Mercurial > p > roundup > code

annotate test/test_cgi.py @ 7478:e8d2a4bca16a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update index. Add "track your issues your way" tag line and... Add description of benefits to some of the noteworthy changes. Add GTD "thing management" from old email in the 1.6 time period. Reverse order of fast gratification so source directory is first then venv install. Match the first line that says you don't have to install.
author John Rouillard <rouilj@ieee.org>
date Sun, 11 Jun 2023 21:32:46 -0400
parents 8b2287d850c8
children 978285986b2c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 # Copyright (c) 2003 Richard Jones, rjones@ekit-inc.com
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # This module is free software, and you may redistribute it and/or modify
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # under the same terms as Python, so long as this copyright message and
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # disclaimer are retained in their original form.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 #
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # This module is distributed in the hope that it will be useful,
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
11 from __future__ import print_function
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
12 import unittest, os, shutil, errno, sys, difflib, cgi, re, io
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
14 import pytest
6651
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
15 import copy
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
16
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
17 from roundup.cgi import client, actions, exceptions
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
18 from roundup.cgi.exceptions import FormError, NotFound, Redirect
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
19 from roundup.exceptions import UsageError, Reject
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
20 from roundup.cgi.templating import HTMLItem, HTMLRequest, NoTemplate
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
21 from roundup.cgi.templating import HTMLProperty, _HTMLItem, anti_csrf_nonce
2027
45ad02759998 test fixes
Richard Jones <richard@users.sourceforge.net>
parents: 2004
diff changeset
22 from roundup.cgi.form_parser import FormParser
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
23 from roundup import init, instance, password, hyperdb, date
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
24 from roundup.anypy.strings import u2s, b2s, s2b
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6268
diff changeset
25 from roundup.test.tx_Source_detector import init as tx_Source_init
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
27 from time import sleep
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
28
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
29 # For testing very simple rendering
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
30 from roundup.cgi.engine_zopetal import RoundupPageTemplate
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
31
6366
f2c31f5ec50b Move mocknull from test to roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6361
diff changeset
32 from roundup.test.mocknull import MockNull
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
33
5388
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
34 from . import db_test_base
d26921b851c3 Python 3 preparation: make relative imports explicit.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5385
diff changeset
35 from .db_test_base import FormTestParent, setupTracker, FileUpload
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
36 from .cmp_helper import StringFragmentCmpHelper
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
37 from .test_postgresql import skip_postgresql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
38 from .test_mysql import skip_mysql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
39
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
40
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
41 class FileList:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
42 def __init__(self, name, *files):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
43 self.name = name
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
44 self.files = files
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
45 def items (self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
46 for f in self.files:
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
47 yield (self.name, f)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
48
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
49 class testFtsQuery(object):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
50
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
51 def testRenderContextFtsQuery(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
52 self.db.issue.create(title='i1 is found', status="chatting")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
53
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
54 self.client.form=db_test_base.makeForm(
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
55 { "@ok_message": "ok message", "@template": "index",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
56 "@search_text": "found"})
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
57 self.client.path = 'issue'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
58 self.client.determine_context()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
59
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
60 result = self.client.renderContext()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
61
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
62 expected = '">i1 is found</a>'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
63
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
64 self.assertIn(expected, result)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
65 self.assertEqual(self.client.response_code, 200)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
66
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
67 cm = client.add_message
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
68 class MessageTestCase(unittest.TestCase):
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
69 # Note: Escaping is now handled on a message-by-message basis at a
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
70 # point where we still know what generates a message. In this way we
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
71 # can decide when to escape and when not. We test the add_message
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
72 # routine here.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
73 # Of course we won't catch errors in judgement when to escape here
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
74 # -- but at the time of this change only one message is not escaped.
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
75 def testAddMessageOK(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
76 self.assertEqual(cm([],'a\nb'), ['a<br />\nb'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
77 self.assertEqual(cm([],'a\nb\nc\n'), ['a<br />\nb<br />\nc<br />\n'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
78
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
79 def testAddMessageBAD(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
80 self.assertEqual(cm([],'<script>x</script>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
81 ['&lt;script&gt;x&lt;/script&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
82 self.assertEqual(cm([],'<iframe>x</iframe>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
83 ['&lt;iframe&gt;x&lt;/iframe&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
84 self.assertEqual(cm([],'<<script >>alert(42);5<</script >>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
85 ['&lt;&lt;script &gt;&gt;alert(42);5&lt;&lt;/script &gt;&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
86 self.assertEqual(cm([],'<a href="y">x</a>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
87 ['&lt;a href="y"&gt;x&lt;/a&gt;'])
5805
39a5f40ae4d4 Extra test of < and > inside quotes.
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
88 self.assertEqual(cm([],'<a href="<y>">x</a>'),
39a5f40ae4d4 Extra test of < and > inside quotes.
John Rouillard <rouilj@ieee.org>
parents: 5794
diff changeset
89 ['&lt;a href="&lt;y&gt;"&gt;x&lt;/a&gt;'])
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
90 self.assertEqual(cm([],'<A HREF="y">x</A>'),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
91 ['&lt;A HREF="y"&gt;x&lt;/A&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
92 self.assertEqual(cm([],'<br>x<br />'), ['&lt;br&gt;x&lt;br /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
93 self.assertEqual(cm([],'<i>x</i>'), ['&lt;i&gt;x&lt;/i&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
94 self.assertEqual(cm([],'<b>x</b>'), ['&lt;b&gt;x&lt;/b&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
95 self.assertEqual(cm([],'<BR>x<BR />'), ['&lt;BR&gt;x&lt;BR /&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
96 self.assertEqual(cm([],'<I>x</I>'), ['&lt;I&gt;x&lt;/I&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
97 self.assertEqual(cm([],'<B>x</B>'), ['&lt;B&gt;x&lt;/B&gt;'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
98
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
99 def testAddMessageNoEscape(self):
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
100 self.assertEqual(cm([],'<i>x</i>',False), ['<i>x</i>'])
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
101 self.assertEqual(cm([],'<i>x</i>\n<b>x</b>',False),
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
102 ['<i>x</i><br />\n<b>x</b>'])
1684
b87c40d1b8fb fix hackish message escaping [SF#757128]
Richard Jones <richard@users.sourceforge.net>
parents: 1631
diff changeset
103
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
104 class testCsvExport(object):
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
105
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
106 def testCSVExportBase(self):
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
107 cl = self._make_client(
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
108 {'@columns': 'id,title,status,keyword,assignedto,nosy,creation'},
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
109 nodeid=None, userid='1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
110 cl.classname = 'issue'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
111
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
112 demo_id=self.db.user.create(username='demo', address='demo@test.test',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
113 roles='User', realname='demo')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
114 key_id1=self.db.keyword.create(name='keyword1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
115 key_id2=self.db.keyword.create(name='keyword2')
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
116
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
117 originalDate = date.Date
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
118 dummy=date.Date('2000-06-26.00:34:02.0')
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
119 # is a closure the best way to return a static Date object??
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
120 def dummyDate(adate=None):
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
121 def dummyClosure(adate=None, translator=None):
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
122 return dummy
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
123 return dummyClosure
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
124 date.Date = dummyDate()
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
125
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
126 self.db.issue.create(title='foo1', status='2', assignedto='4', nosy=['3',demo_id])
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
127 self.db.issue.create(title='bar2', status='1', assignedto='3', keyword=[key_id1,key_id2])
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
128 self.db.issue.create(title='baz32', status='4')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
129 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
130 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
131 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
132 # call export version that outputs names
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
133 actions.ExportCSVAction(cl).handle()
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
134 should_be=(s2b('"id","title","status","keyword","assignedto","nosy","creation"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
135 '"1","foo1","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo","2000-06-26 00:34"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
136 '"2","bar2","unread","keyword1;keyword2","Bork, Chef","Bork, Chef","2000-06-26 00:34"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
137 '"3","baz32","need-eg","","","","2000-06-26 00:34"\r\n'))
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
138
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
139
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
140 #print(should_be)
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
141 #print(output.getvalue())
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
142 self.assertEqual(output.getvalue(), should_be)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
143 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
144 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
145 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
146 # call export version that outputs id numbers
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
147 actions.ExportCSVWithIdAction(cl).handle()
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
148 should_be = s2b('"id","title","status","keyword","assignedto","nosy","creation"\r\n'
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
149 '''"1","foo1","2","[]","4","['3', '4', '5']","2000-06-26.00:34:02"\r\n'''
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
150 '''"2","bar2","1","['1', '2']","3","['3']","2000-06-26.00:34:02"\r\n'''
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
151 '''"3","baz32","4","[]","None","[]","2000-06-26.00:34:02"\r\n''')
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
152 #print(should_be)
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
153 #print(output.getvalue())
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
154 self.assertEqual(output.getvalue(), should_be)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
155
6601
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
156 # reset the real date command
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
157 date.Date = originalDate
154f286061e2 Add date column to CSV output - test date display code.
John Rouillard <rouilj@ieee.org>
parents: 6600
diff changeset
158
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
159 # test full text search
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
160 # call export version that outputs names
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
161 cl = self._make_client(
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
162 {'@columns': 'id,title,status,keyword,assignedto,nosy',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
163 "@search_text": "bar2"}, nodeid=None, userid='1')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
164 cl.classname = 'issue'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
165 output = io.BytesIO()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
166 cl.request = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
167 cl.request.wfile = output
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
168 actions.ExportCSVAction(cl).handle()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
169 should_be=(s2b('"id","title","status","keyword","assignedto","nosy"\r\n'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
170 '"2","bar2","unread","keyword1;keyword2","Bork, Chef","Bork, Chef"\r\n'))
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
171
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
172 self.assertEqual(output.getvalue(), should_be)
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
173
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
174 # call export version that outputs id numbers
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
175 output = io.BytesIO()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
176 cl.request = MockNull()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
177 cl.request.wfile = output
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
178 actions.ExportCSVWithIdAction(cl).handle()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
179 should_be = s2b('"id","title","status","keyword","assignedto","nosy"\r\n'
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
180 "\"2\",\"bar2\",\"1\",\"['1', '2']\",\"3\",\"['3']\"\r\n")
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
181 self.assertEqual(output.getvalue(), should_be)
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
182
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
183 class FormTestCase(FormTestParent, StringFragmentCmpHelper, testCsvExport, unittest.TestCase):
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
184
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
185 def setUp(self):
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
186 FormTestParent.setUp(self)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
187
6361
58817c3bf471 Fix roundup/test
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6268
diff changeset
188 tx_Source_init(self.db)
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
189
2929
7a8a02646d4e backend is an attribute of tracker instances
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2821
diff changeset
190 test = self.instance.backend.Class(self.db, "test",
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
191 string=hyperdb.String(), number=hyperdb.Number(),
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
192 intval=hyperdb.Integer(), boolean=hyperdb.Boolean(),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
193 link=hyperdb.Link('test'), multilink=hyperdb.Multilink('test'),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
194 date=hyperdb.Date(), messages=hyperdb.Multilink('msg'),
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
195 interval=hyperdb.Interval(), pw=hyperdb.Password() )
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
196
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
197 # compile the labels re
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
198 classes = '|'.join(self.db.classes.keys())
2004
1782fe36e7b8 Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1873
diff changeset
199 self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
200 re.VERBOSE)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
201
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
202 #
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
203 # form label extraction
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
204 #
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
205 def tl(self, s, c, i, a, p):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
206 m = self.FV_SPECIAL.match(s)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
207 self.assertNotEqual(m, None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
208 d = m.groupdict()
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
209 self.assertEqual(d['classname'], c)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
210 self.assertEqual(d['id'], i)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
211 for action in 'required add remove link note file'.split():
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
212 if a == action:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
213 self.assertNotEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
214 else:
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
215 self.assertEqual(d[action], None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
216 self.assertEqual(d['propname'], p)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
217
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
218 def testLabelMatching(self):
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
219 self.tl('<propname>', None, None, None, '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
220 self.tl(':required', None, None, 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
221 self.tl(':confirm:<propname>', None, None, 'confirm', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
222 self.tl(':add:<propname>', None, None, 'add', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
223 self.tl(':remove:<propname>', None, None, 'remove', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
224 self.tl(':link:<propname>', None, None, 'link', '<propname>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
225 self.tl('test1:<prop>', 'test', '1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
226 self.tl('test1:required', 'test', '1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
227 self.tl('test1:add:<prop>', 'test', '1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
228 self.tl('test1:remove:<prop>', 'test', '1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
229 self.tl('test1:link:<prop>', 'test', '1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
230 self.tl('test1:confirm:<prop>', 'test', '1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
231 self.tl('test-1:<prop>', 'test', '-1', None, '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
232 self.tl('test-1:required', 'test', '-1', 'required', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
233 self.tl('test-1:add:<prop>', 'test', '-1', 'add', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
234 self.tl('test-1:remove:<prop>', 'test', '-1', 'remove', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
235 self.tl('test-1:link:<prop>', 'test', '-1', 'link', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
