
595 pw1 = pw
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
596 cl.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 100000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
597 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
598 scheme = password.Password.known_schemes[0]
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
599 self.assertEqual(scheme, pw1.scheme)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
600 actions.LoginAction(cl).handle()
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
601 pw = cl.db.user.get(chef, 'password')
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
602 self.assertEqual(pw, 'foo')
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
603 # do not assert self.assertEqual(pw, pw1) as pw is a 100,000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
604 # cycle while pw1 is only 10,000. They won't compare equally.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
605
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
606 cl.db.close()
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
607
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
608 def testPasswordConfigOption(self):
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
609 chef = self.db.user.lookup('Chef')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
610 form = dict(__login_name='Chef', __login_password='foo')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
611 cl = self._make_client(form)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
612 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 1000
4683
2f66d44616ad windows: Fix failing password tests due to missing crypt module
anatoly techtonik <techtonik@gmail.com>
parents: 4624
diff changeset
613 pw1 = password.Password('foo', scheme='MD5')
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
614 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
615 self.db.user.set(chef, password=pw1)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
616 self.db.commit()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
617 actions.LoginAction(cl).handle()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
618 pw = self.db.user.get(chef, 'password')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
619 self.assertEqual('PBKDF2', pw.scheme)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
620 self.assertEqual(1000, password.pbkdf2_unpack(pw.password)[0])
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
621 cl.db.close()
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
622
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
623 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
624 # Boolean
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
625 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
626 def testEmptyBoolean(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
627 self.assertEqual(self.parseForm({'boolean': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
628 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
629 self.assertEqual(self.parseForm({'boolean': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
630 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
631 self.assertRaises(FormError, self.parseForm, {'boolean': ['', '']})
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
632
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
633 def testSetBoolean(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
634 self.assertEqual(self.parseForm({'boolean': 'yes'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
635 ({('test', None): {'boolean': 1}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
636 self.assertEqual(self.parseForm({'boolean': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
637 ({('test', None): {'boolean': 0}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
638 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
639 self.assertEqual(self.parseForm({'boolean': 'yes'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
640 ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
641 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
642 self.assertEqual(self.parseForm({'boolean': 'no'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
643 ({('test', nodeid): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
644
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
645 def testEmptyBooleanSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
646 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
647 self.assertEqual(self.parseForm({'boolean': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
648 ({('test', nodeid): {'boolean': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
649 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
650 self.assertEqual(self.parseForm({'boolean': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
651 ({('test', nodeid): {'boolean': None}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
652
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
653 def testRequiredBoolean(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
654 self.assertRaises(FormError, self.parseForm, {'boolean': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
655 ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
656 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
657 self.parseForm({'boolean': 'no', ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
658 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
659 self.fail('boolean "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
660
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
661 #
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
662 # Number
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
663 #
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
664 def testEmptyNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
665 self.assertEqual(self.parseForm({'number': ''}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
666 ({('test', None): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
667 self.assertEqual(self.parseForm({'number': ' '}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
668 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
669 self.assertRaises(FormError, self.parseForm, {'number': ['', '']})
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
670
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
671 def testInvalidNumber(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
672 self.assertRaises(FormError, self.parseForm, {'number': 'hi, mum!'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
673
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
674 def testSetNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
675 self.assertEqual(self.parseForm({'number': '1'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
676 ({('test', None): {'number': 1}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
677 self.assertEqual(self.parseForm({'number': '0'}),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
678 ({('test', None): {'number': 0}}, []))
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
679 self.assertEqual(self.parseForm({'number': '\n0\n'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
680 ({('test', None): {'number': 0}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
681
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
682 def testSetNumberReplaceOne(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
683 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
684 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
685 ({('test', nodeid): {}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
686 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
687 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
688
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
689 def testSetNumberReplaceZero(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
690 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
691 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
692 ({('test', nodeid): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
693
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
694 def testSetNumberReplaceNone(self):
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
695 nodeid = self.db.test.create()
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
696 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
697 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
698 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
699 ({('test', nodeid): {'number': 1}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
700
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
701 def testEmptyNumberSet(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
702 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
703 self.assertEqual(self.parseForm({'number': ''}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
704 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
705 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
706 self.assertEqual(self.parseForm({'number': ' '}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
707 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
708
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
709 def testRequiredNumber(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
710 self.assertRaises(FormError, self.parseForm, {'number': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
711 ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
712 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
713 self.parseForm({'number': '0', ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
714 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
715 self.fail('number "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
716
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
717 #
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
718 # Integer
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
719 #
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
720 def testEmptyInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
721 self.assertEqual(self.parseForm({'intval': ''}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
722 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
723 self.assertEqual(self.parseForm({'intval': ' '}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
724 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
725 self.assertRaises(FormError, self.parseForm, {'intval': ['', '']})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
726
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
727 def testInvalidInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
728 self.assertRaises(FormError, self.parseForm, {'intval': 'hi, mum!'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
729
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
730 def testSetInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
731 self.assertEqual(self.parseForm({'intval': '1'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
732 ({('test', None): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
733 self.assertEqual(self.parseForm({'intval': '0'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
734 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
735 self.assertEqual(self.parseForm({'intval': '\n0\n'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
736 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
737
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
738 def testSetIntegerReplaceOne(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
739 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
740 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
741 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
742 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
743 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
744
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
745 def testSetIntegerReplaceZero(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
746 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
747 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
748 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
749
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
750 def testSetIntegerReplaceNone(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
751 nodeid = self.db.test.create()
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
752 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
753 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
754 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
755 ({('test', nodeid): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
756
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
757 def testEmptyIntegerSet(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
758 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
759 self.assertEqual(self.parseForm({'intval': ''}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
760 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
761 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
762 self.assertEqual(self.parseForm({'intval': ' '}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
763 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
764
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
765 def testRequiredInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
766 self.assertRaises(FormError, self.parseForm, {'intval': '',
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
767 ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
768 try:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
769 self.parseForm({'intval': '0', ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
770 except FormError:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
771 self.fail('intval "no" raised "required missing"')
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
772
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
773 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
774 # Date
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
775 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
776 def testEmptyDate(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
777 self.assertEqual(self.parseForm({'date': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
778 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
779 self.assertEqual(self.parseForm({'date': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
780 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
781 self.assertRaises(FormError, self.parseForm, {'date': ['', '']})
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
782
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
783 def testInvalidDate(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
784 self.assertRaises(FormError, self.parseForm, {'date': '12'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
785
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
786 def testSetDate(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
787 self.assertEqual(self.parseForm({'date': '2003-01-01'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
788 ({('test', None): {'date': date.Date('2003-01-01')}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
789 nodeid = self.db.test.create(date=date.Date('2003-01-01'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
790 self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
791 nodeid), ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
792
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
793 def testEmptyDateSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
794 nodeid = self.db.test.create(date=date.Date('.'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
795 self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
796 ({('test', nodeid): {'date': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
797 nodeid = self.db.test.create(date=date.Date('1970-01-01.00:00:00'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
798 self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
799 ({('test', nodeid): {'date': None}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
800
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
801 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
802 # Test multiple items in form
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
803 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
804 def testMultiple(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
805 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'}),
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
806 ({('test', None): {'string': 'a'},
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
807 ('issue', '-1'): {'title': 'b'}
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
808 }, []))
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
809
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
810 def testMultipleExistingContext(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
811 nodeid = self.db.test.create()
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
812 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
813 'test', nodeid),({('test', nodeid): {'string': 'a'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
814 ('issue', '-1'): {'title': 'b'}}, []))
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
815
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
816 def testLinking(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
817 self.assertEqual(self.parseForm({
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
818 'string': 'a',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
819 'issue-1@add@nosy': '1',
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
820 'issue-2@link@superseder': 'issue-1',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
821 }),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
822 ({('test', None): {'string': 'a'},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
823 ('issue', '-1'): {'nosy': ['1']},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
824 },
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
825 [('issue', '-2', 'superseder', [('issue', '-1')])
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
826 ]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
827 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
828 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
829
3982
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
830 def testMessages(self):
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
831 self.assertEqual(self.parseForm({
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
832 'msg-1@content': 'asdf',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
833 'msg-2@content': 'qwer',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
834 '@link@messages': 'msg-1, msg-2'}),
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
835 ({('test', None): {},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
836 ('msg', '-2'): {'content': 'qwer'},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
837 ('msg', '-1'): {'content': 'asdf'}},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
838 [('test', None, 'messages', [('msg', '-1'), ('msg', '-2')])]
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
839 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
840 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
841
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
842 def testLinkBadDesignator(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
843 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
844 {'test-1@link@link': 'blah'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
845 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
846 {'test-1@link@link': 'issue'})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
847
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
848 def testLinkNotLink(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
849 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
850 {'test-1@link@boolean': 'issue-1'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
851 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
852 {'test-1@link@string': 'issue-1'})
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
853
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
854 def testBackwardsCompat(self):
1431
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
855 res = self.parseForm({':note': 'spam'}, 'issue')
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
856 date = res[0][('msg', '-1')]['date']
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
857 self.assertEqual(res, ({('issue', None): {}, ('msg', '-1'):
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
858 {'content': 'spam', 'author': '1', 'date': date}},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
859 [('issue', None, 'messages', [('msg', '-1')])]))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
860 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
861 self.assertEqual(self.parseForm({':file': file}, 'issue'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
862 ({('issue', None): {}, ('file', '-1'): {'content': 'foo',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
863 'name': 'foo.txt', 'type': 'text/plain'}},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
864 [('issue', None, 'files', [('file', '-1')])]))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
865
6382
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
866 def testErrorForBadTemplate(self):
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
867 form = {}
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
868 cl = self.setupClient(form, 'issue', '1', template="broken",
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
869 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
870 out = []
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
871
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
872 out = cl.renderContext()
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
873
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
874 self.assertEqual(out, '<strong>No template file exists for templating "issue" with template "broken" (neither "issue.broken" nor "_generic.broken")</strong>')
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
875 self.assertEqual(cl.response_code, 400)
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
876
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
877 def testFormValuePreserveOnError(self):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
878 page_template = """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
879 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
880 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
881 <p tal:condition="options/error_message|nothing"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
882 tal:repeat="m options/error_message"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
883 tal:content="structure m"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
884 <p tal:content="context/title/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
885 <p tal:content="context/priority/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
886 <p tal:content="context/status/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
887 <p tal:content="context/nosy/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
888 <p tal:content="context/keyword/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
889 <p tal:content="structure context/superseder/field"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
890 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
891 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
892 """.strip ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
893 self.db.keyword.create (name = 'key1')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
894 self.db.keyword.create (name = 'key2')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
895 nodeid = self.db.issue.create (title = 'Title', priority = '1',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
896 status = '1', nosy = ['1'], keyword = ['1'])
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
897 self.db.commit ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
898 form = {':note': 'msg-content', 'title': 'New title',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
899 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
900 'superseder': '5000', ':action': 'edit'}
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
901 cl = self.setupClient(form, 'issue', '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
902 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
903 pt = RoundupPageTemplate()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
904 pt.pt_edit(page_template, 'text/html')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
905 out = []
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
906 def wh(s):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
907 out.append(s)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
908 cl.write_html = wh
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
909 # Enable the following if we get a templating error:
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
910 #def send_error (*args, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
911 # import pdb; pdb.set_trace()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
912 #cl.send_error_to_admin = send_error
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
913 # Need to rollback the database on error -- this usually happens
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
914 # in web-interface (and for other databases) anyway, need it for
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
915 # testing that the form values are really used, not the database!