236 self.tl('test-1:confirm:<prop>', 'test', '-1', 'confirm', '<prop>')
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
237 self.tl(':note', None, None, 'note', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
238 self.tl(':file', None, None, 'file', None)
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
239
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
240 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
241 # Empty form
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
242 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
243 def testNothing(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
244 self.assertEqual(self.parseForm({}), ({('test', None): {}}, []))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
245
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
246 def testNothingWithRequired(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
247 self.assertRaises(FormError, self.parseForm, {':required': 'string'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
248 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
249 {':required': 'title,status', 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
250 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
251 {':required': ['title','status'], 'status':'1'}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
252 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
253 {':required': 'status', 'status':''}, 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
254 self.assertRaises(FormError, self.parseForm,
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
255 {':required': 'nosy', 'nosy':''}, 'issue')
3656
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
256 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
257 {':required': 'msg-1@content', 'msg-1@content':''}, 'issue')
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
258 self.assertRaises(FormError, self.parseForm,
0119e04886d8 @required in forms may now specify properties of linked items
Richard Jones <richard@users.sourceforge.net>
parents: 3491
diff changeset
259 {':required': 'msg-1@content'}, 'issue')
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
260
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
261 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
262 # Nonexistant edit
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
263 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
264 def testEditNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
265 self.assertRaises(FormError, self.parseForm, {'boolean': ''},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
266 'test', '1')
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
267
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
268 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
269 # String
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
270 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
271 def testEmptyString(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
272 self.assertEqual(self.parseForm({'string': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
273 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
274 self.assertEqual(self.parseForm({'string': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
275 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
276 self.assertRaises(FormError, self.parseForm, {'string': ['', '']})
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
277
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
278 def testSetString(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
279 self.assertEqual(self.parseForm({'string': 'foo'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
280 ({('test', None): {'string': 'foo'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
281 self.assertEqual(self.parseForm({'string': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
282 ({('test', None): {'string': 'a\nb'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
283 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
284 self.assertEqual(self.parseForm({'title': 'foo'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
285 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
286
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
287 def testEmptyStringSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
288 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
289 self.assertEqual(self.parseForm({'title': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
290 ({('issue', nodeid): {'title': None}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
291 nodeid = self.db.issue.create(title='foo')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
292 self.assertEqual(self.parseForm({'title': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
293 ({('issue', nodeid): {'title': None}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
294
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
295 def testStringLinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
296 self.db.status.set('1', name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
297 self.db.status.set('2', name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
298 issue = self.db.issue.create(title='i1-status1', status='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
299 self.assertEqual(self.db.issue.get(issue,'status'),'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
300 self.assertEqual(self.db.status.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
301 self.assertEqual(self.db.status.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
302 self.assertEqual(self.db.issue.get('1','tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
303 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
304 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
305 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
306 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
307 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
308 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
309 item = HTMLItem(cl, 'issue', issue)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
310 self.assertEqual(item.status.id, '1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
311 self.assertEqual(item.status.name, '2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
312
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
313 def testStringMultilinkId(self):
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
314 id = self.db.keyword.create(name='2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
315 self.assertEqual(id,'1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
316 id = self.db.keyword.create(name='1')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
317 self.assertEqual(id,'2')
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
318 issue = self.db.issue.create(title='i1-status1', keyword=['1'])
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
319 self.assertEqual(self.db.issue.get(issue,'keyword'),['1'])
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
320 self.assertEqual(self.db.keyword.lookup('1'),'2')
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
321 self.assertEqual(self.db.keyword.lookup('2'),'1')
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
322 self.assertEqual(self.db.issue.get(issue,'tx_Source'),'web')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
323 form = cgi.FieldStorage()
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
324 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
325 cl.classname = 'issue'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
326 cl.nodeid = issue
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
327 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
328 cl.language = ('en',)
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
329 cl.userid = '1'
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
330 item = HTMLItem(cl, 'issue', issue)
3904
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
331 for keyword in item.keyword:
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
332 self.assertEqual(keyword.id, '1')
91008ec8f9a0 retire "topic" usage
Justus Pendleton <jpend@users.sourceforge.net>
parents: 3902
diff changeset
333 self.assertEqual(keyword.name, '2')
3859
9e48fda4a41c Added two new tests for Links and Multilinks in HTMLItems:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3777
diff changeset
334
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
335 def testFileUpload(self):
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
336 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
337 self.assertEqual(self.parseForm({'content': file}, 'file'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
338 ({('file', None): {'content': 'foo', 'name': 'foo.txt',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
339 'type': 'text/plain'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
340
5065
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
341 def testSingleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
342 file = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
343 self.assertEqual(self.parseForm({'@file': file}, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
344 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
345 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
346 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
347 [('issue', None, 'files', [('file', '-1')])]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
348
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
349 def testMultipleFileUpload(self):
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
350 f1 = FileUpload('foo', 'foo.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
351 f2 = FileUpload('bar', 'bar.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
352 f3 = FileUpload('baz', 'baz.txt')
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
353 files = FileList('@file', f1, f2, f3)
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
354
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
355 self.assertEqual(self.parseForm(files, 'issue'),
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
356 ({('file', '-1'): {'content': 'foo', 'name': 'foo.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
357 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
358 ('file', '-2'): {'content': 'bar', 'name': 'bar.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
359 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
360 ('file', '-3'): {'content': 'baz', 'name': 'baz.txt',
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
361 'type': 'text/plain'},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
362 ('issue', None): {}},
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
363 [ ('issue', None, 'files', [('file', '-1')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
364 , ('issue', None, 'files', [('file', '-2')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
365 , ('issue', None, 'files', [('file', '-3')])
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
366 ]))
47ab150b7325 Allow multiple file uploads
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5037
diff changeset
367
1734
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
368 def testEditFileClassAttributes(self):
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
369 self.assertEqual(self.parseForm({'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
370 'type': 'application/octet-stream'},
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
371 'file'),
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
372 ({('file', None): {'name': 'foo.txt',
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
373 'type': 'application/octet-stream'}},[]))
5a04969176dc Regression test case to ensure FileClass attribute bug doesn't show up again.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1684
diff changeset
374
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
375 #
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
376 # Link
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
377 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
378 def testEmptyLink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
379 self.assertEqual(self.parseForm({'link': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
380 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
381 self.assertEqual(self.parseForm({'link': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
382 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
383 self.assertRaises(FormError, self.parseForm, {'link': ['', '']})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
384 self.assertEqual(self.parseForm({'link': '-1'}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
385 ({('test', None): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
386
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
387 def testSetLink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
388 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
389 ({('issue', None): {'status': '1'}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
390 self.assertEqual(self.parseForm({'status': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
391 ({('issue', None): {'status': '1'}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
392 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
393 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
394 ({('issue', nodeid): {}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
395 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
396
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
397 def testUnsetLink(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
398 nodeid = self.db.issue.create(status='unread')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
399 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
400 ({('issue', nodeid): {'status': None}}, []))
4781
6e9b9743de89 Implementation for:
John Rouillard <rouilj@ieee.org>
parents: 4685
diff changeset
401 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
402
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
403 def testInvalidLinkValue(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
404 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
405 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
406 # {'status': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
407 self.assertRaises(FormError, self.parseForm, {'link': 'frozzle'})
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
408 self.assertRaises(FormError, self.parseForm, {'status': 'frozzle'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
409 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
410
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
411 #
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
412 # Multilink
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
413 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
414 def testEmptyMultilink(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
415 self.assertEqual(self.parseForm({'nosy': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
416 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
417 self.assertEqual(self.parseForm({'nosy': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
418 ({('test', None): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
419
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
420 def testSetMultilink(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
421 self.assertEqual(self.parseForm({'nosy': '1'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
422 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
423 self.assertEqual(self.parseForm({'nosy': 'admin'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
424 ({('issue', None): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
425 self.assertEqual(self.parseForm({'nosy': ['1','2']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
426 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
427 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
428 ({('issue', None): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
429 self.assertEqual(self.parseForm({'nosy': 'admin,2'}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
430 ({('issue', None): {'nosy': ['1','2']}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
431
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
432 def testMixedMultilink(self):
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
433 form = cgi.FieldStorage()
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
434 form.list.append(cgi.MiniFieldStorage('nosy', '1,2'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
435 form.list.append(cgi.MiniFieldStorage('nosy', '3'))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
436 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
437 cl.classname = 'issue'
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
438 cl.nodeid = None
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
439 cl.db = self.db
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
440 cl.language = ('en',)
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
441 self.assertEqual(cl.parsePropsFromForm(create=1),
1631
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
442 ({('issue', None): {'nosy': ['1','2', '3']}}, []))
8a908bbad1ef A couple of form value handling changes:
Richard Jones <richard@users.sourceforge.net>
parents: 1592
diff changeset
443
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
444 def testEmptyMultilinkSet(self):
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
445 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
446 self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
447 ({('issue', nodeid): {'nosy': []}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
448 nodeid = self.db.issue.create(nosy=['1','2'])
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
449 self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
450 ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
451 self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
452 ({('issue', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
453
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
454 def testInvalidMultilinkValue(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
455 # XXX This is not the current behaviour - should we enforce this?
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
456 # self.assertRaises(IndexError, self.parseForm,
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
457 # {'nosy': '4'}))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
458 self.assertRaises(FormError, self.parseForm, {'nosy': 'frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
459 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
460 self.assertRaises(FormError, self.parseForm, {'nosy': '1,frozzle'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
461 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
462 self.assertRaises(FormError, self.parseForm, {'multilink': 'frozzle'})
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
463
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
464 def testMultilinkAdd(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
465 nodeid = self.db.issue.create(nosy=['1'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
466 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
467 self.assertEqual(self.parseForm({':add:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
468 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
469
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
470 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
471 self.assertEqual(self.parseForm({':add:nosy': '2'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
472 ({('issue', nodeid): {'nosy': ['1','2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
473 self.assertEqual(self.parseForm({':add:nosy': '2,mary'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
474 nodeid), ({('issue', nodeid): {'nosy': ['1','2','4']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
475 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
476 nodeid), ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
477
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
478 def testMultilinkAddNew(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
479 self.assertEqual(self.parseForm({':add:nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
480 ({('issue', None): {'nosy': ['2','3']}}, []))
1382
87143c3d7156 really fix [SF#663235], and test it
Richard Jones <richard@users.sourceforge.net>
parents: 1381
diff changeset
481
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
482 def testMultilinkRemove(self):
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
483 nodeid = self.db.issue.create(nosy=['1','2'])
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
484 # do nothing
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
485 self.assertEqual(self.parseForm({':remove:nosy': ''}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
486 ({('issue', nodeid): {}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
487
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
488 # do something ;)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
489 self.assertEqual(self.parseForm({':remove:nosy': '1'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
490 nodeid), ({('issue', nodeid): {'nosy': ['2']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
491 self.assertEqual(self.parseForm({':remove:nosy': 'admin,2'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
492 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
493 self.assertEqual(self.parseForm({':remove:nosy': ['1','2']},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
494 'issue', nodeid), ({('issue', nodeid): {'nosy': []}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
495
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
496 # add and remove
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
497 self.assertEqual(self.parseForm({':add:nosy': ['3'],
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
498 ':remove:nosy': ['1','2']},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
499 'issue', nodeid), ({('issue', nodeid): {'nosy': ['3']}}, []))
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
500
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
501 # remove one that doesn't exist?
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
502 self.assertRaises(FormError, self.parseForm, {':remove:nosy': '4'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
503 'issue', nodeid)
1381
944bd3c6d365 more cgi form parsing tests, and a fix for an outstanding couple of bugs
Richard Jones <richard@users.sourceforge.net>
parents: 1380
diff changeset
504
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
505 def testMultilinkRetired(self):
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
506 self.db.user.retire('2')
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
507 self.assertEqual(self.parseForm({'nosy': ['2','3']}, 'issue'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
508 ({('issue', None): {'nosy': ['2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
509 nodeid = self.db.issue.create(nosy=['1','2'])
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
510 self.assertEqual(self.parseForm({':remove:nosy': '2'}, 'issue',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
511 nodeid), ({('issue', nodeid): {'nosy': ['1']}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
512 self.assertEqual(self.parseForm({':add:nosy': '3'}, 'issue', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
513 ({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
514
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
515 def testAddRemoveNonexistant(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
516 self.assertRaises(FormError, self.parseForm, {':remove:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
517 'issue')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
518 self.assertRaises(FormError, self.parseForm, {':add:foo': '2'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
519 'issue')
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
520
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
521 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
522 # Password
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
523 #
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
524 def testEmptyPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
525 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
526 ({('user', None): {}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
527 self.assertEqual(self.parseForm({'password': ''}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
528 ({('user', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
529 self.assertRaises(FormError, self.parseForm, {'password': ['', '']},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
530 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
531 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
532 ':confirm:password': ['', '']}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
533
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
534 def testSetPassword(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
535 self.assertEqual(self.parseForm({'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
536 ':confirm:password': 'foo'}, 'user'),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
537 ({('user', None): {'password': 'foo'}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
538
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
539 def testSetPasswordConfirmBad(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
540 self.assertRaises(FormError, self.parseForm, {'password': 'foo'},
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
541 'user')
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
542 self.assertRaises(FormError, self.parseForm, {'password': 'foo',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
543 ':confirm:password': 'bar'}, 'user')
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
544
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
545 def testEmptyPasswordNotSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
546 nodeid = self.db.user.create(username='1',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
547 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
548 self.assertEqual(self.parseForm({'password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
549 ({('user', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
550 nodeid = self.db.user.create(username='2',
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
551 password=password.Password('foo'))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
552 self.assertEqual(self.parseForm({'password': '',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
553 ':confirm:password': ''}, 'user', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
554 ({('user', nodeid): {}}, []))
1380
4ce6820c18fa fixes to CGI form handling (NEEDS BACKPORTING TO 0.5)
Richard Jones <richard@users.sourceforge.net>
parents: 1377
diff changeset
555
5721
abb9fdb02228 Mark the failing test I deactivated as xfail to make it easier for
John Rouillard <rouilj@ieee.org>
parents: 5720
diff changeset
556 def testPasswordMigration(self):
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
557 chef = self.db.user.lookup('Chef')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
558 form = dict(__login_name='Chef', __login_password='foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
559 cl = self._make_client(form)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
560 # assume that the "best" algorithm is the first one and doesn't
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
561 # need migration, all others should be migrated.
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
562 cl.db.config.WEB_LOGIN_ATTEMPTS_MIN = 200
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
563 cl.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 10000
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
564 # The third item always fails. Regardless of what is there.
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
565 # ['plaintext', 'SHA', 'crypt', 'MD5']:
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
566 print(password.Password.deprecated_schemes)
4485
95aace124a8e use idea from Eli Collins to use a list of deprecated password encoding schemes
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4484
diff changeset
567 for scheme in password.Password.deprecated_schemes:
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
568 print(scheme)
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
569 cl.db.Otk = self.db.Otk
4684
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
570 if scheme == 'crypt' and os.name == 'nt':
8453c0d4acbe windows: Fix another failing test due to missing 'crypt'
anatoly techtonik <techtonik@gmail.com>
parents: 4683
diff changeset
571 continue # crypt is not available on Windows
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
572 pw1 = password.Password('foo', scheme=scheme)
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
573 print(pw1)
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
574 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
575 self.db.user.set(chef, password=pw1)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
576 self.db.commit()
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
577 actions.LoginAction(cl).handle()
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
578 pw = cl.db.user.get(chef, 'password')
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
579 print(pw)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
580 self.assertEqual(pw, 'foo')
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
581 self.assertEqual(pw.needs_migration(config=cl.db.config), False)
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
582 cl.db.Otk = self.db.Otk
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
583 pw1 = pw
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
584 self.assertEqual(pw1.needs_migration(config=cl.db.config), False)
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
585 scheme = password.Password.known_schemes[0]
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
586 self.assertEqual(scheme, pw1.scheme)
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
587 actions.LoginAction(cl).handle()
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
588 pw = cl.db.user.get(chef, 'password')
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
589 self.assertEqual(pw, 'foo')
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
590 self.assertEqual(pw, pw1)
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
591
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
592 # migrate if rounds has increased above rounds was 10000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
593 # below will be 100000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
594 cl.db.Otk = self.db.Otk
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
595 pw1 = pw
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
596 # do not use the production number of PBKDF2
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
597 os.environ["PYTEST_USE_CONFIG"] = "True"
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
598 cl.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 100000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
599 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
600 scheme = password.Password.known_schemes[0]
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
601 self.assertEqual(scheme, pw1.scheme)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
602 actions.LoginAction(cl).handle()
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
603 pw = cl.db.user.get(chef, 'password')
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
604 self.assertEqual(pw, 'foo')
7184
8b2287d850c8 Fix round check/settings in needs_migration
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
605 del(os.environ["PYTEST_USE_CONFIG"])
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
606 # do not assert self.assertEqual(pw, pw1) as pw is a 100,000
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
607 # cycle while pw1 is only 10,000. They won't compare equally.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
608
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
609 cl.db.close()
4484
52e13bf0bb40 Add new config-option 'migrate_passwords' in section 'web'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4446
diff changeset
610
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
611 def testPasswordConfigOption(self):
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
612 chef = self.db.user.lookup('Chef')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
613 form = dict(__login_name='Chef', __login_password='foo')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
614 cl = self._make_client(form)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
615 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 1000
4683
2f66d44616ad windows: Fix failing password tests due to missing crypt module
anatoly techtonik <techtonik@gmail.com>
parents: 4624
diff changeset
616 pw1 = password.Password('foo', scheme='MD5')
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7164
diff changeset
617 self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
618 self.db.user.set(chef, password=pw1)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
619 self.db.commit()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
620 actions.LoginAction(cl).handle()
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
621 pw = self.db.user.get(chef, 'password')
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
622 self.assertEqual('PBKDF2', pw.scheme)
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
623 self.assertEqual(1000, password.pbkdf2_unpack(pw.password)[0])
4685
61e922a93112 windows: Fix cgi tests by explicitly closing db opened by test client
anatoly techtonik <techtonik@gmail.com>
parents: 4684
diff changeset
624 cl.db.close()
4486
693c75d56ebe Add new config-option 'password_pbkdf2_default_rounds'...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4485
diff changeset
625
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
626 #
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
627 # Boolean
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
628 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
629 def testEmptyBoolean(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
630 self.assertEqual(self.parseForm({'boolean': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
631 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
632 self.assertEqual(self.parseForm({'boolean': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
633 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
634 self.assertRaises(FormError, self.parseForm, {'boolean': ['', '']})
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
635
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
636 def testSetBoolean(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
637 self.assertEqual(self.parseForm({'boolean': 'yes'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
638 ({('test', None): {'boolean': 1}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
639 self.assertEqual(self.parseForm({'boolean': 'a\r\nb\r\n'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
640 ({('test', None): {'boolean': 0}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
641 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
642 self.assertEqual(self.parseForm({'boolean': 'yes'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
643 ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
644 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
645 self.assertEqual(self.parseForm({'boolean': 'no'}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
646 ({('test', nodeid): {}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
647
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
648 def testEmptyBooleanSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
649 nodeid = self.db.test.create(boolean=0)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
650 self.assertEqual(self.parseForm({'boolean': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
651 ({('test', nodeid): {'boolean': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
652 nodeid = self.db.test.create(boolean=1)
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
653 self.assertEqual(self.parseForm({'boolean': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
654 ({('test', nodeid): {'boolean': None}}, []))
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
655
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
656 def testRequiredBoolean(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
657 self.assertRaises(FormError, self.parseForm, {'boolean': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
658 ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
659 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
660 self.parseForm({'boolean': 'no', ':required': 'boolean'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
661 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
662 self.fail('boolean "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
663
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
664 #
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
665 # Number
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
666 #
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
667 def testEmptyNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
668 self.assertEqual(self.parseForm({'number': ''}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
669 ({('test', None): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
670 self.assertEqual(self.parseForm({'number': ' '}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
671 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
672 self.assertRaises(FormError, self.parseForm, {'number': ['', '']})
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
673
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
674 def testInvalidNumber(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
675 self.assertRaises(FormError, self.parseForm, {'number': 'hi, mum!'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
676
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
677 def testSetNumber(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
678 self.assertEqual(self.parseForm({'number': '1'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
679 ({('test', None): {'number': 1}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
680 self.assertEqual(self.parseForm({'number': '0'}),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
681 ({('test', None): {'number': 0}}, []))
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
682 self.assertEqual(self.parseForm({'number': '\n0\n'}),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
683 ({('test', None): {'number': 0}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
684
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
685 def testSetNumberReplaceOne(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
686 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
687 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
688 ({('test', nodeid): {}}, []))
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
689 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
690 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
691
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
692 def testSetNumberReplaceZero(self):
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
693 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
694 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
695 ({('test', nodeid): {}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
696
3491
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
697 def testSetNumberReplaceNone(self):
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
698 nodeid = self.db.test.create()
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
699 self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
700 ({('test', nodeid): {'number': 0}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
701 self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
702 ({('test', nodeid): {'number': 1}}, []))
0e5f15520e70 fix detection of "missing" existing values in CGI form parser [SF#1414149]
Richard Jones <richard@users.sourceforge.net>
parents: 2929
diff changeset
703
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
704 def testEmptyNumberSet(self):
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
705 nodeid = self.db.test.create(number=0)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
706 self.assertEqual(self.parseForm({'number': ''}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
707 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
708 nodeid = self.db.test.create(number=1)
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
709 self.assertEqual(self.parseForm({'number': ' '}, 'test', nodeid),
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
710 ({('test', nodeid): {'number': None}}, []))
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
711
3777
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
712 def testRequiredNumber(self):
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
713 self.assertRaises(FormError, self.parseForm, {'number': '',
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
714 ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
715 try:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
716 self.parseForm({'number': '0', ':required': 'number'})
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
717 except FormError:
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
718 self.fail('number "no" raised "required missing"')
74aebbbea305 Sorry for the mega-patch - was all done on the train:
Richard Jones <richard@users.sourceforge.net>
parents: 3656
diff changeset
719
1525
c006e8166f81 added tests for Number cgi editing
Richard Jones <richard@users.sourceforge.net>
parents: 1483
diff changeset
720 #
5067
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
721 # Integer
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
722 #
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
723 def testEmptyInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
724 self.assertEqual(self.parseForm({'intval': ''}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
725 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
726 self.assertEqual(self.parseForm({'intval': ' '}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
727 ({('test', None): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
728 self.assertRaises(FormError, self.parseForm, {'intval': ['', '']})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
729
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
730 def testInvalidInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
731 self.assertRaises(FormError, self.parseForm, {'intval': 'hi, mum!'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
732
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
733 def testSetInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
734 self.assertEqual(self.parseForm({'intval': '1'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
735 ({('test', None): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
736 self.assertEqual(self.parseForm({'intval': '0'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
737 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
738 self.assertEqual(self.parseForm({'intval': '\n0\n'}),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
739 ({('test', None): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
740
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
741 def testSetIntegerReplaceOne(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
742 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
743 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
744 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
745 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
746 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
747
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
748 def testSetIntegerReplaceZero(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
749 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
750 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
751 ({('test', nodeid): {}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
752
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
753 def testSetIntegerReplaceNone(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
754 nodeid = self.db.test.create()
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
755 self.assertEqual(self.parseForm({'intval': '0'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
756 ({('test', nodeid): {'intval': 0}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
757 self.assertEqual(self.parseForm({'intval': '1'}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
758 ({('test', nodeid): {'intval': 1}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
759
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
760 def testEmptyIntegerSet(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
761 nodeid = self.db.test.create(intval=0)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
762 self.assertEqual(self.parseForm({'intval': ''}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
763 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
764 nodeid = self.db.test.create(intval=1)
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
765 self.assertEqual(self.parseForm({'intval': ' '}, 'test', nodeid),
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
766 ({('test', nodeid): {'intval': None}}, []))
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
767
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
768 def testRequiredInteger(self):
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
769 self.assertRaises(FormError, self.parseForm, {'intval': '',
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
770 ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
771 try:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
772 self.parseForm({'intval': '0', ':required': 'intval'})
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
773 except FormError:
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
774 self.fail('intval "no" raised "required missing"')
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
775
e424987d294a Add support for an integer type to join the existing number type.