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
916 # We do this together with the setup of the easy template above
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
917 def load_template(x):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
918 cl.db.rollback()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
919 return pt
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
920 cl.instance.templates.load = load_template
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
921 cl.selectTemplate = MockNull()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
922 cl.determine_context = MockNull ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
923 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
924 return True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
925 actions.Action.hasPermission = hasPermission
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
926 e1 = _HTMLItem.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
927 _HTMLItem.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
928 e2 = HTMLProperty.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
929 HTMLProperty.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
930 cl.inner_main()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
931 _HTMLItem.is_edit_ok = e1
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
932 HTMLProperty.is_edit_ok = e2
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
933 self.assertEqual(len(out), 1)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
934 self.assertEqual(out [0].strip (), """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
935 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
936 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
937 <p>Edit Error: issue has no node 5000</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
938 <p>New title</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
939 <p>urgent</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
940 <p>deferred</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
941 <p>admin, anonymous</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
942 <p></p>
5485
b0359a7c5b6d create input elements with attributes in a defined (sorted) order
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5484
diff changeset
943 <p><input name="superseder" size="30" type="text" value="5000"></p>
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
944 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
945 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
946 """.strip ())
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
947
5519
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
948 def testXMLTemplate(self):
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
949 page_template = """<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:tal="http://xml.zope.org/namespaces/tal" xmlns:metal="http://xml.zope.org/namespaces/metal"></feed>"""
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
950 pt = RoundupPageTemplate()
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
951 pt.pt_edit(page_template, 'application/xml')
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
952
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
953 cl = self.setupClient({ }, 'issue',
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
954 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
955 out = pt.render(cl, 'issue', MockNull())
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
956 self.assertEqual(out, '<?xml version="1.0" encoding="UTF-8"?><feed\n xmlns="http://www.w3.org/2005/Atom"/>\n')
5519
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
957
5924
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
958 def testHttpProxyStrip(self):
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
959 os.environ['HTTP_PROXY'] = 'http://bad.news/here/'
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
960 cl = self.setupClient({ }, 'issue',
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
961 env_addon = {'HTTP_PROXY': 'http://bad.news/here/'})
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
962 out = []
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
963 def wh(s):
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
964 out.append(s)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
965 cl.write_html = wh
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
966 cl.main()
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
967 self.assertFalse('HTTP_PROXY' in cl.env)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
968 self.assertFalse('HTTP_PROXY' in os.environ)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
969
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
970 def testCsrfProtection(self):
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
971 # need to set SENDMAILDEBUG to prevent
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
972 # downstream issue when email is sent on successful
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
973 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
974 # just to make sure that some other test looking for
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
975 # SENDMAILDEBUG won't trip over ours.
5381
0942fe89e82e Python 3 preparation: change "x.has_key(y)" to "y in x".
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
976 if 'SENDMAILDEBUG' not in os.environ:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
977 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
978 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
979
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
980 page_template = """
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
981 <html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
982 <body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
983 <p tal:condition="options/error_message|nothing"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
984 tal:repeat="m options/error_message"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
985 tal:content="structure m"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
986 <p tal:content="context/title/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
987 <p tal:content="context/priority/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
988 <p tal:content="context/status/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
989 <p tal:content="context/nosy/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
990 <p tal:content="context/keyword/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
991 <p tal:content="structure context/superseder/field"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
992 </body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
993 </html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
994 """.strip ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
995 self.db.keyword.create (name = 'key1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
996 self.db.keyword.create (name = 'key2')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
997 nodeid = self.db.issue.create (title = 'Title', priority = '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
998 status = '1', nosy = ['1'], keyword = ['1'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
999 self.db.commit ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1000 form = {':note': 'msg-content', 'title': 'New title',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1001 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1002 ':action': 'edit'}
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1003 cl = self.setupClient(form, 'issue', '1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1004 pt = RoundupPageTemplate()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1005 pt.pt_edit(page_template, 'text/html')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1006 out = []
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1007 def wh(s):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1008 out.append(s)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1009 cl.write_html = wh
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1010 # Enable the following if we get a templating error:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1011 #def send_error (*args, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1012 # import pdb; pdb.set_trace()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1013 #cl.send_error_to_admin = send_error
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1014 # Need to rollback the database on error -- this usually happens
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1015 # in web-interface (and for other databases) anyway, need it for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1016 # testing that the form values are really used, not the database!
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1017 # We do this together with the setup of the easy template above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1018 def load_template(x):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1019 cl.db.rollback()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1020 return pt
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1021 cl.instance.templates.load = load_template
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1022 cl.selectTemplate = MockNull()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1023 cl.determine_context = MockNull ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1024 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1025 return True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1026 actions.Action.hasPermission = hasPermission
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1027 e1 = _HTMLItem.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1028 _HTMLItem.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1029 e2 = HTMLProperty.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1030 HTMLProperty.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1031
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1032 # test with no headers. Default config requires that 1 header
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1033 # is present and passes checks.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1034 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1035 match_at=out[0].find('Unable to verify sufficient headers')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1036 print("result of subtest 1:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1037 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1038 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1039
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1040 # all the rest of these allow at least one header to pass
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1041 # and the edit happens with a redirect back to issue 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1042 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1043 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1044 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1045 print("result of subtest 2:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1046 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1047 del(cl.env['HTTP_REFERER'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1048 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1049
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1050 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1051 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1052 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1053 print("result of subtest 3:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1054 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1055 del(cl.env['HTTP_ORIGIN'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1056 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1057
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1058 cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com'
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1059 # if there is an X-FORWARDED-HOST header it is used and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1060 # HOST header is ignored. X-FORWARDED-HOST should only be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1061 # passed/set by a proxy. In this case the HOST header is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1062 # the proxy's name for the web server and not the name
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1063 # thatis exposed to the world.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1064 cl.env['HTTP_HOST'] = 'frontend1.whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1065 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1066 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1067 print("result of subtest 4:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1068 self.assertNotEqual(match_at, -1)
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1069 del(cl.env['HTTP_X_FORWARDED_HOST'])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1070 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1071 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1072
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1073 cl.env['HTTP_HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1074 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1075 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1076 print("result of subtest 5:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1077 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1078 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1079 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1080
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1081 # try failing headers
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1082 cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net'
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1083 # this raises an error as the header check passes and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1084 # it did the edit and tries to send mail.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1085 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1086 match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1087 print("result of subtest 6:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1088 self.assertNotEqual(match_at, -1)
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1089 del(cl.env['HTTP_X_FORWARDED_HOST'])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1090 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1091
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1092 # header checks succeed
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1093 # check nonce handling.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1094 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1095
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1096 # roundup will report a missing token.
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1097 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'required'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1098 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1099 match_at=out[0].find("<p>We can't validate your session (csrf failure). Re-enter any unsaved data and try again.</p>")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1100 print("result of subtest 6a:", out[0], match_at)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1101 self.assertEqual(match_at, 33)
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1102 del(out[0])
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1103 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'yes'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1104
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1105 form2 = copy.copy(form)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1106 form2.update({'@csrf': 'booogus'})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1107 # add a bogus csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1108 cl.form = db_test_base.makeForm(form2)
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1109
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1110 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1111 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1112 print("result of subtest 7:", out[0])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1113 self.assertEqual(match_at, 36)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1114 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1115
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1116 form2 = copy.copy(form)
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5485
diff changeset
1117 nonce = anti_csrf_nonce(cl)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1118 # verify that we can see the nonce
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1119 otks = cl.db.getOTKManager()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1120 isitthere = otks.exists(nonce)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1121 print("result of subtest 8:", isitthere)
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1122 print("otks: user, session", otks.get(nonce, 'uid', default=None),
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1123 otks.get(nonce, 'session', default=None))
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1124 self.assertEqual(isitthere, True)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1125
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1126 form2.update({'@csrf': nonce})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1127 # add a real csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1128 cl.form = db_test_base.makeForm(form2)
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1129 cl.inner_main()
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1130 # csrf passes and redirects to the new issue.
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1131 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1132 print("result of subtest 9:", out[0])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1133 self.assertEqual(match_at, 0)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1134 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1135
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1136 # try a replay attack
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1137 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1138 # This should fail as token was wiped by last run.
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1139 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1140 print("replay of csrf after post use", out[0])
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1141 print("result of subtest 10:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1142 self.assertEqual(match_at, 36)
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1143 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1144
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1145 # make sure that a get deletes the csrf.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1146 cl.env['REQUEST_METHOD'] = 'GET'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1147 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1148 form2 = copy.copy(form)
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5485
diff changeset
1149 nonce = anti_csrf_nonce(cl)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1150 form2.update({'@csrf': nonce})
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1151 # add a real csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1152 cl.form = db_test_base.makeForm(form2)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1153 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1154 # csrf passes but fail creating new issue because not a post
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1155 match_at=out[0].find('<p>Invalid request</p>')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1156 print("result of subtest 11:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1157 self.assertEqual(match_at, 33)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1158 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1159
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1160 # the token should be gone
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1161 isitthere = otks.exists(nonce)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1162 print("result of subtest 12:", isitthere)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1163 self.assertEqual(isitthere, False)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1164
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1165 # change to post and should fail w/ invalid csrf
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1166 # since get deleted the token.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1167 cl.env.update({'REQUEST_METHOD': 'POST'})
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1168 print(cl.env)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1169 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1170 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1171 print("post failure after get", out[0])
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1172 print("result of subtest 13:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1173 self.assertEqual(match_at, 36)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1174 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1175
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1176 del(cl.env['HTTP_REFERER'])
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1177
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1178 # test by setting allowed api origins to *
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1179 # this should not redirect as it is not an API call.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1180 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1181 cl.env['HTTP_ORIGIN'] = 'https://baz.edu'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1182 cl.inner_main()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1183 match_at=out[0].find('Invalid Origin https://baz.edu')
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1184 print("result of subtest invalid origin:", out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1185 self.assertEqual(match_at, 36)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1186 del(cl.env['HTTP_ORIGIN'])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1187 cl.db.config.WEB_ALLOWED_API_ORIGINS = ""
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1188 del(out[0])
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1189
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1190 # test by setting allowed api origins to *
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1191 # this should not redirect as it is not an API call.