John Rouillard <rouilj@ieee.org>
parents: 5065
diff changeset
776 #
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
777 # Date
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
778 #
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
779 def testEmptyDate(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
780 self.assertEqual(self.parseForm({'date': ''}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
781 ({('test', None): {}}, []))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
782 self.assertEqual(self.parseForm({'date': ' '}),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
783 ({('test', None): {}}, []))
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
784 self.assertRaises(FormError, self.parseForm, {'date': ['', '']})
1385
2bd4822f96a6 - more fixes to CGI form handling
Richard Jones <richard@users.sourceforge.net>
parents: 1382
diff changeset
785
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
786 def testInvalidDate(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
787 self.assertRaises(FormError, self.parseForm, {'date': '12'})
1562
b975da59cd11 handle invalid data input in forms better
Richard Jones <richard@users.sourceforge.net>
parents: 1525
diff changeset
788
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
789 def testSetDate(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
790 self.assertEqual(self.parseForm({'date': '2003-01-01'}),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
791 ({('test', None): {'date': date.Date('2003-01-01')}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
792 nodeid = self.db.test.create(date=date.Date('2003-01-01'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
793 self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
794 nodeid), ({('test', nodeid): {}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
795
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
796 def testEmptyDateSet(self):
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
797 nodeid = self.db.test.create(date=date.Date('.'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
798 self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
799 ({('test', nodeid): {'date': None}}, []))
1393
71928bf79302 more CGI fixes and tests
Richard Jones <richard@users.sourceforge.net>
parents: 1385
diff changeset
800 nodeid = self.db.test.create(date=date.Date('1970-01-01.00:00:00'))
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
801 self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
802 ({('test', nodeid): {'date': None}}, []))
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
803
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
804 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
805 # Test multiple items in form
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
806 #
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
807 def testMultiple(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
808 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'}),
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
809 ({('test', None): {'string': 'a'},
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
810 ('issue', '-1'): {'title': 'b'}
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
811 }, []))
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
812
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
813 def testMultipleExistingContext(self):
1420
3ac43c62a250 implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents: 1393
diff changeset
814 nodeid = self.db.test.create()
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
815 self.assertEqual(self.parseForm({'string': 'a', 'issue-1@title': 'b'},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
816 'test', nodeid),({('test', nodeid): {'string': 'a'},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
817 ('issue', '-1'): {'title': 'b'}}, []))
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
818
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
819 def testLinking(self):
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
820 self.assertEqual(self.parseForm({
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
821 'string': 'a',
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
822 'issue-1@add@nosy': '1',
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
823 'issue-2@link@superseder': 'issue-1',
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
824 }),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
825 ({('test', None): {'string': 'a'},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
826 ('issue', '-1'): {'nosy': ['1']},
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
827 },
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
828 [('issue', '-2', 'superseder', [('issue', '-1')])
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
829 ]
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
830 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
831 )
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
832
3982
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
833 def testMessages(self):
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
834 self.assertEqual(self.parseForm({
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
835 'msg-1@content': 'asdf',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
836 'msg-2@content': 'qwer',
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
837 '@link@messages': 'msg-1, msg-2'}),
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
838 ({('test', None): {},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
839 ('msg', '-2'): {'content': 'qwer'},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
840 ('msg', '-1'): {'content': 'asdf'}},
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
841 [('test', None, 'messages', [('msg', '-1'), ('msg', '-2')])]
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
842 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
843 )
efcea2fe69be add new test for multiple message creation
Richard Jones <richard@users.sourceforge.net>
parents: 3980
diff changeset
844
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
845 def testLinkBadDesignator(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
846 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
847 {'test-1@link@link': 'blah'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
848 self.assertRaises(FormError, self.parseForm,
1438
13c42b803101 Better handling of the form variable labels.
Richard Jones <richard@users.sourceforge.net>
parents: 1431
diff changeset
849 {'test-1@link@link': 'issue'})
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
850
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
851 def testLinkNotLink(self):
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
852 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
853 {'test-1@link@boolean': 'issue-1'})
1819
e24cebaaa7e8 Use FormError.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 1797
diff changeset
854 self.assertRaises(FormError, self.parseForm,
1446
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
855 {'test-1@link@string': 'issue-1'})
8ce33ce262a4 fix property type check, and dont create items that have no properties
Richard Jones <richard@users.sourceforge.net>
parents: 1438
diff changeset
856
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
857 def testBackwardsCompat(self):
1431
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
858 res = self.parseForm({':note': 'spam'}, 'issue')
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
859 date = res[0][('msg', '-1')]['date']
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
860 self.assertEqual(res, ({('issue', None): {}, ('msg', '-1'):
c70068162e64 Altered Class.create() and FileClass.create() methods...
Richard Jones <richard@users.sourceforge.net>
parents: 1425
diff changeset
861 {'content': 'spam', 'author': '1', 'date': date}},
1425
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
862 [('issue', None, 'messages', [('msg', '-1')])]))
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
863 file = FileUpload('foo', 'foo.txt')
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
864 self.assertEqual(self.parseForm({':file': file}, 'issue'),
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
865 ({('issue', None): {}, ('file', '-1'): {'content': 'foo',
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
866 'name': 'foo.txt', 'type': 'text/plain'}},
58ce2c1614cd new form handling complete
Richard Jones <richard@users.sourceforge.net>
parents: 1420
diff changeset
867 [('issue', None, 'files', [('file', '-1')])]))
1377
9ddb3ab23a3f start of CGI form handling tests
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
868
6382
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
869 def testErrorForBadTemplate(self):
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
870 form = {}
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
871 cl = self.setupClient(form, 'issue', '1', template="broken",
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
872 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
873 out = []
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
874
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
875 out = cl.renderContext()
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
876
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
877 self.assertEqual(out, '<strong>No template file exists for templating "issue" with template "broken" (neither "issue.broken" nor "_generic.broken")</strong>')
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
878 self.assertEqual(cl.response_code, 400)
b35a50d02890 Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
879
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
880 def testFormValuePreserveOnError(self):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
881 page_template = """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
882 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
883 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
884 <p tal:condition="options/error_message|nothing"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
885 tal:repeat="m options/error_message"
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
886 tal:content="structure m"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
887 <p tal:content="context/title/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
888 <p tal:content="context/priority/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
889 <p tal:content="context/status/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
890 <p tal:content="context/nosy/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
891 <p tal:content="context/keyword/plain"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
892 <p tal:content="structure context/superseder/field"/>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
893 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
894 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
895 """.strip ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
896 self.db.keyword.create (name = 'key1')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
897 self.db.keyword.create (name = 'key2')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
898 nodeid = self.db.issue.create (title = 'Title', priority = '1',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
899 status = '1', nosy = ['1'], keyword = ['1'])
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
900 self.db.commit ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
901 form = {':note': 'msg-content', 'title': 'New title',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
902 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
903 'superseder': '5000', ':action': 'edit'}
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
904 cl = self.setupClient(form, 'issue', '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
905 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
906 pt = RoundupPageTemplate()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
907 pt.pt_edit(page_template, 'text/html')
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
908 out = []
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
909 def wh(s):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
910 out.append(s)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
911 cl.write_html = wh
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
912 # Enable the following if we get a templating error:
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
913 #def send_error (*args, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
914 # import pdb; pdb.set_trace()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
915 #cl.send_error_to_admin = send_error
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
916 # Need to rollback the database on error -- this usually happens
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
917 # in web-interface (and for other databases) anyway, need it for
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
918 # testing that the form values are really used, not the database!
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
919 # We do this together with the setup of the easy template above
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
920 def load_template(x):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
921 cl.db.rollback()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
922 return pt
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
923 cl.instance.templates.load = load_template
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
924 cl.selectTemplate = MockNull()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
925 cl.determine_context = MockNull ()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
926 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
927 return True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
928 actions.Action.hasPermission = hasPermission
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
929 e1 = _HTMLItem.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
930 _HTMLItem.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
931 e2 = HTMLProperty.is_edit_ok
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
932 HTMLProperty.is_edit_ok = lambda x : True
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
933 cl.inner_main()
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
934 _HTMLItem.is_edit_ok = e1
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
935 HTMLProperty.is_edit_ok = e2
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
936 self.assertEqual(len(out), 1)
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
937 self.assertEqual(out [0].strip (), """
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
938 <html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
939 <body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
940 <p>Edit Error: issue has no node 5000</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
941 <p>New title</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
942 <p>urgent</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
943 <p>deferred</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
944 <p>admin, anonymous</p>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
945 <p></p>
5485
b0359a7c5b6d create input elements with attributes in a defined (sorted) order
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5484
diff changeset
946 <p><input name="superseder" size="30" type="text" value="5000"></p>
5166
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
947 </body>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
948 </html>
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
949 """.strip ())
232c74973a56 issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5162
diff changeset
950
5519
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
951 def testXMLTemplate(self):
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
952 page_template = """<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:tal="http://xml.zope.org/namespaces/tal" xmlns:metal="http://xml.zope.org/namespaces/metal"></feed>"""
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
953 pt = RoundupPageTemplate()
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
954 pt.pt_edit(page_template, 'application/xml')
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
955
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
956 cl = self.setupClient({ }, 'issue',
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
957 env_addon = {'HTTP_REFERER': 'http://whoami.com/path/'})
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
958 out = pt.render(cl, 'issue', MockNull())
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
959 self.assertEqual(out, '<?xml version="1.0" encoding="UTF-8"?><feed\n xmlns="http://www.w3.org/2005/Atom"/>\n')
5519
14a61eabcea8 Fixed unicode issues for XML template with Python 2
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5515
diff changeset
960
5924
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
961 def testHttpProxyStrip(self):
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
962 os.environ['HTTP_PROXY'] = 'http://bad.news/here/'
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
963 cl = self.setupClient({ }, 'issue',
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
964 env_addon = {'HTTP_PROXY': 'http://bad.news/here/'})
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
965 out = []
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
966 def wh(s):
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
967 out.append(s)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
968 cl.write_html = wh
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
969 cl.main()
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
970 self.assertFalse('HTTP_PROXY' in cl.env)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
971 self.assertFalse('HTTP_PROXY' in os.environ)
b40059d7036f issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents: 5847
diff changeset
972
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
973 def testCsrfProtection(self):
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
974 # need to set SENDMAILDEBUG to prevent
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
975 # downstream issue when email is sent on successful
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
976 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
977 # just to make sure that some other test looking for
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
978 # SENDMAILDEBUG won't trip over ours.
5381
0942fe89e82e Python 3 preparation: change "x.has_key(y)" to "y in x".
Joseph Myers <jsm@polyomino.org.uk>
parents: 5376
diff changeset
979 if 'SENDMAILDEBUG' not in os.environ:
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
980 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
981 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
982
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
983 page_template = """
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
984 <html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
985 <body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
986 <p tal:condition="options/error_message|nothing"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
987 tal:repeat="m options/error_message"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
988 tal:content="structure m"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
989 <p tal:content="context/title/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
990 <p tal:content="context/priority/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
991 <p tal:content="context/status/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
992 <p tal:content="context/nosy/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
993 <p tal:content="context/keyword/plain"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
994 <p tal:content="structure context/superseder/field"/>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
995 </body>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
996 </html>
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
997 """.strip ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
998 self.db.keyword.create (name = 'key1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
999 self.db.keyword.create (name = 'key2')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1000 nodeid = self.db.issue.create (title = 'Title', priority = '1',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1001 status = '1', nosy = ['1'], keyword = ['1'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1002 self.db.commit ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1003 form = {':note': 'msg-content', 'title': 'New title',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1004 'priority': '2', 'status': '2', 'nosy': '1,2', 'keyword': '',
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1005 ':action': 'edit'}
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1006 cl = self.setupClient(form, 'issue', '1')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1007 pt = RoundupPageTemplate()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1008 pt.pt_edit(page_template, 'text/html')
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1009 out = []
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1010 def wh(s):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1011 out.append(s)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1012 cl.write_html = wh
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1013 # Enable the following if we get a templating error:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1014 #def send_error (*args, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1015 # import pdb; pdb.set_trace()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1016 #cl.send_error_to_admin = send_error
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1017 # Need to rollback the database on error -- this usually happens
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1018 # in web-interface (and for other databases) anyway, need it for
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1019 # testing that the form values are really used, not the database!
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1020 # We do this together with the setup of the easy template above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1021 def load_template(x):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1022 cl.db.rollback()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1023 return pt
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1024 cl.instance.templates.load = load_template
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1025 cl.selectTemplate = MockNull()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1026 cl.determine_context = MockNull ()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1027 def hasPermission(s, p, classname=None, d=None, e=None, **kw):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1028 return True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1029 actions.Action.hasPermission = hasPermission
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1030 e1 = _HTMLItem.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1031 _HTMLItem.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1032 e2 = HTMLProperty.is_edit_ok
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1033 HTMLProperty.is_edit_ok = lambda x : True
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1034
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1035 # test with no headers. Default config requires that 1 header
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1036 # is present and passes checks.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1037 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1038 match_at=out[0].find('Unable to verify sufficient headers')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1039 print("result of subtest 1:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1040 self.assertNotEqual(match_at, -1)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1041 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1042
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1043 # all the rest of these allow at least one header to pass
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1044 # and the edit happens with a redirect back to issue 1
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1045 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1046 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1047 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1048 print("result of subtest 2:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1049 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1050 del(cl.env['HTTP_REFERER'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1051 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1052
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1053 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1054 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1055 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1056 print("result of subtest 3:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1057 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1058 del(cl.env['HTTP_ORIGIN'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1059 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1060
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1061 cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com'
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1062 # if there is an X-FORWARDED-HOST header it is used and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1063 # HOST header is ignored. X-FORWARDED-HOST should only be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1064 # passed/set by a proxy. In this case the HOST header is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1065 # the proxy's name for the web server and not the name
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1066 # thatis exposed to the world.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1067 cl.env['HTTP_HOST'] = 'frontend1.whoami.net'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1068 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1069 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1070 print("result of subtest 4:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1071 self.assertNotEqual(match_at, -1)
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1072 del(cl.env['HTTP_X_FORWARDED_HOST'])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1073 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1074 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1075
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1076 cl.env['HTTP_HOST'] = 'whoami.com'
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1077 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1078 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1079 print("result of subtest 5:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1080 self.assertEqual(match_at, 0)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1081 del(cl.env['HTTP_HOST'])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1082 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1083
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1084 # try failing headers
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1085 cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net'
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1086 # this raises an error as the header check passes and
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1087 # it did the edit and tries to send mail.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1088 cl.inner_main()
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1089 match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1090 print("result of subtest 6:", out[0])
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1091 self.assertNotEqual(match_at, -1)
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1092 del(cl.env['HTTP_X_FORWARDED_HOST'])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1093 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1094
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1095 # header checks succeed
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1096 # check nonce handling.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1097 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1098
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1099 # roundup will report a missing token.
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1100 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'required'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1101 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1102 match_at=out[0].find("<p>We can't validate your session (csrf failure). Re-enter any unsaved data and try again.</p>")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1103 print("result of subtest 6a:", out[0], match_at)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1104 self.assertEqual(match_at, 33)
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1105 del(out[0])
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1106 cl.db.config['WEB_CSRF_ENFORCE_TOKEN'] = 'yes'
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1107
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1108 form2 = copy.copy(form)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1109 form2.update({'@csrf': 'booogus'})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1110 # add a bogus csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1111 cl.form = db_test_base.makeForm(form2)
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1112
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1113 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1114 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1115 print("result of subtest 7:", out[0])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1116 self.assertEqual(match_at, 36)
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1117 del(out[0])
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1118
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1119 form2 = copy.copy(form)
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5485
diff changeset
1120 nonce = anti_csrf_nonce(cl)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1121 # verify that we can see the nonce
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1122 otks = cl.db.getOTKManager()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1123 isitthere = otks.exists(nonce)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1124 print("result of subtest 8:", isitthere)
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1125 print("otks: user, session", otks.get(nonce, 'uid', default=None),
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1126 otks.get(nonce, 'session', default=None))
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1127 self.assertEqual(isitthere, True)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1128
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1129 form2.update({'@csrf': nonce})
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1130 # add a real csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1131 cl.form = db_test_base.makeForm(form2)
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1132 cl.inner_main()
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1133 # csrf passes and redirects to the new issue.
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1134 match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1135 print("result of subtest 9:", out[0])
5203
9f490cc0effe Also rename test to testCsrfProtection
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1136 self.assertEqual(match_at, 0)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1137 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1138
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1139 # try a replay attack
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1140 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1141 # This should fail as token was wiped by last run.
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1142 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1143 print("replay of csrf after post use", out[0])
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1144 print("result of subtest 10:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1145 self.assertEqual(match_at, 36)
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1146 del(out[0])
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1147
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1148 # make sure that a get deletes the csrf.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1149 cl.env['REQUEST_METHOD'] = 'GET'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1150 cl.env['HTTP_REFERER'] = 'http://whoami.com/path/'
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1151 form2 = copy.copy(form)
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5485
diff changeset
1152 nonce = anti_csrf_nonce(cl)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1153 form2.update({'@csrf': nonce})
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1154 # add a real csrf field to the form and rerun the inner_main
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1155 cl.form = db_test_base.makeForm(form2)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1156 cl.inner_main()
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1157 # csrf passes but fail creating new issue because not a post
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1158 match_at=out[0].find('<p>Invalid request</p>')
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1159 print("result of subtest 11:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1160 self.assertEqual(match_at, 33)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1161 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1162
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1163 # the token should be gone
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1164 isitthere = otks.exists(nonce)
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1165 print("result of subtest 12:", isitthere)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1166 self.assertEqual(isitthere, False)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1167
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1168 # change to post and should fail w/ invalid csrf
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1169 # since get deleted the token.
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1170 cl.env.update({'REQUEST_METHOD': 'POST'})
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1171 print(cl.env)
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1172 cl.inner_main()
5847
26cd8e8bbed3 Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
John Rouillard <rouilj@ieee.org>
parents: 5814
diff changeset
1173 match_at=out[0].find("We can't validate your session (csrf failure). Re-enter any unsaved data and try again.")
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1174 print("post failure after get", out[0])
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1175 print("result of subtest 13:", out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1176 self.assertEqual(match_at, 36)
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1177 del(out[0])
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1178
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1179 del(cl.env['HTTP_REFERER'])
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1180
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1181 # test by setting allowed api origins to *
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1182 # this should not redirect as it is not an API call.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1183 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1184 cl.env['HTTP_ORIGIN'] = 'https://baz.edu'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1185 cl.inner_main()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1186 match_at=out[0].find('Invalid Origin https://baz.edu')
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1187 print("result of subtest invalid origin:", out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1188 self.assertEqual(match_at, 36)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1189 del(cl.env['HTTP_ORIGIN'])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1190 cl.db.config.WEB_ALLOWED_API_ORIGINS = ""
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1191 del(out[0])
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1192
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1193 # test by setting allowed api origins to *
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1194 # this should not redirect as it is not an API call.
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1195 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1196 cl.env['HTTP_ORIGIN'] = 'http://whoami.com'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1197 cl.env['HTTP_REFERER'] = 'https://baz.edu/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1198 cl.inner_main()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1199 match_at=out[0].find('Invalid Referer: https://baz.edu/path/')
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1200 print("result of subtest invalid referer:", out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1201 self.assertEqual(match_at, 36)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1202 del(cl.env['HTTP_ORIGIN'])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1203 del(cl.env['HTTP_REFERER'])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1204 cl.db.config.WEB_ALLOWED_API_ORIGINS = ""
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1205 del(out[0])
5210
7da56980754d Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents: 5208
diff changeset
1206
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1207 # clean up from email log
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1208 if os.path.exists(SENDMAILDEBUG):
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1209 os.remove(SENDMAILDEBUG)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1210 #raise ValueError
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
1211
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1212 def testRestOriginValidationCredentials(self):
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1213 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1214 # set the password for admin so we can log in.
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1215 passwd=password.Password('admin')
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1216 self.db.user.set('1', password=passwd)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1217
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1218 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1219 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1220 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1221
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1222 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1223 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1224 # origin set to allowed value
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1225 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1226 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1227 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1228 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1229 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1230 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1231 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1232 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1233 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1234 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1235 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1236 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1237 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1238 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1239 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1240 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1241 'accept': 'application/json;version=1',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1242 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1243 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1244 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1245
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1246 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1247
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1248 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1249 print(b2s(out[0]))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1250 expected="""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1251 {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1252 "data": {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1253 "collection": [],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1254 "@total_size": 0
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1255 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1256 }"""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1257
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1258 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1259 self.assertIn('Access-Control-Allow-Credentials',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1260 cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1261 self.assertEqual(
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1262 cl.additional_headers['Access-Control-Allow-Credentials'],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1263 'true'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1264 )
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1265 self.assertEqual(
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1266 cl.additional_headers['Access-Control-Allow-Origin'],
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1267 'http://whoami.com'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1268 )
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1269 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1270
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1271
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1272 # Origin not set. AKA same origin GET request.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1273 # Should be like valid origin.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1274 # Because of HTTP_X_REQUESTED_WITH header it should be
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1275 # preflighted.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1276 cl = client.Client(self.instance, None,
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1277 {'REQUEST_METHOD':'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1278 'PATH_INFO':'rest/data/issue',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1279 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1280 'HTTP_REFERER': 'http://whoami.com/path/',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1281 'HTTP_ACCEPT': "application/json;version=1",
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1282 'HTTP_X_REQUESTED_WITH': 'rest',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1283 }, form)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1284 cl.db = self.db
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1285 cl.base = 'http://whoami.com/path/'
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1286 cl._socket_op = lambda *x : True
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1287 cl._error_message = []
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1288 cl.request = MockNull()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1289 h = { 'content-type': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1290 'accept': 'application/json' }
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1291 cl.request.headers = MockNull(**h)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1292
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1293 cl.write = wh # capture output
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1294
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1295 # Should return explanation because content type is text/plain
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1296 # and not text/xml
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1297 cl.handle_rest()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1298 self.assertIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1299 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1300
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1301 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1302 del(out[0])
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1303
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1304 cl = client.Client(self.instance, None,
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1305 {'REQUEST_METHOD':'OPTIONS',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1306 'HTTP_ORIGIN': 'http://invalid.com',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1307 'PATH_INFO':'rest/data/issue',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1308 'Access-Control-Request-Headers': 'Authorization',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1309 'Access-Control-Request-Method': 'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1310 }, form)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1311 cl.db = self.db
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1312 cl.base = 'http://whoami.com/path/'
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1313 cl._socket_op = lambda *x : True
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1314 cl._error_message = []
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1315 cl.request = MockNull()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1316 h = { 'content-type': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1317 'accept': 'application/json',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1318 'access-control-request-headers': 'Authorization',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1319 'access-control-request-method': 'GET',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1320 }
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1321 cl.request.headers = MockNull(**h)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1322
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1323 cl.write = wh # capture output
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1324
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1325 # Should return explanation because content type is text/plain
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1326 # and not text/xml
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1327 cl.handle_rest()
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1328 self.assertNotIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1329 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1330
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1331 self.assertNotIn('Access-Control-Allow-Origin',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1332 cl.additional_headers
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1333 )
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1334
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1335 self.assertEqual(cl.response_code, 400)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1336 del(out[0])
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1337
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1338 # origin not set to allowed value
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1339 # prevents authenticated request like this from
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1340 # being shared with the requestor because
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1341 # Access-Control-Allow-Credentials is not
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1342 # set in response
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1343 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1344 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1345 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1346 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1347 'HTTP_ORIGIN': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1348 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1349 'HTTP_REFERER': 'http://invalid.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1350 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1351 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1352 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1353 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1354 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1355 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1356 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1357 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1358 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1359 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1360 'accept': 'application/json;version=1',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1361 'origin': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1362 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1363 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1364
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1365 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1366 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1367 self.assertEqual(json.loads(b2s(out[0])),
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1368 json.loads(expected)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1369 )
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1370 self.assertNotIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1371 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1372 self.assertIn('Access-Control-Allow-Origin',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1373 cl.additional_headers)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1374 self.assertEqual(
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1375 h['origin'],
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1376 cl.additional_headers['Access-Control-Allow-Origin']
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1377 )
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1378
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1379 self.assertIn('Content-Length', cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1380 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1381
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1382
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1383 # CORS Same rules as for invalid origin
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1384 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1385 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1386 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1387 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1388 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1389 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1390 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1391 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1392 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1393 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1394 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1395 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1396 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1397 h = { 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1398 'accept': 'application/json' }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1399 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1400
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1401 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1402
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1403 # Should return explanation because content type is text/plain
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1404 # and not text/xml
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1405 cl.handle_rest()
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1406 self.assertIn('Access-Control-Allow-Credentials',
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1407 cl.additional_headers)
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1408
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1409 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1410 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1411
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1412 # origin set to special "null" value. Same rules as for
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1413 # invalid origin
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1414 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1415 {'REQUEST_METHOD':'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1416 'PATH_INFO':'rest/data/issue',
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7154
diff changeset
1417 'HTTP_ORIGIN': 'null',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1418 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1419 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1420 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1421 'HTTP_X_REQUESTED_WITH': 'rest',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1422 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1423 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1424 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1425 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1426 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1427 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1428 h = { 'content-type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1429 'accept': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1430 'origin': 'null' }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1431 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1432
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1433 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1434
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1435 # Should return explanation because content type is text/plain
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1436 # and not text/xml
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1437 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1438 self.assertNotIn('Access-Control-Allow-Credentials', cl.additional_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1439
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1440 self.assertEqual(json.loads(b2s(out[0])),json.loads(expected))
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1441 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1442
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1443
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1444 def testRestOptionsBadAttribute(self):
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1445 import json
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1446 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1447 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1448 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1449
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1450 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1451 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1452 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1453 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1454 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1455 'PATH_INFO':'rest/data/user/1/zot',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1456 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1457 'content-type': ""
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1458 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1459 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1460 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1461 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1462 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1463 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1464 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1465 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1466 'access-control-request-headers': 'x-requested-with',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1467 'access-control-request-method': 'GET',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1468 'referer': 'http://whoami.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1469 'content-type': "",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1470 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1471 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1472
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1473 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1474 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1475
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1476 _py3 = sys.version_info[0] > 2
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1477
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1478 expected_headers = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1479 'Access-Control-Allow-Credentials': 'true',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1480 'Access-Control-Allow-Headers': 'Content-Type, Authorization, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1481 'X-Requested-With, X-HTTP-Method-Override',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1482 'Access-Control-Allow-Methods': 'HEAD, OPTIONS, GET, POST, PUT, DELETE, PATCH',
7160
ed63b6d35838 Add 'Access-Control-Expose-Headers' to a couple of tests.