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1192 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1193 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1194 cl.env['HTTP_REFERER'] = 'https://baz.edu/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1195 cl.inner_main()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1196 match_at=out[0].find('Invalid Referer: https://baz.edu/path/')
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1197 print("result of subtest invalid referer:", out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1198 self.assertEqual(match_at, 36)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1199 del(cl.env['HTTP_ORIGIN'])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1200 del(cl.env['HTTP_REFERER'])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1201 cl.db.config.WEB_ALLOWED_API_ORIGINS = ""
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1202 del(out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1203
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1204 # clean up from email log
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1205 if os.path.exists(SENDMAILDEBUG):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1206 os.remove(SENDMAILDEBUG)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1207 #raise ValueError
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1208
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1209 def testRestOriginValidationCredentials(self):
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1210 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1211 # set the password for admin so we can log in.
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1212 passwd=password.Password('admin')
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1213 self.db.user.set('1', password=passwd)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1214
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1215 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1216 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1217 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1218
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1219 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1220 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1221 # origin set to allowed value
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1222 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1223 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1224 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1225 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1226 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1227 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1228 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1229 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1230 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1231 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1232 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1233 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1234 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1235 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1236 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1237 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1238 'accept': 'application/json;version=1',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1239 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1240 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1241 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1242
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1243 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1244
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1245 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1246 print(b2s(out[0]))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1247 expected="""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1248 {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1249 "data": {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1250 "collection": [],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1251 "@total_size": 0
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1252 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1253 }"""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1254
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1255 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1256 self.assertIn('Access-Control-Allow-Credentials',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1257 cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1258 self.assertEqual(
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1259 cl.additional_headers['Access-Control-Allow-Credentials'],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1260 'true'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1261 )
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1262 self.assertEqual(
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1263 cl.additional_headers['Access-Control-Allow-Origin'],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1264 'http://whoami.com'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1265 )
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1266 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1267
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1268
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1269 # Origin not set. AKA same origin GET request.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1270 # Should be like valid origin.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1271 # Because of HTTP_X_REQUESTED_WITH header it should be
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1272 # preflighted.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1273 cl = client.Client(self.instance, None,
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1274 {'REQUEST_METHOD':'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1275 'PATH_INFO':'rest/data/issue',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1276 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1277 'HTTP_REFERER': 'http://whoami.com/path/',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1278 'HTTP_ACCEPT': "application/json;version=1",
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1279 'HTTP_X_REQUESTED_WITH': 'rest',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1280 }, form)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1281 cl.db = self.db
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1282 cl.base = 'http://whoami.com/path/'
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1283 cl._socket_op = lambda *x : True
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1284 cl._error_message = []
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1285 cl.request = MockNull()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1286 h = { 'content-type': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1287 'accept': 'application/json' }
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1288 cl.request.headers = MockNull(**h)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1289
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1290 cl.write = wh # capture output
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1291
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1292 # Should return explanation because content type is text/plain
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1293 # and not text/xml
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1294 cl.handle_rest()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1295 self.assertIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1296 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1297
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1298 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1299 del(out[0])
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1300
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1301 cl = client.Client(self.instance, None,
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1302 {'REQUEST_METHOD':'OPTIONS',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1303 'HTTP_ORIGIN': 'http://invalid.com',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1304 'PATH_INFO':'rest/data/issue',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1305 'Access-Control-Request-Headers': 'Authorization',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1306 'Access-Control-Request-Method': 'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1307 }, form)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1308 cl.db = self.db
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1309 cl.base = 'http://whoami.com/path/'
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1310 cl._socket_op = lambda *x : True
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1311 cl._error_message = []
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1312 cl.request = MockNull()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1313 h = { 'content-type': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1314 'accept': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1315 'access-control-request-headers': 'Authorization',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1316 'access-control-request-method': 'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1317 }
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1318 cl.request.headers = MockNull(**h)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1319
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1320 cl.write = wh # capture output
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1321
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1322 # Should return explanation because content type is text/plain
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1323 # and not text/xml
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1324 cl.handle_rest()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1325 self.assertNotIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1326 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1327
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1328 self.assertNotIn('Access-Control-Allow-Origin',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1329 cl.additional_headers
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1330 )
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1331
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1332 self.assertEqual(cl.response_code, 400)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1333 del(out[0])
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1334
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1335 # origin not set to allowed value
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1336 # prevents authenticated request like this from
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1337 # being shared with the requestor because
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1338 # Access-Control-Allow-Credentials is not
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1339 # set in response
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1340 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1341 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1342 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1343 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1344 'HTTP_ORIGIN': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1345 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1346 'HTTP_REFERER': 'http://invalid.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1347 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1348 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1349 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1350 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1351 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1352 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1353 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1354 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1355 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1356 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1357 'accept': 'application/json;version=1',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1358 'origin': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1359 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1360 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1361
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1362 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1363 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1364 self.assertEqual(json.loads(b2s(out[0])),
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1365 json.loads(expected)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1366 )
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1367 self.assertNotIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1368 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1369 self.assertIn('Access-Control-Allow-Origin',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1370 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1371 self.assertEqual(
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1372 h['origin'],
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1373 cl.additional_headers['Access-Control-Allow-Origin']
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1374 )
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1375
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1376 self.assertIn('Content-Length', cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1377 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1378
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1379
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1380 # CORS Same rules as for invalid origin
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1381 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1382 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1383 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1384 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1385 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1386 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1387 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1388 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1389 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1390 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1391 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1392 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1393 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1394 h = { 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1395 'accept': 'application/json' }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1396 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1397
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1398 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1399
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1400 # Should return explanation because content type is text/plain
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1401 # and not text/xml
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1402 cl.handle_rest()
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1403 self.assertIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1404 cl.additional_headers)
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1405
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1406 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1407 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1408
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1409 # origin set to special "null" value. Same rules as for
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1410 # invalid origin
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1411 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1412 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1413 'PATH_INFO':'rest/data/issue',
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1414 'HTTP_ORIGIN': 'null',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1415 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1416 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1417 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1418 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1419 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1420 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1421 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1422 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1423 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1424 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1425 h = { 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1426 'accept': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1427 'origin': 'null' }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1428 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1429
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1430 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1431
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1432 # Should return explanation because content type is text/plain
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1433 # and not text/xml
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1434 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1435 self.assertNotIn('Access-Control-Allow-Credentials', cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1436
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1437 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1438 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1439
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1440
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1441 def testRestOptionsBadAttribute(self):
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1442 import json
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1443 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1444 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1445 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1446
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1447 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1448 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1449 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1450 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1451 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1452 'PATH_INFO':'rest/data/user/1/zot',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1453 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1454 'content-type': ""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1455 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1456 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1457 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1458 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1459 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1460 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1461 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1462 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1463 'access-control-request-headers': 'x-requested-with',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1464 'access-control-request-method': 'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1465 'referer': 'http://whoami.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1466 'content-type': "",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1467 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1468 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1469
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1470 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1471 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1472
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1473 _py3 = sys.version_info[0] > 2
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1474
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1475 expected_headers = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1476 'Access-Control-Allow-Credentials': 'true',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1477 'Access-Control-Allow-Headers': 'Content-Type, Authorization, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1478 'X-Requested-With, X-HTTP-Method-Override',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1479 'Access-Control-Allow-Methods': 'HEAD, OPTIONS, GET, POST, PUT, DELETE, PATCH',
7160
ed63b6d35838 Add 'Access-Control-Expose-Headers' to a couple of tests.
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1480 'Access-Control-Expose-Headers': 'X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Limit-Period, Retry-After, Sunset, Allow',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1481 'Access-Control-Allow-Origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1482 'Access-Control-Max-Age': '86400',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1483 'Allow': 'OPTIONS, GET, POST, PUT, DELETE, PATCH',
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1484 # string representation under python2 has an extra space.
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1485 'Content-Length': '104' if _py3 else '105',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1486 'Content-Type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1487 'Vary': 'Origin'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1488 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1489
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1490 expected_body = b'{\n "error": {\n "status": 404,\n "msg": "Attribute zot not valid for Class user"\n }\n}\n'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1491
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1492 self.assertEqual(cl.response_code, 404)
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1493 # json payload string representation differs. Compare as objects.
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1494 self.assertEqual(json.loads(b2s(out[0])), json.loads(expected_body))
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1495 self.assertEqual(cl.additional_headers, expected_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1496
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1497 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1498
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1499
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1500 def testRestOptionsRequestGood(self):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1501 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1502 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1503 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1504 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1505
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1506 # OPTIONS/CORS preflight has no credentials
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1507 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1508 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1509 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1510 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1511 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1512 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1513 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1514 'Access-Control-Request-Headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1515 'Access-Control-Request-Method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1516 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1517 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1518 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1519 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1520 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1521 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1522 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1523 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1524 'access-control-request-headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1525 'access-control-request-method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1526 'referer': 'http://whoami.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1527 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1528 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1529
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1530 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1531 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1532 self.assertEqual(out[0], '') # 204 options returns no data
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1533
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1534 expected_headers = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1535 'Access-Control-Allow-Credentials': 'true',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1536 'Access-Control-Allow-Headers': 'Content-Type, Authorization, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1537 'X-Requested-With, X-HTTP-Method-Override',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1538 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',
7160
ed63b6d35838 Add 'Access-Control-Expose-Headers' to a couple of tests.
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1539 'Access-Control-Expose-Headers': 'X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Limit-Period, Retry-After, Sunset, Allow',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1540 'Access-Control-Allow-Origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1541 'Access-Control-Max-Age': '86400',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1542 'Allow': 'OPTIONS, GET, POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1543 'Content-Type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1544 'Vary': 'Origin'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1545 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1546
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1547 self.assertEqual(cl.additional_headers, expected_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1548
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1549
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1550 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1551
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1552 def testRestOptionsRequestBad(self):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1553 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1554
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1555 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1556 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1557 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1558
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1559 # OPTIONS/CORS preflight has no credentials
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1560 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1561 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1562 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1563 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1564 'HTTP_ORIGIN': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1565 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1566 'HTTP_REFERER':
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1567 'http://invalid.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1568 'Access-Control-Request-Headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1569 'Access-Control-Request-Method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1570 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1571 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1572 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1573 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1574 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1575 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1576 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1577 'origin': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1578 'access-control-request-headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1579 'access-control-request-method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1580 'referer': 'http://invalid.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1581 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1582 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1583
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1584 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1585 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1586
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1587 self.assertEqual(cl.response_code, 400)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1588
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1589 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1590
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1591 def testRestCsrfProtection(self):
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1592 import json
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1593 # set the password for admin so we can log in.
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1594 passwd=password.Password('admin')
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1595 self.db.user.set('1', password=passwd)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1596
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1597 out = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1598 def wh(s):
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1599 out.append(s)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1600
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1601 # rest has no form content
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1602 form = cgi.FieldStorage()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1603 form.list = [
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1604 cgi.MiniFieldStorage('title', 'A new issue'),
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1605 cgi.MiniFieldStorage('status', '1'),
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1606 cgi.MiniFieldStorage('@pretty', 'false'),
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1607 cgi.MiniFieldStorage('@apiver', '1'),
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1608 ]
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1609 cl = client.Client(self.instance, None,
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1610 {'REQUEST_METHOD':'POST',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1611 'PATH_INFO':'rest/data/issue',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1612 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1613 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1614 'HTTP_REFERER': 'http://whoami.com/path/',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1615 'HTTP_ACCEPT': "application/json;version=1"
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1616 }, form)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1617 cl.db = self.db
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1618 cl.base = 'http://whoami.com/path/'
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1619 cl._socket_op = lambda *x : True
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1620 cl._error_message = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1621 cl.request = MockNull()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1622 h = { 'content-type': 'application/json',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1623 'accept': 'application/json;version=1' }
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1624 cl.request.headers = MockNull(**h)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1625
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1626 cl.write = wh # capture output
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1627
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1628 # Should return explanation because content type is text/plain
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1629 # and not text/xml
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1630 cl.handle_rest()
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1631 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1632 '"msg": "Required Header Missing" } }')
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1633 del(out[0])
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1634
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1635 cl = client.Client(self.instance, None,
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1636 {'REQUEST_METHOD':'POST',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1637 'PATH_INFO':'rest/data/issue',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1638 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1639 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1640 'HTTP_REFERER': 'http://whoami.com/path/',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1641 'HTTP_X_REQUESTED_WITH': 'rest',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1642 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1643 'HTTP_ORIGIN': 'http://whoami.com',
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1644 }, form)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1645 cl.db = self.db
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1646 cl.base = 'http://whoami.com/path/'
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1647 cl._socket_op = lambda *x : True
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1648 cl._error_message = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1649 cl.request = MockNull()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1650 h = { 'content-type': 'application/json',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1651 'accept': 'application/json;version=1' }
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1652 cl.request.headers = MockNull(**h)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1653
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1654 cl.write = wh # capture output
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1655
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1656 # Should work as all required headers are present.
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1657 cl.handle_rest()
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1658 answer='{"data": {"link": "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/issue/1", "id": "1"}}\n'
5703
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1659 # check length to see if pretty is turned off.
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1660 self.assertEqual(len(out[0]), 99)
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1661
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1662 # compare as dicts not strings due to different key ordering
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1663 # between python versions.
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1664 response=json.loads(b2s(out[0]))
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1665 expected=json.loads(answer)
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1666 self.assertEqual(response,expected)
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1667 del(out[0])
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1668
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1669
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1670 # rest has no form content
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1671 cl.db.config.WEB_ALLOWED_API_ORIGINS = "https://bar.edu http://bar.edu"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1672 form = cgi.FieldStorage()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1673 form.list = [
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1674 cgi.MiniFieldStorage('title', 'A new issue'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1675 cgi.MiniFieldStorage('status', '1'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1676 cgi.MiniFieldStorage('@pretty', 'false'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1677 cgi.MiniFieldStorage('@apiver', '1'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1678 ]
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1679 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1680 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1681 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1682 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1683 'HTTP_ORIGIN': 'https://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1684 'HTTP_X_REQUESTED_WITH': 'rest',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1685 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1686 'HTTP_REFERER': 'http://whoami.com/path/',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1687 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1688 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1689 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1690 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1691 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1692 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1693 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1694 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1695 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1696 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1697
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1698 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1699
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1700 # Should return explanation because content type is text/plain
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1701 # and not text/xml
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1702 cl.handle_rest()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1703 answer='{"data": {"link": "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/issue/2", "id": "2"}}\n'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1704 # check length to see if pretty is turned off.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1705 self.assertEqual(len(out[0]), 99)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1706
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1707 # compare as dicts not strings due to different key ordering
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1708 # between python versions.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1709 response=json.loads(b2s(out[0]))
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1710 expected=json.loads(answer)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1711 self.assertEqual(response,expected)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1712 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1713
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1714 #####
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1715 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1716 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1717 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1718 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1719 'HTTP_ORIGIN': 'httxs://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1720 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1721 'HTTP_REFERER': 'http://whoami.com/path/',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1722 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1723 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1724 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1725 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1726 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1727 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1728 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1729 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1730 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1731 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1732
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1733 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1734
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1735 # Should return explanation because content type is text/plain
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1736 # and not text/xml
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1737 cl.handle_rest()
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1738 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, "msg": "Client is not allowed to use Rest Interface." } }')
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1739 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1740
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1741
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1742 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1743 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1744 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1745 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1746 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1747 'HTTP_ORIGIN': 'httxs://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1748 'HTTP_X_REQUESTED_WITH': 'rest',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1749 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1750 'HTTP_REFERER': 'httxp://bar.edu/path/',
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1751 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1752 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1753 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1754 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1755 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1756 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1757 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1758 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1759 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1760 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1761
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1762 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1763
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1764 # create fourth issue
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1765 cl.handle_rest()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1766 self.assertIn('"id": "3"', b2s(out[0]))
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1767 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1768
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1769 cl.db.config.WEB_ALLOWED_API_ORIGINS = "httxs://bar.foo.edu httxs://bar.edu"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1770 for referer in [ 'httxs://bar.edu/path/foo',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1771 'httxs://bar.edu/path/foo?g=zz',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1772 'httxs://bar.edu']:
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1773 cl = client.Client(self.instance, None,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1774 {'REQUEST_METHOD':'POST',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1775 'PATH_INFO':'rest/data/issue',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1776 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1777 'HTTP_ORIGIN': 'httxs://bar.edu',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1778 'HTTP_X_REQUESTED_WITH': 'rest',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1779 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1780 'HTTP_REFERER': referer,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1781 'HTTP_ACCEPT': "application/json;version=1"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1782 }, form)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1783 cl.db = self.db
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1784 cl.base = 'http://whoami.com/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1785 cl._socket_op = lambda *x : True
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1786 cl._error_message = []
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1787 cl.request = MockNull()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1788 h = { 'content-type': 'application/json',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1789 'accept': 'application/json' }
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1790 cl.request.headers = MockNull(**h)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1791
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1792 cl.write = wh # capture output
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1793
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1794 # create fourth issue
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1795 cl.handle_rest()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1796 self.assertIn('"id": "', b2s(out[0]))
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1797 del(out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1798
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1799 cl.db.config.WEB_ALLOWED_API_ORIGINS = "httxs://bar.foo.edu httxs://bar.edu"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1800 cl = client.Client(self.instance, None,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1801 {'REQUEST_METHOD':'POST',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1802 'PATH_INFO':'rest/data/issue',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1803 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1804 'HTTP_ORIGIN': 'httxs://bar.edu',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1805 'HTTP_X_REQUESTED_WITH': 'rest',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1806 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1807 'HTTP_REFERER': 'httxp://bar.edu/path/',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1808 'HTTP_ACCEPT': "application/json;version=1"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1809 }, form)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1810 cl.db = self.db
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1811 cl.base = 'http://whoami.com/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1812 cl._socket_op = lambda *x : True
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1813 cl._error_message = []
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1814 cl.request = MockNull()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1815 h = { 'content-type': 'application/json',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1816 'accept': 'application/json' }
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1817 cl.request.headers = MockNull(**h)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1818
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1819 cl.write = wh # capture output
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1820
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1821 # create fourth issue
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1822 cl.handle_rest()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1823 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, "msg": "Invalid Referer: httxp://bar.edu/path/"}}')
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1824 del(out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1825
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1826 def testXmlrpcCsrfProtection(self):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1827 # set the password for admin so we can log in.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1828 passwd=password.Password('admin')
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1829 self.db.user.set('1', password=passwd)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1830
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1831 out = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1832 def wh(s):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1833 out.append(s)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1834
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1835 # xmlrpc has no form content
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1836 form = {}
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1837 cl = client.Client(self.instance, None,
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1838 {'REQUEST_METHOD':'POST',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1839 'PATH_INFO':'xmlrpc',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1840 'CONTENT_TYPE': 'text/plain',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1841 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1842 'HTTP_REFERER': 'http://whoami.com/path/',
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1843 'HTTP_X_REQUESTED_WITH': "XMLHttpRequest"
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1844 }, form)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1845 cl.db = self.db
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1846 cl.base = 'http://whoami.com/path/'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1847 cl._socket_op = lambda *x : True
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1848 cl._error_message = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1849 cl.request = MockNull()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1850 cl.write = wh # capture output
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1851
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1852 # Should return explanation because content type is text/plain
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1853 # and not text/xml
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1854 cl.handle_xmlrpc()
6268
bdcccd2b2141 Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1856 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1857
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1858 # Should return admin user indicating auth works and
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1859 # header checks succeed (REFERER and X-REQUESTED-WITH)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1860 cl.env['CONTENT_TYPE'] = "text/xml"
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1861 # ship the form with the value holding the xml value.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1862 # I have no clue why this works but ....