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1483 'Access-Control-Expose-Headers': 'X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Limit-Period, Retry-After, Sunset, Allow',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1484 'Access-Control-Allow-Origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1485 'Access-Control-Max-Age': '86400',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1486 'Allow': 'OPTIONS, GET, POST, PUT, DELETE, PATCH',
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1487 # string representation under python2 has an extra space.
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1488 'Content-Length': '104' if _py3 else '105',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1489 'Content-Type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1490 'Vary': 'Origin'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1491 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1492
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1493 expected_body = b'{\n "error": {\n "status": 404,\n "msg": "Attribute zot not valid for Class user"\n }\n}\n'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1494
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1495 self.assertEqual(cl.response_code, 404)
7154
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1496 # json payload string representation differs. Compare as objects.
f614176903d0 fix test; string for json object has extra space under python2.
John Rouillard <rouilj@ieee.org>
parents: 7153
diff changeset
1497 self.assertEqual(json.loads(b2s(out[0])), json.loads(expected_body))
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1498 self.assertEqual(cl.additional_headers, expected_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1499
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1500 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1501
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1502
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1503 def testRestOptionsRequestGood(self):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1504 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1505 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1506 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1507 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1508
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1509 # OPTIONS/CORS preflight has no credentials
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1510 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1511 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1512 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1513 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1514 'HTTP_ORIGIN': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1515 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1516 'HTTP_REFERER': 'http://whoami.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1517 'Access-Control-Request-Headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1518 'Access-Control-Request-Method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1519 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1520 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1521 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1522 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1523 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1524 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1525 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1526 'origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1527 'access-control-request-headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1528 'access-control-request-method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1529 'referer': 'http://whoami.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1530 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1531 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1532
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1533 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1534 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1535 self.assertEqual(out[0], '') # 204 options returns no data
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1536
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1537 expected_headers = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1538 'Access-Control-Allow-Credentials': 'true',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1539 'Access-Control-Allow-Headers': 'Content-Type, Authorization, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1540 'X-Requested-With, X-HTTP-Method-Override',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1541 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',
7160
ed63b6d35838 Add 'Access-Control-Expose-Headers' to a couple of tests.
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1542 'Access-Control-Expose-Headers': 'X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Limit-Period, Retry-After, Sunset, Allow',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1543 'Access-Control-Allow-Origin': 'http://whoami.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1544 'Access-Control-Max-Age': '86400',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1545 'Allow': 'OPTIONS, GET, POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1546 'Content-Type': 'application/json',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1547 'Vary': 'Origin'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1548 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1549
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1550 self.assertEqual(cl.additional_headers, expected_headers)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1551
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1552
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1553 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1554
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1555 def testRestOptionsRequestBad(self):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1556 import json
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1557
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1558 out = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1559 def wh(s):
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1560 out.append(s)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1561
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1562 # OPTIONS/CORS preflight has no credentials
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1563 # rest has no form content
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1564 form = cgi.FieldStorage()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1565 cl = client.Client(self.instance, None,
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1566 {'REQUEST_METHOD':'OPTIONS',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1567 'HTTP_ORIGIN': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1568 'PATH_INFO':'rest/data/issue',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1569 'HTTP_REFERER':
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1570 'http://invalid.com/path/',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1571 'Access-Control-Request-Headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1572 'Access-Control-Request-Method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1573 }, form)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1574 cl.db = self.db
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1575 cl.base = 'http://whoami.com/path/'
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1576 cl._socket_op = lambda *x : True
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1577 cl._error_message = []
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1578 cl.request = MockNull()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1579 h = {
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1580 'origin': 'http://invalid.com',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1581 'access-control-request-headers': 'Authorization',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1582 'access-control-request-method': 'POST',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1583 'referer': 'http://invalid.com/path',
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1584 }
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1585 cl.request.headers = MockNull(**h)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1586
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1587 cl.write = wh # capture output
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1588 cl.handle_rest()
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1589
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1590 self.assertEqual(cl.response_code, 400)
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1591
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1592 del(out[0])
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1593
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1594 def testRestCsrfProtection(self):
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1595 import json
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1596 # set the password for admin so we can log in.
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1597 passwd=password.Password('admin')
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1598 self.db.user.set('1', password=passwd)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1599
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1600 out = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1601 def wh(s):
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1602 out.append(s)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1603
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1604 # rest has no form content
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1605 form = cgi.FieldStorage()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1606 form.list = [
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1607 cgi.MiniFieldStorage('title', 'A new issue'),
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1608 cgi.MiniFieldStorage('status', '1'),
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1609 cgi.MiniFieldStorage('@pretty', 'false'),
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1610 cgi.MiniFieldStorage('@apiver', '1'),
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1611 ]
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1612 cl = client.Client(self.instance, None,
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1613 {'REQUEST_METHOD':'POST',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1614 'PATH_INFO':'rest/data/issue',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1615 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1616 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1617 'HTTP_REFERER': 'http://whoami.com/path/',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1618 'HTTP_ACCEPT': "application/json;version=1"
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1619 }, form)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1620 cl.db = self.db
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1621 cl.base = 'http://whoami.com/path/'
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1622 cl._socket_op = lambda *x : True
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1623 cl._error_message = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1624 cl.request = MockNull()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1625 h = { 'content-type': 'application/json',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1626 'accept': 'application/json;version=1' }
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1627 cl.request.headers = MockNull(**h)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1628
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1629 cl.write = wh # capture output
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1630
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1631 # Should return explanation because content type is text/plain
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1632 # and not text/xml
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1633 cl.handle_rest()
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1634 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, '
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1635 '"msg": "Required Header Missing" } }')
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1636 del(out[0])
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1637
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1638 cl = client.Client(self.instance, None,
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1639 {'REQUEST_METHOD':'POST',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1640 'PATH_INFO':'rest/data/issue',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1641 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1642 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1643 'HTTP_REFERER': 'http://whoami.com/path/',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1644 'HTTP_X_REQUESTED_WITH': 'rest',
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1645 'HTTP_ACCEPT': "application/json;version=1",
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1646 'HTTP_ORIGIN': 'http://whoami.com',
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1647 }, form)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1648 cl.db = self.db
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1649 cl.base = 'http://whoami.com/path/'
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1650 cl._socket_op = lambda *x : True
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1651 cl._error_message = []
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1652 cl.request = MockNull()
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1653 h = { 'content-type': 'application/json',
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1654 'accept': 'application/json;version=1' }
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1655 cl.request.headers = MockNull(**h)
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1656
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1657 cl.write = wh # capture output
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1658
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1659 # Should work as all required headers are present.
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1660 cl.handle_rest()
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1661 answer='{"data": {"link": "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/issue/1", "id": "1"}}\n'
5703
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1662 # check length to see if pretty is turned off.
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1663 self.assertEqual(len(out[0]), 99)
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1664
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1665 # compare as dicts not strings due to different key ordering
92c1864d5dd2 Add test for @pretty=false format change.
John Rouillard <rouilj@ieee.org>
parents: 5700
diff changeset
1666 # between python versions.
5700
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1667 response=json.loads(b2s(out[0]))
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1668 expected=json.loads(answer)
f90a534cb112 Change output comparison from strings to comparison on python
John Rouillard <rouilj@ieee.org>
parents: 5699
diff changeset
1669 self.assertEqual(response,expected)
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1670 del(out[0])
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5652
diff changeset
1671
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1672
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1673 # rest has no form content
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1674 cl.db.config.WEB_ALLOWED_API_ORIGINS = "https://bar.edu http://bar.edu"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1675 form = cgi.FieldStorage()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1676 form.list = [
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1677 cgi.MiniFieldStorage('title', 'A new issue'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1678 cgi.MiniFieldStorage('status', '1'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1679 cgi.MiniFieldStorage('@pretty', 'false'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1680 cgi.MiniFieldStorage('@apiver', '1'),
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1681 ]
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1682 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1683 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1684 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1685 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1686 'HTTP_ORIGIN': 'https://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1687 'HTTP_X_REQUESTED_WITH': 'rest',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1688 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1689 'HTTP_REFERER': 'http://whoami.com/path/',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1690 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1691 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1692 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1693 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1694 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1695 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1696 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1697 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1698 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1699 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1700
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1701 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1702
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1703 # Should return explanation because content type is text/plain
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1704 # and not text/xml
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1705 cl.handle_rest()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1706 answer='{"data": {"link": "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/issue/2", "id": "2"}}\n'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1707 # check length to see if pretty is turned off.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1708 self.assertEqual(len(out[0]), 99)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1709
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1710 # compare as dicts not strings due to different key ordering
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1711 # between python versions.
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1712 response=json.loads(b2s(out[0]))
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1713 expected=json.loads(answer)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1714 self.assertEqual(response,expected)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1715 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1716
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1717 #####
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1718 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1719 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1720 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1721 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1722 'HTTP_ORIGIN': 'httxs://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1723 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1724 'HTTP_REFERER': 'http://whoami.com/path/',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1725 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1726 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1727 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1728 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1729 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1730 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1731 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1732 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1733 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1734 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1735
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1736 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1737
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1738 # Should return explanation because content type is text/plain
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1739 # and not text/xml
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1740 cl.handle_rest()
7153
1181157d7cec Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents: 6693
diff changeset
1741 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, "msg": "Client is not allowed to use Rest Interface." } }')
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1742 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1743
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1744
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1745 cl.db.config.WEB_ALLOWED_API_ORIGINS = " * "
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1746 cl = client.Client(self.instance, None,
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1747 {'REQUEST_METHOD':'POST',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1748 'PATH_INFO':'rest/data/issue',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1749 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1750 'HTTP_ORIGIN': 'httxs://bar.edu',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1751 'HTTP_X_REQUESTED_WITH': 'rest',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1752 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1753 'HTTP_REFERER': 'httxp://bar.edu/path/',
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1754 'HTTP_ACCEPT': "application/json;version=1"
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1755 }, form)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1756 cl.db = self.db
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1757 cl.base = 'http://whoami.com/path/'
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1758 cl._socket_op = lambda *x : True
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1759 cl._error_message = []
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1760 cl.request = MockNull()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1761 h = { 'content-type': 'application/json',
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1762 'accept': 'application/json' }
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1763 cl.request.headers = MockNull(**h)
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1764
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1765 cl.write = wh # capture output
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1766
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1767 # create fourth issue
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1768 cl.handle_rest()
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1769 self.assertIn('"id": "3"', b2s(out[0]))
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1770 del(out[0])
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
1771
6693
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1772 cl.db.config.WEB_ALLOWED_API_ORIGINS = "httxs://bar.foo.edu httxs://bar.edu"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1773 for referer in [ 'httxs://bar.edu/path/foo',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1774 'httxs://bar.edu/path/foo?g=zz',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1775 'httxs://bar.edu']:
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1776 cl = client.Client(self.instance, None,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1777 {'REQUEST_METHOD':'POST',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1778 'PATH_INFO':'rest/data/issue',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1779 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1780 'HTTP_ORIGIN': 'httxs://bar.edu',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1781 'HTTP_X_REQUESTED_WITH': 'rest',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1782 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1783 'HTTP_REFERER': referer,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1784 'HTTP_ACCEPT': "application/json;version=1"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1785 }, form)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1786 cl.db = self.db
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1787 cl.base = 'http://whoami.com/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1788 cl._socket_op = lambda *x : True
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1789 cl._error_message = []
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1790 cl.request = MockNull()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1791 h = { 'content-type': 'application/json',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1792 'accept': 'application/json' }
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1793 cl.request.headers = MockNull(**h)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1794
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1795 cl.write = wh # capture output
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1796
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1797 # create fourth issue
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1798 cl.handle_rest()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1799 self.assertIn('"id": "', b2s(out[0]))
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1800 del(out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1801
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1802 cl.db.config.WEB_ALLOWED_API_ORIGINS = "httxs://bar.foo.edu httxs://bar.edu"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1803 cl = client.Client(self.instance, None,
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1804 {'REQUEST_METHOD':'POST',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1805 'PATH_INFO':'rest/data/issue',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1806 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1807 'HTTP_ORIGIN': 'httxs://bar.edu',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1808 'HTTP_X_REQUESTED_WITH': 'rest',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1809 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1810 'HTTP_REFERER': 'httxp://bar.edu/path/',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1811 'HTTP_ACCEPT': "application/json;version=1"
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1812 }, form)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1813 cl.db = self.db
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1814 cl.base = 'http://whoami.com/path/'
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1815 cl._socket_op = lambda *x : True
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1816 cl._error_message = []
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1817 cl.request = MockNull()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1818 h = { 'content-type': 'application/json',
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1819 'accept': 'application/json' }
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1820 cl.request.headers = MockNull(**h)
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1821
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1822 cl.write = wh # capture output
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1823
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1824 # create fourth issue
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1825 cl.handle_rest()
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1826 self.assertEqual(b2s(out[0]), '{ "error": { "status": 400, "msg": "Invalid Referer: httxp://bar.edu/path/"}}')
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1827 del(out[0])
9a1f5e496e6c issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents: 6681
diff changeset
1828
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1829 def testXmlrpcCsrfProtection(self):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1830 # set the password for admin so we can log in.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1831 passwd=password.Password('admin')
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1832 self.db.user.set('1', password=passwd)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1833
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1834 out = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1835 def wh(s):
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1836 out.append(s)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1837
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1838 # xmlrpc has no form content
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1839 form = {}
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1840 cl = client.Client(self.instance, None,
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1841 {'REQUEST_METHOD':'POST',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1842 'PATH_INFO':'xmlrpc',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1843 'CONTENT_TYPE': 'text/plain',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1844 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1845 'HTTP_REFERER': 'http://whoami.com/path/',
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1846 'HTTP_X_REQUESTED_WITH': "XMLHttpRequest"
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1847 }, form)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1848 cl.db = self.db
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1849 cl.base = 'http://whoami.com/path/'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1850 cl._socket_op = lambda *x : True
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1851 cl._error_message = []
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1852 cl.request = MockNull()
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1853 cl.write = wh # capture output
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1854
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1855 # Should return explanation because content type is text/plain
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1856 # and not text/xml
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1857 cl.handle_xmlrpc()
6268
bdcccd2b2141 Replace http:....roundup-tracker.org with https.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1859 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1860
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1861 # Should return admin user indicating auth works and
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1862 # header checks succeed (REFERER and X-REQUESTED-WITH)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1863 cl.env['CONTENT_TYPE'] = "text/xml"
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1864 # ship the form with the value holding the xml value.