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1863 cl.form = MockNull(file = True, value = "<?xml version='1.0'?>\n<methodCall>\n<methodName>display</methodName>\n<params>\n<param>\n<value><string>user1</string></value>\n</param>\n<param>\n<value><string>username</string></value>\n</param>\n</params>\n</methodCall>\n" )
5472
e903835f0822 expect bytes from XMLRPC tests
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5453
diff changeset
1864 answer = b"<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>username</name>\n<value><string>admin</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n"
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1865 cl.handle_xmlrpc()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1866 print(out)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1867 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1868 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1869
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1870 # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1871 del(cl.env['HTTP_X_REQUESTED_WITH'])
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1872 cl.handle_xmlrpc()
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1873 frag_faultCode = "<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n"
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1874 frag_faultString = "<member>\n<name>faultString</name>\n<value><string>&lt;class 'roundup.exceptions.UsageError'&gt;:Required Header Missing</string></value>\n</member>\n"
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1875 output_fragments = ["<?xml version='1.0'?>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1876 "<methodResponse>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1877 "<fault>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1878 "<value><struct>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1879 (frag_faultCode + frag_faultString,
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1880 frag_faultString + frag_faultCode),
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1881 "</struct></value>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1882 "</fault>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1883 "</methodResponse>\n"]
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1884 print(out[0])
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1885 self.compareStringFragments(out[0], output_fragments)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1886 del(out[0])
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1887
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1888 # change config to not require X-REQUESTED-WITH header
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1889 cl.db.config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] = 'logfailure'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1890 cl.handle_xmlrpc()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1891 print(out)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1892 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1893 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1894
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1895 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1896 # SECURITY
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1897 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1898 # XXX test all default permissions
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1899 def _make_client(self, form, classname='user', nodeid='1',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1900 userid='2', template='item'):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
1901 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1902 'REQUEST_METHOD':'POST'}, db_test_base.makeForm(form))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1903 cl.classname = classname
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1904 if nodeid is not None:
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1905 cl.nodeid = nodeid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1906 cl.db = self.db
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
1907 cl.db.Otk = cl.db.getOTKManager()
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1908 #cl.db.Otk = MockNull()
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1909 #cl.db.Otk.data = {}
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1910 #cl.db.Otk.getall = self.data_get
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1911 #cl.db.Otk.set = self.data_set
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1912 cl.userid = userid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
1913 cl.language = ('en',)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1914 cl._error_message = []
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1915 cl._ok_message = []
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1916 cl.template = template
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1917 return cl
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1918
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1919 def data_get(self, key):
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1920 return self.db.Otk.data[key]
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1921
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1922 def data_set(self, key, **value):
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1923 self.db.Otk.data[key] = value
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1924
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1925 def testClassPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1926 cl = self._make_client(dict(username='bob'))
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5786
diff changeset
1927 self.assertRaises(exceptions.Unauthorised,
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1928 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1929 cl.nodeid = '1'
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1930 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1931 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1932
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1933 def testCheckAndPropertyPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1934 self.db.security.permissions = {}
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1935 def own_record(db, userid, itemid):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1936 return userid == itemid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1937 p = self.db.security.addPermission(name='Edit', klass='user',
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1938 check=own_record, properties=("password", ))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1939 self.db.security.addPermissionToRole('User', p)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1940
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1941 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1942 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1943 actions.EditItemAction(cl).handle)
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1944 cl = self._make_client(dict(roles='User,Admin'), userid='4', nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1945 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1946 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1947 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1948 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1949 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1950 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1951 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1952 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1953 # working example, mary may change her pw
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1954 cl = self._make_client({'password':'ob', '@confirm@password':'ob'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1955 nodeid='4', userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1956 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1957 actions.EditItemAction(cl).handle)
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1958 cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5786
diff changeset
1959 self.assertRaises(exceptions.Unauthorised,
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1960 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1961
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1962 def testCreatePermission(self):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1963 # this checks if we properly differentiate between create and
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1964 # edit permissions
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1965 self.db.security.permissions = {}
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1966 self.db.security.addRole(name='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1967 # Don't allow roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1968 p = self.db.security.addPermission(name='Create', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1969 properties=("username", "password", "address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1970 "alternate_address", "realname", "phone", "organisation",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1971 "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1972 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1973 # Don't allow roles *and* don't allow username
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1974 p = self.db.security.addPermission(name='Edit', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1975 properties=("password", "address", "alternate_address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1976 "realname", "phone", "organisation", "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1977 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1978 self.db.user.set('4', roles='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1979
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1980 # anonymous may not
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1981 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1982 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1983 'roles':'Admin'}, nodeid=None, userid='2')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1984 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1985 actions.NewItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1986 # Don't allow creating new user with roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1987 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1988 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1989 'roles':'Admin'}, nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1990 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1991 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1992 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1993 # this should work
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1994 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1995 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1996 nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1997 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1998 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1999 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2000 # don't allow changing (my own) username (in this example)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2001 cl = self._make_client(dict(username='new_user42'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2002 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2003 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2004 cl = self._make_client(dict(username='new_user42'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2005 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2006 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2007 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2008 # don't allow changing (my own) roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2009 cl = self._make_client(dict(roles='User,Admin'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2010 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2011 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2012 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2013 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2014 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2015 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2016 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2017 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2018 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2019
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2020 def testSearchPermission(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2021 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2022 self.db.security.permissions = {}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2023 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2024 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2025 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2026 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2027 # Allow viewing department
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2028 p = self.db.security.addPermission(name='View', klass='department')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2029 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2030 # Allow viewing interesting things (but not department) on iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2031 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2032 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2033 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2034 properties=("title", "status"), check=lambda x,y,z: True)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2035 self.db.security.addPermissionToRole('User', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2036 # Allow all relevant roles access to stat
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2037 p = self.db.security.addPermission(name='View', klass='stat')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2038 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2039 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2040 # Allow role "Project" access to whole iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2041 p = self.db.security.addPermission(name='View', klass='iss')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2042 self.db.security.addPermissionToRole('Project', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2043
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2044 department = self.instance.backend.Class(self.db, "department",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2045 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2046 status = self.instance.backend.Class(self.db, "stat",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2047 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2048 issue = self.instance.backend.Class(self.db, "iss",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2049 title=hyperdb.String(), status=hyperdb.Link('stat'),
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2050 department=hyperdb.Link('department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2051
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2052 d1 = department.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2053 d2 = department.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2054 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2055 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2056 issue.create(title='i1', status=open, department=d2)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2057 issue.create(title='i2', status=open, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2058 issue.create(title='i2', status=closed, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2059
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2060 chef = self.db.user.lookup('Chef')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2061 mary = self.db.user.lookup('mary')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2062 self.db.user.set(chef, roles = 'User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2063
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2064 perm = self.db.security.hasPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2065 search = self.db.security.hasSearchPermission
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2066 self.assertTrue(perm('View', chef, 'iss', 'department', '1'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2067 self.assertTrue(perm('View', chef, 'iss', 'department', '2'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2068 self.assertTrue(perm('View', chef, 'iss', 'department', '3'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2069 self.assertTrue(search(chef, 'iss', 'department'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2070
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2071 self.assertTrue(not perm('View', mary, 'iss', 'department'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2072 self.assertTrue(perm('View', mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2073 # Conditionally allow view of whole iss (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2074 # this might check for department owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2075 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2076 check=lambda x,y,z: False)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2077 self.db.security.addPermissionToRole('User', p)
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2078 self.assertTrue(perm('View', mary, 'iss', 'department'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2079 self.assertTrue(not perm('View', mary, 'iss', 'department', '1'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2080 self.assertTrue(not search(mary, 'iss', 'department'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2081
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2082 self.assertTrue(perm('View', mary, 'iss', 'status'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2083 self.assertTrue(not search(mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2084 # Allow user to search for iss.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2085 p = self.db.security.addPermission(name='Search', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2086 properties=("status",))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2087 self.db.security.addPermissionToRole('User', p)
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2088 self.assertTrue(search(mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2089
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2090 dep = {'@action':'search','columns':'id','@filter':'department',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2091 'department':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2092 stat = {'@action':'search','columns':'id','@filter':'status',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2093 'status':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2094 depsort = {'@action':'search','columns':'id','@sort':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2095 depgrp = {'@action':'search','columns':'id','@group':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2096
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2097 # Filter on department ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2098 cl = self._make_client(dep, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2099 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2100 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2101 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2102 # Filter on department works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2103 cl = self._make_client(dep, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2104 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2105 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2106 self.assertEqual([x.id for x in h.batch()],['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2107 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2108 cl = self._make_client(stat, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2109 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2110 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2111 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2112 cl = self._make_client(stat, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2113 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2114 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2115 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2116 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2117 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2118 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2119 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2120 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2121 self.assertEqual(cl._error_message, []) # test for empty _error_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2122 self.assertEqual(cl._ok_message, []) # test for empty _ok_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2123
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2124 # Test for correct _error_message for invalid sort/group properties
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2125 baddepsort = {'@action':'search','columns':'id','@sort':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2126 baddepgrp = {'@action':'search','columns':'id','@group':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2127 cl = self._make_client(baddepsort, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2128 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2129 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2130 self.assertEqual(cl._error_message, ['Unknown sort property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2131 cl = self._make_client(baddepgrp, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2132 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2133 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2134 self.assertEqual(cl._error_message, ['Unknown group property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2135
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2136 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2137 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2138 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2139 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2140 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2141 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2142 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2143 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2144 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2145 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2146 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2147 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2148 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2149
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2150 def testEditCSVKeyword(self):
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2151 form = dict(rows='id,name\n1,newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2152 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2153 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2154 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2155 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2156 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2157 self.assertEqual(k.name, 'newkey')
5484
ca8050fa5e78 fixed string encoding in test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5472
diff changeset
2158 form = dict(rows=u2s(u'id,name\n1,\xe4\xf6\xfc'))
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2159 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2160 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2161 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2162 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2163 k = self.db.keyword.getnode('1')
5484
ca8050fa5e78 fixed string encoding in test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5472
diff changeset
2164 self.assertEqual(k.name, u2s(u'\xe4\xf6\xfc'))
6435
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2165 form = dict(rows='id,name\n1,newkey\n\n2,newerkey\n\n')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2166 cl = self._make_client(form, userid='1', classname='keyword')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2167 cl._ok_message = []
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2168 actions.EditCSVAction(cl).handle()
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2169 self.assertEqual(cl._ok_message, ['Items edited OK'])
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2170 k = self.db.keyword.getnode('1')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2171 self.assertEqual(k.name, 'newkey')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2172 k = self.db.keyword.getnode('2')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2173 self.assertEqual(k.name, 'newerkey')
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2174
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2175 def testEditCSVTest(self):
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2176
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2177 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,true,2019-02-10,2d,4,,,,3.4,pass,foo\n2,no,2017-02-10,1d,-9,1,,1,-2.4,poof,bar\n3,no,2017-02-10,1d,-9,2,,1:2,-2.4,ping,bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2178 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2179 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2180 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2181 self.assertEqual(cl._ok_message, ['Items edited OK'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2182 t = self.db.test.getnode('1')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2183 self.assertEqual(t.string, 'foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2184 self.assertEqual(t['string'], 'foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2185 self.assertEqual(t.boolean, True)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2186 t = self.db.test.getnode('3')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2187 self.assertEqual(t.multilink, [ "1", "2" ])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2188
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2189 # now edit existing row and delete row
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2190 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,false,2019-03-10,1d,3,1,,1:2,2.2,pass,bar\n2,,,,,1,,1,,,bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2191 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2192 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2193 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2194 self.assertEqual(cl._ok_message, ['Items edited OK'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2195 t = self.db.test.getnode('1')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2196 self.assertEqual(t.string, 'bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2197 self.assertEqual(t['string'], 'bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2198 self.assertEqual(t.boolean, False)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2199 self.assertEqual(t.multilink, [ "1", "2" ])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2200 self.assertEqual(t.link, "1")
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2201
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2202 t = self.db.test.getnode('3')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2203 self.assertTrue(t.cl.is_retired('3'))
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2204
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2205
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2206 def testEditCSVTestBadRow(self):
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2207 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,2019-02-10,2d,4,,,,3.4,pass,foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2208 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2209 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2210 cl._error_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2211 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2212 print(cl._error_message)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2213 self.assertEqual(cl._error_message, ['Not enough values on line 3'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2214
5515
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2215 def testEditCSVRestore(self):
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2216 form = dict(rows='id,name\n1,key1\n2,key2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2217 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2218 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2219 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2220 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2221 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2222 self.assertEqual(k.name, 'key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2223 k = self.db.keyword.getnode('2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2224 self.assertEqual(k.name, 'key2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2225
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2226 form = dict(rows='id,name\n1,key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2227 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2228 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2229 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2230 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2231 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2232 self.assertEqual(k.name, 'key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2233 self.assertEqual(self.db.keyword.is_retired('2'), True)
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2234
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2235 form = dict(rows='id,name\n1,newkey1\n2,newkey2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2236 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2237 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2238 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2239 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2240 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2241 self.assertEqual(k.name, 'newkey1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2242 k = self.db.keyword.getnode('2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2243 self.assertEqual(k.name, 'newkey2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2244
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2245 def testRegisterActionDelay(self):
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2246 from roundup.cgi.timestamp import pack_timestamp
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2247
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2248 # need to set SENDMAILDEBUG to prevent
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2249 # downstream issue when email is sent on successful
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2250 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
2251 # just to make sure that some other test looking for
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2252 # SENDMAILDEBUG won't trip over ours.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2253 if 'SENDMAILDEBUG' not in os.environ:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2254 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2255 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2256
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2257 # missing opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2258 cl = self._make_client({'username':'new_user1', 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2259 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2260 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2261 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2262 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2263 self.assertEqual(cm.exception.args,
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2264 ('Form is corrupted, missing: opaqueregister.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2265
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2266 # broken/invalid opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2267 # strings chosen to generate:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2268 # binascii.Error Incorrect padding
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2269 # struct.error requires a string argument of length 4
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2270 cl = self._make_client({'username':'new_user1',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2271 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2272 '@confirm@password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2273 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2274 'opaqueregister': 'zzz' },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2275 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2276 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2277 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2278 self.assertEqual(cm.exception.args, ('Form is corrupted.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2279
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2280 cl = self._make_client({'username':'new_user1',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2281 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2282 '@confirm@password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2283 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2284 'opaqueregister': 'xyzzyzl=' },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2285 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2286 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2287 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2288 self.assertEqual(cm.exception.args, ('Form is corrupted.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2289
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2290 # valid opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2291 cl = self._make_client({'username':'new_user1', 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2292 '@confirm@password':'secret', 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2293 'opaqueregister': pack_timestamp() },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2294 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2295 # submitted too fast, so raises error
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2296 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2297 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2298 self.assertEqual(cm.exception.args,
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2299 ('Responding to form too quickly.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2300
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2301 sleep(4.1) # sleep as requested so submit will take long enough
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2302 self.assertRaises(Redirect, actions.RegisterAction(cl).handle)
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2303
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2304 # FIXME check that email output makes sense at some point
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2305
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2306 # clean up from email log
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2307 if os.path.exists(SENDMAILDEBUG):
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2308 os.remove(SENDMAILDEBUG)
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2309
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2310 def testRegisterActionUnusedUserCheck(self):
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2311 # need to set SENDMAILDEBUG to prevent
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2312 # downstream issue when email is sent on successful
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2313 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
2314 # just to make sure that some other test looking for
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2315 # SENDMAILDEBUG won't trip over ours.
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2316 if 'SENDMAILDEBUG' not in os.environ:
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2317 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2318 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2319
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2320 nodeid = self.db.user.create(username='iexist',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2321 password=password.Password('foo'))
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2322
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2323 # enable check and remove delay time
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2324 self.db.config.WEB_REGISTRATION_PREVALIDATE_USERNAME = 1
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2325 self.db.config.WEB_REGISTRATION_DELAY = 0
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2326
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2327 # Make a request with existing user. Use iexist.
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2328 # do not need opaqueregister as we have disabled the delay check
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2329 cl = self._make_client({'username':'iexist', 'password':'secret',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2330 '@confirm@password':'secret', 'address':'iexist@bork.bork'},
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2331 nodeid=None, userid='2')
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2332 with self.assertRaises(Reject) as cm:
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2333 actions.RegisterAction(cl).handle()
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2334 self.assertEqual(cm.exception.args,
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2335 ("Username 'iexist' is already used.",))
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2336
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2337 cl = self._make_client({'username':'i-do@not.exist',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2338 'password':'secret',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2339 '@confirm@password':'secret', 'address':'iexist@bork.bork'},
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2340 nodeid=None, userid='2')
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2341 self.assertRaises(Redirect, actions.RegisterAction(cl).handle)
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2342
5978
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2343 # clean up from email log
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2344 if os.path.exists(SENDMAILDEBUG):
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2345 os.remove(SENDMAILDEBUG)
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2346
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2347 def testserve_static_files(self):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2348 # make a client instance
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2349 cl = self._make_client({})
6651
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
2350 # Make local copy in cl to not modify value in class
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
2351 cl.Cache_Control = copy.copy (cl.Cache_Control)
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2352
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2353 # hijack _serve_file so I can see what is found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2354 output = []
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2355 def my_serve_file(a, b, c, d):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2356 output.append((a,b,c,d))
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2357 cl._serve_file = my_serve_file
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2358
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2359 # check case where file is not found.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2360 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2361 cl.serve_static_file,"missing.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2362
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2363 # TEMPLATES dir is searched by default. So this file exists.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2364 # Check the returned values.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2365 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2366 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2367 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2368 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2369
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2370 # stop searching TEMPLATES for the files.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2371 cl.instance.config['STATIC_FILES'] = '-'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2372 # previously found file should not be found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2373 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2374 cl.serve_static_file,"issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2375
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2376 # explicitly allow html directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2377 cl.instance.config['STATIC_FILES'] = 'html -'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2378 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2379 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2380 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2381 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2382
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2383 # set the list of files and do not look at the templates directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2384 cl.instance.config['STATIC_FILES'] = 'detectors extensions - '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2385
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2386 # find file in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2387 cl.serve_static_file("messagesummary.py")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2388 self.assertEqual(output[0][1], "text/x-python")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2389 self.assertEqual(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2390 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2391
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2392 # find file in second directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2393 cl.serve_static_file("README.txt")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2394 self.assertEqual(output[0][1], "text/plain")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2395 self.assertEqual(output[0][3], "_test_cgi_form/extensions/README.txt")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2396 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2397
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2398 # make sure an embedded - ends the searching.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2399 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2400 self.assertRaises(NotFound, cl.serve_static_file, "README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2401
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2402 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2403 self.assertRaises(NotFound, cl.serve_static_file, "issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2404
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2405 # create an empty README.txt in the first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2406 f = open('_test_cgi_form/detectors/README.txt', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2407 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2408 cl.serve_static_file("README.txt")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2409 self.assertEqual(output[0][1], "text/plain")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2410 self.assertEqual(output[0][3], "_test_cgi_form/detectors/README.txt")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2411 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2412
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2413 cl.instance.config['STATIC_FILES'] = ' detectors extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2414 # make sure lack of trailing - allows searching TEMPLATES
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2415 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2416 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2417 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2418 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2419
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2420 # Make STATIC_FILES a single element.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2421 cl.instance.config['STATIC_FILES'] = 'detectors'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2422 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2423 cl.serve_static_file("messagesummary.py")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2424 self.assertEqual(output[0][1], "text/x-python")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2425 self.assertEqual(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2426 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2427
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2428 # make sure files found in subdirectory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2429 os.mkdir('_test_cgi_form/detectors/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2430 f = open('_test_cgi_form/detectors/css/README.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2431 # use subdir in filename
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2432 cl.serve_static_file("css/README.css")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2433 self.assertEqual(output[0][1], "text/css")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2434 self.assertEqual(output[0][3], "_test_cgi_form/detectors/css/README.css")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2435 del output[0] # reset output buffer
5980
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2436
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2437 cl.Cache_Control['text/css'] = 'public, max-age=3600'
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2438 # use subdir in static files path
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2439 cl.instance.config['STATIC_FILES'] = 'detectors html/css'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2440 os.mkdir('_test_cgi_form/html/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2441 f = open('_test_cgi_form/html/css/README1.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2442 cl.serve_static_file("README1.css")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2443 self.assertEqual(output[0][1], "text/css")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2444 self.assertEqual(output[0][3], "_test_cgi_form/html/css/README1.css")
5980
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2445 self.assertTrue( "Cache-Control" in cl.additional_headers )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2446 self.assertEqual( cl.additional_headers,
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2447 {'Cache-Control': 'public, max-age=3600'} )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2448 del output[0] # reset output buffer
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2449
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2450 cl.Cache_Control['README1.css'] = 'public, max-age=60'
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2451 cl.serve_static_file("README1.css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2452 self.assertEqual(output[0][1], "text/css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2453 self.assertEqual(output[0][3], "_test_cgi_form/html/css/README1.css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2454 self.assertTrue( "Cache-Control" in cl.additional_headers )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2455 self.assertEqual( cl.additional_headers,
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2456 {'Cache-Control': 'public, max-age=60'} )
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2457 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2458
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2459
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2460 def testRoles(self):
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2461 cl = self._make_client({})
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2462 self.db.user.set('1', roles='aDmin, uSer')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2463 item = HTMLItem(cl, 'user', '1')
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2464 self.assertTrue(item.hasRole('Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2465 self.assertTrue(item.hasRole('User'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2466 self.assertTrue(item.hasRole('AdmiN'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2467 self.assertTrue(item.hasRole('UseR'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2468 self.assertTrue(item.hasRole('UseR','Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2469 self.assertTrue(item.hasRole('UseR','somethingelse'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2470 self.assertTrue(item.hasRole('somethingelse','Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2471 self.assertTrue(not item.hasRole('userr'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2472 self.assertTrue(not item.hasRole('adminn'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2473 self.assertTrue(not item.hasRole(''))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2474 self.assertTrue(not item.hasRole(' '))
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2475 self.db.user.set('1', roles='')
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2476 self.assertTrue(not item.hasRole(''))
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2477
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2478 def testCSVExportCharset(self):
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2479 cl = self._make_client(
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2480 {'@columns': 'id,title,status,keyword,assignedto,nosy'},
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2481 nodeid=None, userid='1')
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2482 cl.classname = 'issue'
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2483
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2484 demo_id=self.db.user.create(username='demo', address='demo@test.test',
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2485 roles='User', realname='demo')
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2486 self.db.issue.create(title=b2s(b'foo1\xc3\xa4'), status='2', assignedto='4', nosy=['3',demo_id])
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2487
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2488 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2489 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2490 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2491 # call export version that outputs names
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2492 actions.ExportCSVAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2493 should_be=(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2494 b'"1","foo1\xc3\xa4","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo"\r\n')
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2495 self.assertEqual(output.getvalue(), should_be)
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2496
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2497 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2498 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2499 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2500 # call export version that outputs id numbers
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2501 actions.ExportCSVWithIdAction(cl).handle()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2502 print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2503 self.assertEqual(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2504 b"\"1\",\"foo1\xc3\xa4\",\"2\",\"[]\",\"4\",\"['3', '4', '5']\"\r\n",
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2505 output.getvalue())
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2506
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2507 # again with ISO-8859-1 client charset
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2508 cl.charset = 'iso8859-1'
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2509 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2510 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2511 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2512 # call export version that outputs names
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2513 actions.ExportCSVAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2514 should_be=(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2515 b'"1","foo1\xe4","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo"\r\n')
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2516 self.assertEqual(output.getvalue(), should_be)
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2517
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2518 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2519 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2520 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2521 # call export version that outputs id numbers
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2522 actions.ExportCSVWithIdAction(cl).handle()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2523 print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2524 self.assertEqual(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2525 b"\"1\",\"foo1\xe4\",\"2\",\"[]\",\"4\",\"['3', '4', '5']\"\r\n",
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2526 output.getvalue())
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2527
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2528 def testCSVExportBadColumnName(self):
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2529 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2530 userid='1')
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2531 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2532 output = io.BytesIO()
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2533 cl.request = MockNull()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2534 cl.request.wfile = output
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2535 self.assertRaises(exceptions.NotFound,
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2536 actions.ExportCSVAction(cl).handle)
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2537
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2538 def testCSVExportFailPermissionBadColumn(self):
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2539 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2540 userid='2')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2541 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2542 output = io.BytesIO()
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2543 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2544 cl.request.wfile = output
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2545 # used to be self.assertRaises(exceptions.Unauthorised,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2546 # but not acting like the column name is not found
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2547 # see issue2550755 - should this return Unauthorised?