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1865 # I have no clue why this works but ....
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1866 cl.form = MockNull(file = True, value = "<?xml version='1.0'?>\n<methodCall>\n<methodName>display</methodName>\n<params>\n<param>\n<value><string>user1</string></value>\n</param>\n<param>\n<value><string>username</string></value>\n</param>\n</params>\n</methodCall>\n" )
5472
e903835f0822 expect bytes from XMLRPC tests
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5453
diff changeset
1867 answer = b"<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>username</name>\n<value><string>admin</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n"
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1868 cl.handle_xmlrpc()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1869 print(out)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1870 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1871 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1872
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1873 # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned
5624
b3618882f906 issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents: 5614
diff changeset
1874 del(cl.env['HTTP_X_REQUESTED_WITH'])
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1875 cl.handle_xmlrpc()
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1876 frag_faultCode = "<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n"
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1877 frag_faultString = "<member>\n<name>faultString</name>\n<value><string>&lt;class 'roundup.exceptions.UsageError'&gt;:Required Header Missing</string></value>\n</member>\n"
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1878 output_fragments = ["<?xml version='1.0'?>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1879 "<methodResponse>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1880 "<fault>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1881 "<value><struct>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1882 (frag_faultCode + frag_faultString,
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1883 frag_faultString + frag_faultCode),
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1884 "</struct></value>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1885 "</fault>\n",
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1886 "</methodResponse>\n"]
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1887 print(out[0])
5513
19bd4b413ed6 be more lenient when comparing string results
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5488
diff changeset
1888 self.compareStringFragments(out[0], output_fragments)
5220
14d8f61e6ef2 Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents: 5218
diff changeset
1889 del(out[0])
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1890
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1891 # change config to not require X-REQUESTED-WITH header
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1892 cl.db.config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] = 'logfailure'
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1893 cl.handle_xmlrpc()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
1894 print(out)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1895 self.assertEqual(out[0], answer)
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1896 del(out[0])
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
1897
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1898 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1899 # SECURITY
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1900 #
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1901 # XXX test all default permissions
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1902 def _make_client(self, form, classname='user', nodeid='1',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1903 userid='2', template='item'):
4088
34434785f308 Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents: 3982
diff changeset
1904 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
1905 'REQUEST_METHOD':'POST'}, db_test_base.makeForm(form))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1906 cl.classname = classname
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1907 if nodeid is not None:
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1908 cl.nodeid = nodeid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1909 cl.db = self.db
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
1910 cl.db.Otk = cl.db.getOTKManager()
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1911 #cl.db.Otk = MockNull()
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1912 #cl.db.Otk.data = {}
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1913 #cl.db.Otk.getall = self.data_get
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1914 #cl.db.Otk.set = self.data_set
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
1915 cl.userid = userid
3969
905faf52a51f fix mysql breakage in 1.4.2
Richard Jones <richard@users.sourceforge.net>
parents: 3930
diff changeset
1916 cl.language = ('en',)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1917 cl._error_message = []
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
1918 cl._ok_message = []
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
1919 cl.template = template
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1920 return cl
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1921
5720
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1922 def data_get(self, key):
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1923 return self.db.Otk.data[key]
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1924
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1925 def data_set(self, key, **value):
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1926 self.db.Otk.data[key] = value
071625b5b7c0 Deactivate failing test till I can get somebody to look at it. I want
John Rouillard <rouilj@ieee.org>
parents: 5703
diff changeset
1927
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1928 def testClassPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1929 cl = self._make_client(dict(username='bob'))
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5786
diff changeset
1930 self.assertRaises(exceptions.Unauthorised,
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1931 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1932 cl.nodeid = '1'
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1933 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1934 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1935
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1936 def testCheckAndPropertyPermission(self):
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1937 self.db.security.permissions = {}
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1938 def own_record(db, userid, itemid):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1939 return userid == itemid
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1940 p = self.db.security.addPermission(name='Edit', klass='user',
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1941 check=own_record, properties=("password", ))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1942 self.db.security.addPermissionToRole('User', p)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1943
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1944 cl = self._make_client(dict(username='bob'))
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1945 self.assertRaises(exceptions.Unauthorised,
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1946 actions.EditItemAction(cl).handle)
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1947 cl = self._make_client(dict(roles='User,Admin'), userid='4', nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1948 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1949 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1950 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1951 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1952 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1953 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1954 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1955 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1956 # working example, mary may change her pw
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1957 cl = self._make_client({'password':'ob', '@confirm@password':'ob'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1958 nodeid='4', userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1959 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1960 actions.EditItemAction(cl).handle)
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1961 cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
5794
95a366d46065 Replace deprecated assertEquals with assertEqual and failUnlessRaises
John Rouillard <rouilj@ieee.org>
parents: 5786
diff changeset
1962 self.assertRaises(exceptions.Unauthorised,
3930
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1963 actions.EditItemAction(cl).handle)
1b84355e346a add tests for through-the-web permission checking
Richard Jones <richard@users.sourceforge.net>
parents: 3904
diff changeset
1964
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1965 def testCreatePermission(self):
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1966 # this checks if we properly differentiate between create and
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1967 # edit permissions
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1968 self.db.security.permissions = {}
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1969 self.db.security.addRole(name='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1970 # Don't allow roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1971 p = self.db.security.addPermission(name='Create', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1972 properties=("username", "password", "address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1973 "alternate_address", "realname", "phone", "organisation",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1974 "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1975 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1976 # Don't allow roles *and* don't allow username
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1977 p = self.db.security.addPermission(name='Edit', klass='user',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1978 properties=("password", "address", "alternate_address",
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1979 "realname", "phone", "organisation", "timezone"))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1980 self.db.security.addPermissionToRole('UserAdd', p)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1981 self.db.user.set('4', roles='UserAdd')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1982
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1983 # anonymous may not
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1984 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1985 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1986 'roles':'Admin'}, nodeid=None, userid='2')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1987 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1988 actions.NewItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1989 # Don't allow creating new user with roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1990 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1991 '@confirm@password':'secret', 'address':'new_user@bork.bork',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1992 'roles':'Admin'}, nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1993 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1994 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
1995 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1996 # this should work
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1997 cl = self._make_client({'username':'new_user', 'password':'secret',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1998 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
1999 nodeid=None, userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2000 self.assertRaises(exceptions.Redirect,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2001 actions.NewItemAction(cl).handle)
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2002 self.assertEqual(cl._error_message,[])
4310
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2003 # don't allow changing (my own) username (in this example)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2004 cl = self._make_client(dict(username='new_user42'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2005 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2006 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2007 cl = self._make_client(dict(username='new_user42'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2008 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2009 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2010 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2011 # don't allow changing (my own) roles
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2012 cl = self._make_client(dict(roles='User,Admin'), userid='4',
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2013 nodeid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2014 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2015 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2016 cl = self._make_client(dict(roles='User,Admin'), userid='4')
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2017 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2018 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2019 cl = self._make_client(dict(roles='User,Admin'))
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2020 self.assertRaises(exceptions.Unauthorised,
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2021 actions.EditItemAction(cl).handle)
8e0d350ce644 Proper handling of 'Create' permissions in both mail gateway...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4306
diff changeset
2022
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2023 def testSearchPermission(self):
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2024 # this checks if we properly check for search permissions
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2025 self.db.security.permissions = {}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2026 self.db.security.addRole(name='User')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2027 self.db.security.addRole(name='Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2028 self.db.security.addPermissionToRole('User', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2029 self.db.security.addPermissionToRole('Project', 'Web Access')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2030 # Allow viewing department
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2031 p = self.db.security.addPermission(name='View', klass='department')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2032 self.db.security.addPermissionToRole('User', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2033 # Allow viewing interesting things (but not department) on iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2034 # But users might only view issues where they are on nosy
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2035 # (so in the real world the check method would be better)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2036 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2037 properties=("title", "status"), check=lambda x,y,z: True)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2038 self.db.security.addPermissionToRole('User', p)
4446
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2039 # Allow all relevant roles access to stat
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2040 p = self.db.security.addPermission(name='View', klass='stat')
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2041 self.db.security.addPermissionToRole('User', p)
17f796a78647 fix broken tests by adding additional permissions...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
2042 self.db.security.addPermissionToRole('Project', p)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2043 # Allow role "Project" access to whole iss
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2044 p = self.db.security.addPermission(name='View', klass='iss')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2045 self.db.security.addPermissionToRole('Project', p)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2046
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2047 department = self.instance.backend.Class(self.db, "department",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2048 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2049 status = self.instance.backend.Class(self.db, "stat",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2050 name=hyperdb.String())
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2051 issue = self.instance.backend.Class(self.db, "iss",
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2052 title=hyperdb.String(), status=hyperdb.Link('stat'),
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2053 department=hyperdb.Link('department'))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2054
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2055 d1 = department.create(name='d1')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2056 d2 = department.create(name='d2')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2057 open = status.create(name='open')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2058 closed = status.create(name='closed')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2059 issue.create(title='i1', status=open, department=d2)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2060 issue.create(title='i2', status=open, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2061 issue.create(title='i2', status=closed, department=d1)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2062
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2063 chef = self.db.user.lookup('Chef')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2064 mary = self.db.user.lookup('mary')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2065 self.db.user.set(chef, roles = 'User, Project')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2066
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2067 perm = self.db.security.hasPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2068 search = self.db.security.hasSearchPermission
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2069 self.assertTrue(perm('View', chef, 'iss', 'department', '1'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2070 self.assertTrue(perm('View', chef, 'iss', 'department', '2'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2071 self.assertTrue(perm('View', chef, 'iss', 'department', '3'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2072 self.assertTrue(search(chef, 'iss', 'department'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2073
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2074 self.assertTrue(not perm('View', mary, 'iss', 'department'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2075 self.assertTrue(perm('View', mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2076 # Conditionally allow view of whole iss (check is False here,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2077 # this might check for department owner in the real world)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2078 p = self.db.security.addPermission(name='View', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2079 check=lambda x,y,z: False)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2080 self.db.security.addPermissionToRole('User', p)
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2081 self.assertTrue(perm('View', mary, 'iss', 'department'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2082 self.assertTrue(not perm('View', mary, 'iss', 'department', '1'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2083 self.assertTrue(not search(mary, 'iss', 'department'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2084
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2085 self.assertTrue(perm('View', mary, 'iss', 'status'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2086 self.assertTrue(not search(mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2087 # Allow user to search for iss.status
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2088 p = self.db.security.addPermission(name='Search', klass='iss',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2089 properties=("status",))
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2090 self.db.security.addPermissionToRole('User', p)
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2091 self.assertTrue(search(mary, 'iss', 'status'))
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2092
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2093 dep = {'@action':'search','columns':'id','@filter':'department',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2094 'department':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2095 stat = {'@action':'search','columns':'id','@filter':'status',
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2096 'status':'1'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2097 depsort = {'@action':'search','columns':'id','@sort':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2098 depgrp = {'@action':'search','columns':'id','@group':'department'}
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2099
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2100 # Filter on department ignored for role 'User':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2101 cl = self._make_client(dep, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2102 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2103 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2104 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2105 # Filter on department works for role 'Project':
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2106 cl = self._make_client(dep, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2107 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2108 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2109 self.assertEqual([x.id for x in h.batch()],['2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2110 # Filter on status works for all:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2111 cl = self._make_client(stat, classname='iss', nodeid=None, userid=mary,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2112 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2113 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2114 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2115 cl = self._make_client(stat, classname='iss', nodeid=None, userid=chef,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2116 template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2117 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2118 self.assertEqual([x.id for x in h.batch()],['1', '2'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2119 # Sorting and grouping for class Project works:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2120 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2121 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2122 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2123 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
5094