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2548 # The unauthorised user should never get to the point where
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2549 # they can determine if the column name is valid or not.
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2550 self.assertRaises(exceptions.NotFound,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2551 actions.ExportCSVAction(cl).handle)
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2552
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2553 def testCSVExportFailPermissionValidColumn(self):
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2554 passwd=password.Password('foo')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2555 demo_id=self.db.user.create(username='demo', address='demo@test.test',
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2556 roles='User', realname='demo',
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2557 password=passwd)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2558 cl = self._make_client({'@columns': 'id,username,address,password'},
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2559 nodeid=None, userid=demo_id)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2560 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2561 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2562 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2563 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2564 # used to be self.assertRaises(exceptions.Unauthorised,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2565 # but not acting like the column name is not found
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2566
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2567 actions.ExportCSVAction(cl).handle()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2568 #print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2569 self.assertEqual(s2b('"id","username","address","password"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2570 '"1","admin","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2571 '"2","anonymous","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2572 '"3","Chef","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2573 '"4","mary","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2574 '"5","demo","demo@test.test","%s"\r\n'%(passwd)),
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2575 output.getvalue())
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2576
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2577 def testCSVExportWithId(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2578 cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2579 userid='1')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2580 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2581 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2582 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2583 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2584 actions.ExportCSVWithIdAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2585 self.assertEqual(s2b('"id","name"\r\n"1","unread"\r\n"2","deferred"\r\n"3","chatting"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2586 '"4","need-eg"\r\n"5","in-progress"\r\n"6","testing"\r\n"7","done-cbb"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2587 '"8","resolved"\r\n'),
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2588 output.getvalue())
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2589
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2590 def testCSVExportWithIdBadColumnName(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2591 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2592 userid='1')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2593 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2594 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2595 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2596 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2597 self.assertRaises(exceptions.NotFound,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2598 actions.ExportCSVWithIdAction(cl).handle)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2599
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2600 def testCSVExportWithIdFailPermissionBadColumn(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2601 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2602 userid='2')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2603 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2604 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2605 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2606 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2607 # used to be self.assertRaises(exceptions.Unauthorised,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2608 # but not acting like the column name is not found
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2609 # see issue2550755 - should this return Unauthorised?
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2610 # The unauthorised user should never get to the point where
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2611 # they can determine if the column name is valid or not.
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2612 self.assertRaises(exceptions.NotFound,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2613 actions.ExportCSVWithIdAction(cl).handle)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2615 def testCSVExportWithIdFailPermissionValidColumn(self):
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2616 cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2617 userid='2')
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2618 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2619 output = io.BytesIO()
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2620 cl.request = MockNull()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2621 cl.request.wfile = output
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2622 # used to be self.assertRaises(exceptions.Unauthorised,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2623 # but not acting like the column name is not found
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2624 self.assertRaises(exceptions.Unauthorised,
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2625 actions.ExportCSVWithIdAction(cl).handle)
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2626
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2627 class TemplateHtmlRendering(unittest.TestCase, testFtsQuery):
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2628 ''' try to test the rendering code for tal '''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2629 def setUp(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2630 self.dirname = '_test_template'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2631 # set up and open a tracker
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2632 self.instance = setupTracker(self.dirname)
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2633
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2634 # open the database
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2635 self.db = self.instance.open('admin')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2636 self.db.tx_Source = "web"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2637 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2638 realname='Bork, Chef', roles='User')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2639 self.db.user.create(username='mary', address='mary@test.test',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2640 roles='User', realname='Contrary, Mary')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2641 self.db.post_init()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2642
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2643 # create a client instance and hijack write_html
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2644 self.client = client.Client(self.instance, "user",
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2645 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2646 form=db_test_base.makeForm({"@template": "item"}))
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2647
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2648 self.client._error_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2649 self.client._ok_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2650 self.client.db = self.db
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2651 self.client.userid = '1'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2652 self.client.language = ('en',)
5208
23b8eeaf9864 fixing some tests due to changes to classic template by adding anti-csrf code
John Rouillard <rouilj@ieee.org>
parents: 5203
diff changeset
2653 self.client.session_api = MockNull(_sid="1234567890")
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2654
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2655 self.output = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2656 # ugly hack to get html_write to return data here.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2657 def html_write(s):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2658 self.output.append(s)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2659
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2660 # hijack html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2661 self.client.write_html = html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2662
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2663 self.db.issue.create(title='foo')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2664
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2665 def tearDown(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2666 self.db.close()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2667 try:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2668 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5231
diff changeset
2669 except OSError as error:
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2670 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2671
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2672 def testrenderFrontPage(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2673 self.client.renderFrontPage("hello world RaNdOmJunk")
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2674 # make sure we can find the "hello world RaNdOmJunk"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2675 # message in the output.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2676 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2677 self.output[0].index('<p class="error-message">hello world RaNdOmJunk <br/ > </p>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2678 # make sure we can find issue 1 title foo in the output
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2679 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2680 self.output[0].index('<a href="issue1">foo</a>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2681
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2682 # make sure we can find the last SHA1 sum line at the end of the
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2683 # page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2684 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2685 self.output[0].index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2686
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2687 def testRenderError(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2688 # set up the client;
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2689 # run determine_context to set the required client attributes
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2690 # run renderError(); check result for proper page
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2691
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2692 self.client.form=db_test_base.makeForm({})
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2693 self.client.path = ''
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2694 self.client.determine_context()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2695
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2696 error = "Houston, we have a problem"
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2697
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2698
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2699 # template rendering will fail and return fallback html
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2700 out = self.client.renderError(error, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2701
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2702 expected_fallback = (
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2703 '\n<html><head><title>Roundup issue tracker: '
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2704 'An error has occurred</title>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2705 ' <link rel="stylesheet" type="text/css" href="@@file/style.css">\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2706 '</head>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2707 '<body class="body" marginwidth="0" marginheight="0">\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2708 ' <p class="error-message">Houston, we have a problem</p>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2709 '</body></html>\n')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2710
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2711 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2712 self.assertIn(error, self.client._error_message)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2713 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2714
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2715 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2716 # Set this so template rendering works.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2717 self.client.classname = 'issue'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2718
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2719 out = self.client.renderError("Houston, we have a problem", 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2720 # match hard coded line in 404 template
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2721 expected = ('There is no <span>issue</span> with id')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2722
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2723 self.assertIn(expected, out)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2724 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2725
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2726
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2727 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2728 # disable template use get fallback
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2729 out = self.client.renderError("Houston, we have a problem", 404,
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2730 use_template=False)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2731
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2732 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2733 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2734
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2735 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2736 # no 400 template (default 2nd param) so we get fallback
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2737 out = self.client.renderError("Houston, we have a problem")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2738 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2739 self.assertIn(error, self.client._error_message)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2740 self.assertEqual(self.client.response_code, 400)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2741
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2742 def testrenderContext(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2743 # set up the client;
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2744 # run determine_context to set the required client attributes
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2745 # run renderContext(); check result for proper page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2746
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2747 # this will generate the default home page like
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2748 # testrenderFrontPage
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2749 self.client.form=db_test_base.makeForm({})
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2750 self.client.path = ''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2751 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2752 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), (None, '', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2753 self.assertEqual(self.client._ok_message, [])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2754
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2755 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2756 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2757 result.index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2758
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2759 # now look at the user index page
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2760 self.client.form=db_test_base.makeForm(
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2761 { "@ok_message": "ok message", "@template": "index"})
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2762 self.client.path = 'user'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2763 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2764 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'index', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2765 self.assertEqual(self.client._ok_message, ['ok message'])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2766
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2767 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2768 self.assertNotEqual(-1, result.index('<title>User listing - Roundup issue tracker</title>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2769 self.assertNotEqual(-1, result.index('ok message'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2770 # print result
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2771
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2772 def testRenderAltTemplates(self):
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2773 # check that right page is returned when rendering
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2774 # @template=oktempl|errortmpl
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2775
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2776 # set up the client;
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2777 # run determine_context to set the required client attributes
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2778 # run renderContext(); check result for proper page
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2779
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2780 # Test ok state template that uses user.forgotten.html
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2781 self.client.form=db_test_base.makeForm({"@template": "forgotten|item"})
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2782 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2783 self.client.determine_context()
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
2784 self.client.session_api = MockNull(_sid="1234567890")
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2785 self.assertEqual(
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2786 (self.client.classname, self.client.template, self.client.nodeid),
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2787 ('user', 'forgotten|item', None))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2788 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2789
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2790 result = self.client.renderContext()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
2791 print(result)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
2792 # sha1sum of classic tracker user.forgotten.template must be found
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2793 sha1sum = '<!-- SHA: f93570f95f861da40f9c45bbd2b049bb3a7c0fc5 -->'
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2794 self.assertNotEqual(-1, result.index(sha1sum))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2795
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2796 # now set an error in the form to get error template user.item.html
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2797 self.client.form=db_test_base.makeForm({"@template": "forgotten|item",
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2798 "@error_message": "this is an error"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2799 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2800 self.client.determine_context()
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2801 self.assertEqual(
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2802 (self.client.classname, self.client.template, self.client.nodeid),
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2803 ('user', 'forgotten|item', None))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2804 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2805 self.assertEqual(self.client._error_message, ["this is an error"])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2806
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2807 result = self.client.renderContext()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
2808 print(result)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
2809 # sha1sum of classic tracker user.item.template must be found
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2810 sha1sum = '<!-- SHA: 3b7ce7cbf24f77733c9b9f64a569d6429390cc3f -->'
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2811 self.assertNotEqual(-1, result.index(sha1sum))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2812
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2813
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2814 def testexamine_url(self):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2815 ''' test the examine_url function '''
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2816
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2817 def te(url, exception, raises=ValueError):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2818 with self.assertRaises(raises) as cm:
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2819 examine_url(url)
5453
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2820 self.assertEqual(cm.exception.args, (exception,))
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2821
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2822
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2823 action = actions.Action(self.client)
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2824 examine_url = action.examine_url
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2825
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2826 # Christmas tree url: test of every component that passes
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2827 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2828 examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2829 'http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2830
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2831 # allow replacing http with https if base is http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2832 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2833 examine_url("https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2834 'https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2835
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2836
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2837 # change base to use https and make sure we don't redirect to http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2838 saved_base = action.base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2839 action.base = "https://tracker.example/cgi-bin/roundup.cgi/bugs/"
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2840 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2841 'Base url https://tracker.example/cgi-bin/roundup.cgi/bugs/ requires https. Redirect url http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue uses http.')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2842 action.base = saved_base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2843
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2844 # url doesn't have to be valid to roundup, just has to be contained
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2845 # inside of roundup. No zoik class is defined
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2846 self.assertEqual(examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue"), "http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue")
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2847
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2848 # test with wonky schemes
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2849 te("email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2850 'Unrecognized scheme in email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2851
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2852 te("http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Unrecognized scheme in http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2853
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2854 # test different netloc/path prefix
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2855 # assert port
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2856 te("http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",'Net location in http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2857
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2858 #assert user
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2859 te("http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2860
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2861 #assert user:password
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2862 te("http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2863
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2864 # try localhost http scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2865 te("http://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in http://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2866
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2867 # try localhost https scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2868 te("https://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in https://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2869
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2870 # try different host
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2871 te("http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2872
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2873 # change the base path to .../bug from .../bugs
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2874 te("http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2875
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2876 # change the base path eliminate - in cgi-bin
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2877 te("http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue",'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2878
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2879
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2880 # scan for unencoded characters
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2881 # we skip schema and net location since unencoded character
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2882 # are allowed only by an explicit match to a reference.
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2883 #
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2884 # break components with unescaped character '<'
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2885 # path component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2886 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue", 'Path component (/cgi-bin/roundup.cgi/bugs/<user3) in http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2887
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2888 # params component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2889 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue", 'Params component (parm=b<ar) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2890
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2891 # query component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2892 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue", 'Query component (@template=<foo>&parm=(zot)) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2893
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2894 # fragment component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2895 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue", 'Fragment component (iss<ue) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2896
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2897 class TemplateTestCase(unittest.TestCase):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2898 ''' Test the template resolving code, i.e. what can be given to @template
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2899 '''
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2900 def setUp(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2901 self.dirname = '_test_template'
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2902 # set up and open a tracker
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2903 self.instance = setupTracker(self.dirname)
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2904
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2905 # open the database
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2906 self.db = self.instance.open('admin')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2907 self.db.tx_Source = "web"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2908 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2909 realname='Bork, Chef', roles='User')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2910 self.db.user.create(username='mary', address='mary@test.test',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2911 roles='User', realname='Contrary, Mary')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2912 self.db.post_init()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2913
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2914 def tearDown(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2915 self.db.close()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2916 try:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2917 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5231
diff changeset
2918 except OSError as error:
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2919 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2920
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2921 def testTemplateSubdirectory(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2922 # test for templates in subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2923
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2924 # make the directory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2925 subdir = self.dirname + "/html/subdir"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2926 os.mkdir(subdir)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2927
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2928 # get the client instance The form is needed to initialize,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2929 # but not used since I call selectTemplate directly.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2930 t = client.Client(self.instance, "user",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2931 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2932 form=db_test_base.makeForm({"@template": "item"}))
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2933
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2934 # create new file in subdir and a dummy file outside of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2935 # the tracker's html subdirectory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2936 shutil.copyfile(self.dirname + "/html/issue.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2937 subdir + "/issue.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2938 shutil.copyfile(self.dirname + "/html/user.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2939 self.dirname + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2940
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2941 # create link outside the html subdir. This should fail due to
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2942 # path traversal check.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2943 os.symlink("../../user.item.html", subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2944 # it will be removed and replaced by a later test
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2945
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2946 # make sure a simple non-subdir template works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2947 # user.item.html exists so this works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2948 # note that the extension is not included just the basename
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2949 self.assertEqual("user.item", t.selectTemplate("user", "item"))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2950
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2951
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2952 # make sure home templates work
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2953 self.assertEqual("home", t.selectTemplate(None, ""))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2954 self.assertEqual("home.classlist", t.selectTemplate(None, "classlist"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2955
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2956 # home.item doesn't exist should return _generic.item.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2957 self.assertEqual("_generic.item", t.selectTemplate(None, "item"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2958
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2959 # test case where there is no view so generic template can't
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2960 # be determined.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2961 with self.assertRaises(NoTemplate) as cm:
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2962 t.selectTemplate("user", "")
5453
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2963 self.assertEqual(cm.exception.args,
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2964 ('''Template "user" doesn't exist''',))
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2965
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2966 # there is no html/subdir/user.item.{,xml,html} so it will
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2967 # raise NoTemplate.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2968 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2969 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2970
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2971 # there is an html/subdir/issue.item.html so this succeeeds
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2972 r = t.selectTemplate("issue", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2973 self.assertEqual("subdir/issue.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2974
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2975 # there is a self.directory + /html/subdir/user.item.html file,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2976 # but it is a link to self.dir /user.item.html which is outside
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2977 # the html subdir so is rejected by the path traversal check.
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2978 # Prefer NoTemplate here, or should the code be changed to
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2979 # report a new PathTraversal exception? Could the PathTraversal
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2980 # exception leak useful info to an attacker??
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2981 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2982 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2983
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2984 # clear out the link and create a new one to self.dirname +
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2985 # html/user.item.html which is inside the html subdir
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2986 # so the template check returns the symbolic link path.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2987 os.remove(subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2988 os.symlink("../user.item.html", subdir + "/user.item.xml")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2989
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2990 # template check works
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2991 r = t.selectTemplate("user", "subdir/item")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2992 self.assertEqual("subdir/user.item", r)
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2993
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
2994 class SqliteNativeFtsCgiTest(unittest.TestCase, testFtsQuery, testCsvExport):
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2995 """All of the rest of the tests use anydbm as the backend.
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2996 In addtion to normal fts test, this class tests renderError
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2997 when renderContext fails.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2998 Triggering this error requires the native-fts backend for
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2999 the sqlite db.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3000 """
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3001
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3002 def setUp(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3003 self.dirname = '_test_template'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3004 # set up and open a tracker
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3005 self.instance = setupTracker(self.dirname, backend="sqlite")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3006
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3007 self.instance.config.INDEXER = "native-fts"
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3008
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3009 # open the database
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3010 self.db = self.instance.open('admin')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3011 self.db.tx_Source = "web"
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3012 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3013 realname='Bork, Chef', roles='User')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3014 self.db.user.create(username='mary', address='mary@test.test',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3015 roles='User', realname='Contrary, Mary')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3016 self.db.post_init()
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3017
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3018 # create a client instance and hijack write_html
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3019 self.client = client.Client(self.instance, "user",
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3020 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3021 form=db_test_base.makeForm({"@template": "item"}))
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3022
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3023 self.client._error_message = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3024 self.client._ok_message = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3025 self.client.db = self.db
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3026 self.client.userid = '1'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3027 self.client.language = ('en',)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3028 self.client.session_api = MockNull(_sid="1234567890")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3029
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3030 self.output = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3031 # ugly hack to get html_write to return data here.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3032 def html_write(s):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3033 self.output.append(s)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3034
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3035 # hijack html_write
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3036 self.client.write_html = html_write
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3037
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3038 def tearDown(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3039 self.db.close()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3040 try:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3041 shutil.rmtree(self.dirname)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3042 except OSError as error:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3043 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3044
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3045 def testRenderContextBadFtsQuery(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3046 # only test for sqlite
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3047 if self.db.dbtype not in [ "sqlite" ]:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3048 pytest.skip("Not tested for backends without native FTS")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3049
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3050 # generate a bad fts query
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3051 self.client.form=db_test_base.makeForm(
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3052 { "@ok_message": "ok message", "@template": "index",
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3053 "@search_text": "foo-bar"})
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3054 self.client.path = 'issue'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3055 self.client.determine_context()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3056
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3057 result = self.client.renderContext()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3058
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3059 expected = '\n<html><head><title>Roundup issue tracker: An error has occurred</title>\n <link rel="stylesheet" type="text/css" href="@@file/style.css">\n</head>\n<body class="body" marginwidth="0" marginheight="0">\n <p class="error-message">Search failed. Try quoting any terms that include a \'-\' and retry the search.</p>\n</body></html>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3060
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3061 self.assertEqual(result, expected)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3062 self.assertEqual(self.client.response_code, 400)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3063
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3064 #
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3065 # SECURITY
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3066 #
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3067 # XXX test all default permissions
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3068 def _make_client(self, form, classname='user', nodeid='1',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3069 userid='2', template='item'):
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3070 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3071 'REQUEST_METHOD':'POST'}, db_test_base.makeForm(form))
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3072 cl.classname = classname
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3073 if nodeid is not None:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3074 cl.nodeid = nodeid
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3075 cl.db = self.db
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
3076 cl.db.Otk = cl.db.getOTKManager()
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3077 #cl.db.Otk = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3078 #cl.db.Otk.data = {}
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3079 #cl.db.Otk.getall = self.data_get
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3080 #cl.db.Otk.set = self.data_set
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3081 cl.userid = userid
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3082 cl.language = ('en',)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3083 cl._error_message = []
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3084 cl._ok_message = []
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3085 cl.template = template
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3086 return cl
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3087
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3088 def testCSVExportSearchError(self):
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3089 # test full text search
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3090 cl = self._make_client(
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3091 {'@columns': 'id,title,status,keyword,assignedto,nosy',
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3092 "@search_text": "foo + ^bar2"}, nodeid=None, userid='1')
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3093 cl.classname = 'issue'
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3094 output = io.BytesIO()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3095 cl.request = MockNull()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3096 cl.request.wfile = output
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3097
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3098 # note NotFound isn't quite right. however this exception
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3099 # passes up the stack to where it is handled with a suitable
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3100 # display of the error.
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3101 # call export version that outputs names
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3102 with self.assertRaises(NotFound) as cm:
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3103 actions.ExportCSVAction(cl).handle()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3104
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3105 # call export version that outputs id numbers
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3106 with self.assertRaises(NotFound) as cm:
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3107 actions.ExportCSVWithIdAction(cl).handle()
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3108
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3109 class SqliteNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3110 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3111 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3112 Run with sqlite and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3113 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3114
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3115 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3116 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3117 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3118 self.instance = setupTracker(self.dirname, backend="sqlite")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3119
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3120 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3121
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3122 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3123 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3124 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3125
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3126 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3127 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3128 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3129 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3130
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3131 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3132 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3133 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3134 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3135 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3136 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3137
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3138 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3139 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3140 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3141 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3142
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3143 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3144 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3145
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3146 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3147 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3148 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3149 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3150 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3151 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3152
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3153 @skip_postgresql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3154 class PostgresqlNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3155 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3156 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3157 Run with postgresql and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3158 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3159
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3160 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3161 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3162 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3163 self.instance = setupTracker(self.dirname, backend="postgresql")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3164
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3165 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3166
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3167 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3168 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3169 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3170
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3171 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3172 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3173 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3174 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3175
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3176 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3177 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3178 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3179 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3180 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3181 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3182
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3183 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3184 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3185 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3186 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3187
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3188 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3189 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3190
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3191 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3192 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3193 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3194 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3195 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3196 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3197
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3198 @skip_mysql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3199 class MysqlNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3200 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3201 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3202 Run with mysql and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3203 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3204
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3205 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3206 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3207 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3208 self.instance = setupTracker(self.dirname, backend="mysql")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3209
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3210 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3211
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3212 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3213 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3214 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3215
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3216 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3217 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3218 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3219 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3220
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3221 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3222 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3223 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3224 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3225 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3226 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3227
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3228 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3229 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3230 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3231 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3232
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3233 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3234 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3235
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3236 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3237 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3238 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3239 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3240 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3241 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3242
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
3243 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/