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2124 self.assertEqual(cl._error_message, []) # test for empty _error_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2125 self.assertEqual(cl._ok_message, []) # test for empty _ok_message when sort is valid
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2126
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2127 # Test for correct _error_message for invalid sort/group properties
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2128 baddepsort = {'@action':'search','columns':'id','@sort':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2129 baddepgrp = {'@action':'search','columns':'id','@group':'dep'}
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2130 cl = self._make_client(baddepsort, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2131 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2132 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2133 self.assertEqual(cl._error_message, ['Unknown sort property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2134 cl = self._make_client(baddepgrp, classname='iss', nodeid=None,
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2135 userid=chef, template='index')
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2136 h = HTMLRequest(cl)
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2137 self.assertEqual(cl._error_message, ['Unknown group property dep'])
92d33d3125a0 Validate properties specified for sorting and grouping in index
John Rouillard <rouilj@ieee.org>
parents: 5067
diff changeset
2138
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2139 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2140 userid=chef, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2141 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2142 self.assertEqual([x.id for x in h.batch()],['2', '3', '1'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2143 # Sorting and grouping for class User fails:
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2144 cl = self._make_client(depsort, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2145 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2146 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2147 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2148 cl = self._make_client(depgrp, classname='iss', nodeid=None,
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2149 userid=mary, template='index')
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2150 h = HTMLRequest(cl)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2151 self.assertEqual([x.id for x in h.batch()],['1', '2', '3'])
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4310
diff changeset
2152
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2153 def testEditCSVKeyword(self):
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2154 form = dict(rows='id,name\n1,newkey')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2155 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2156 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2157 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2158 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2159 k = self.db.keyword.getnode('1')
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2160 self.assertEqual(k.name, 'newkey')
5484
ca8050fa5e78 fixed string encoding in test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5472
diff changeset
2161 form = dict(rows=u2s(u'id,name\n1,\xe4\xf6\xfc'))
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2162 cl = self._make_client(form, userid='1', classname='keyword')
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2163 cl._ok_message = []
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2164 actions.EditCSVAction(cl).handle()
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2165 self.assertEqual(cl._ok_message, ['Items edited OK'])
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2166 k = self.db.keyword.getnode('1')
5484
ca8050fa5e78 fixed string encoding in test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5472
diff changeset
2167 self.assertEqual(k.name, u2s(u'\xe4\xf6\xfc'))
6435
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2168 form = dict(rows='id,name\n1,newkey\n\n2,newerkey\n\n')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2169 cl = self._make_client(form, userid='1', classname='keyword')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2170 cl._ok_message = []
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2171 actions.EditCSVAction(cl).handle()
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2172 self.assertEqual(cl._ok_message, ['Items edited OK'])
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2173 k = self.db.keyword.getnode('1')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2174 self.assertEqual(k.name, 'newkey')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2175 k = self.db.keyword.getnode('2')
ada96db8ec62 Ignore blank lines when editing class via CSV
John Rouillard <rouilj@ieee.org>
parents: 6382
diff changeset
2176 self.assertEqual(k.name, 'newerkey')
4521
abd2db0a159a Fix StringIO issue2550713:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4486
diff changeset
2177
5814
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2178 def testEditCSVTest(self):
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2179
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2180 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,true,2019-02-10,2d,4,,,,3.4,pass,foo\n2,no,2017-02-10,1d,-9,1,,1,-2.4,poof,bar\n3,no,2017-02-10,1d,-9,2,,1:2,-2.4,ping,bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2181 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2182 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2183 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2184 self.assertEqual(cl._ok_message, ['Items edited OK'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2185 t = self.db.test.getnode('1')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2186 self.assertEqual(t.string, 'foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2187 self.assertEqual(t['string'], 'foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2188 self.assertEqual(t.boolean, True)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2189 t = self.db.test.getnode('3')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2190 self.assertEqual(t.multilink, [ "1", "2" ])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2191
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2192 # now edit existing row and delete row
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2193 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,false,2019-03-10,1d,3,1,,1:2,2.2,pass,bar\n2,,,,,1,,1,,,bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2194 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2195 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2196 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2197 self.assertEqual(cl._ok_message, ['Items edited OK'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2198 t = self.db.test.getnode('1')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2199 self.assertEqual(t.string, 'bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2200 self.assertEqual(t['string'], 'bar')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2201 self.assertEqual(t.boolean, False)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2202 self.assertEqual(t.multilink, [ "1", "2" ])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2203 self.assertEqual(t.link, "1")
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2204
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2205 t = self.db.test.getnode('3')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2206 self.assertTrue(t.cl.is_retired('3'))
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2207
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2208
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2209 def testEditCSVTestBadRow(self):
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2210 form = dict(rows='\nid,boolean,date,interval,intval,link,messages,multilink,number,pw,string\n1,2019-02-10,2d,4,,,,3.4,pass,foo')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2211 cl = self._make_client(form, userid='1', classname='test')
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2212 cl._ok_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2213 cl._error_message = []
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2214 actions.EditCSVAction(cl).handle()
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2215 print(cl._error_message)
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2216 self.assertEqual(cl._error_message, ['Not enough values on line 3'])
bd6d41f21a5a More extensive EditCSV testing.
John Rouillard <rouilj@ieee.org>
parents: 5805
diff changeset
2217
5515
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2218 def testEditCSVRestore(self):
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2219 form = dict(rows='id,name\n1,key1\n2,key2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2220 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2221 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2222 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2223 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2224 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2225 self.assertEqual(k.name, 'key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2226 k = self.db.keyword.getnode('2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2227 self.assertEqual(k.name, 'key2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2228
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2229 form = dict(rows='id,name\n1,key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2230 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2231 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2232 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2233 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2234 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2235 self.assertEqual(k.name, 'key1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2236 self.assertEqual(self.db.keyword.is_retired('2'), True)
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2237
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2238 form = dict(rows='id,name\n1,newkey1\n2,newkey2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2239 cl = self._make_client(form, userid='1', classname='keyword')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2240 cl._ok_message = []
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2241 actions.EditCSVAction(cl).handle()
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2242 self.assertEqual(cl._ok_message, ['Items edited OK'])
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2243 k = self.db.keyword.getnode('1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2244 self.assertEqual(k.name, 'newkey1')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2245 k = self.db.keyword.getnode('2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2246 self.assertEqual(k.name, 'newkey2')
cd0ceb2afdb8 fixed issue2550993 and added test case
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5513
diff changeset
2247
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2248 def testRegisterActionDelay(self):
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2249 from roundup.cgi.timestamp import pack_timestamp
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2250
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2251 # need to set SENDMAILDEBUG to prevent
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2252 # downstream issue when email is sent on successful
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2253 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
2254 # just to make sure that some other test looking for
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2255 # SENDMAILDEBUG won't trip over ours.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2256 if 'SENDMAILDEBUG' not in os.environ:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2257 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2258 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2259
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2260 # missing opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2261 cl = self._make_client({'username':'new_user1', 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2262 '@confirm@password':'secret', 'address':'new_user@bork.bork'},
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2263 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2264 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2265 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2266 self.assertEqual(cm.exception.args,
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2267 ('Form is corrupted, missing: opaqueregister.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2268
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2269 # broken/invalid opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2270 # strings chosen to generate:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2271 # binascii.Error Incorrect padding
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2272 # struct.error requires a string argument of length 4
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2273 cl = self._make_client({'username':'new_user1',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2274 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2275 '@confirm@password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2276 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2277 'opaqueregister': 'zzz' },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2278 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2279 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2280 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2281 self.assertEqual(cm.exception.args, ('Form is corrupted.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2282
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2283 cl = self._make_client({'username':'new_user1',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2284 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2285 '@confirm@password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2286 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2287 'opaqueregister': 'xyzzyzl=' },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2288 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2289 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2290 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2291 self.assertEqual(cm.exception.args, ('Form is corrupted.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2292
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2293 # valid opaqueregister
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2294 cl = self._make_client({'username':'new_user1', 'password':'secret',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2295 '@confirm@password':'secret', 'address':'new_user@bork.bork',
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2296 'opaqueregister': pack_timestamp() },
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2297 nodeid=None, userid='2')
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2298 # submitted too fast, so raises error
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2299 with self.assertRaises(FormError) as cm:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2300 actions.RegisterAction(cl).handle()
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2301 self.assertEqual(cm.exception.args,
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2302 ('Responding to form too quickly.',))
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2303
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2304 sleep(4.1) # sleep as requested so submit will take long enough
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2305 self.assertRaises(Redirect, actions.RegisterAction(cl).handle)
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2306
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2307 # FIXME check that email output makes sense at some point
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2308
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2309 # clean up from email log
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2310 if os.path.exists(SENDMAILDEBUG):
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2311 os.remove(SENDMAILDEBUG)
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5924
diff changeset
2312
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2313 def testRegisterActionUnusedUserCheck(self):
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2314 # need to set SENDMAILDEBUG to prevent
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2315 # downstream issue when email is sent on successful
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2316 # issue creation. Also delete the file afterwards
6681
ab2ed11c021e issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents: 6651
diff changeset
2317 # just to make sure that some other test looking for
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2318 # SENDMAILDEBUG won't trip over ours.
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2319 if 'SENDMAILDEBUG' not in os.environ:
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2320 os.environ['SENDMAILDEBUG'] = 'mail-test1.log'
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2321 SENDMAILDEBUG = os.environ['SENDMAILDEBUG']
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2322
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2323 nodeid = self.db.user.create(username='iexist',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2324 password=password.Password('foo'))
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2325
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2326 # enable check and remove delay time
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2327 self.db.config.WEB_REGISTRATION_PREVALIDATE_USERNAME = 1
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2328 self.db.config.WEB_REGISTRATION_DELAY = 0
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2329
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2330 # Make a request with existing user. Use iexist.
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2331 # do not need opaqueregister as we have disabled the delay check
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2332 cl = self._make_client({'username':'iexist', 'password':'secret',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2333 '@confirm@password':'secret', 'address':'iexist@bork.bork'},
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2334 nodeid=None, userid='2')
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2335 with self.assertRaises(Reject) as cm:
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2336 actions.RegisterAction(cl).handle()
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2337 self.assertEqual(cm.exception.args,
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2338 ("Username 'iexist' is already used.",))
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2339
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2340 cl = self._make_client({'username':'i-do@not.exist',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2341 'password':'secret',
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2342 '@confirm@password':'secret', 'address':'iexist@bork.bork'},
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2343 nodeid=None, userid='2')
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2344 self.assertRaises(Redirect, actions.RegisterAction(cl).handle)
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2345
5978
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2346 # clean up from email log
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2347 if os.path.exists(SENDMAILDEBUG):
fefdf5f97c50 Clean up SENDMAILDEBUG in test case.
John Rouillard <rouilj@ieee.org>
parents: 5976
diff changeset
2348 os.remove(SENDMAILDEBUG)
5976
71c68961d9f4 - issue2550920 - Optionally detect duplicate username at registration.
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2349
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2350 def testserve_static_files(self):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2351 # make a client instance
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2352 cl = self._make_client({})
6651
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
2353 # Make local copy in cl to not modify value in class
da6c9050a79e Fix modification of Cache_Control
Ralf Schlatterbeck <rsc@runtux.com>
parents: 6601
diff changeset
2354 cl.Cache_Control = copy.copy (cl.Cache_Control)
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2355
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2356 # hijack _serve_file so I can see what is found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2357 output = []
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2358 def my_serve_file(a, b, c, d):
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2359 output.append((a,b,c,d))
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2360 cl._serve_file = my_serve_file
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2361
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2362 # check case where file is not found.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2363 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2364 cl.serve_static_file,"missing.css")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2365
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2366 # TEMPLATES dir is searched by default. So this file exists.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2367 # Check the returned values.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2368 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2369 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2370 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2371 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2372
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2373 # stop searching TEMPLATES for the files.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2374 cl.instance.config['STATIC_FILES'] = '-'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2375 # previously found file should not be found
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2376 self.assertRaises(NotFound,
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2377 cl.serve_static_file,"issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2378
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2379 # explicitly allow html directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2380 cl.instance.config['STATIC_FILES'] = 'html -'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2381 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2382 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2383 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2384 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2385
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2386 # set the list of files and do not look at the templates directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2387 cl.instance.config['STATIC_FILES'] = 'detectors extensions - '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2388
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2389 # find file in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2390 cl.serve_static_file("messagesummary.py")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2391 self.assertEqual(output[0][1], "text/x-python")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2392 self.assertEqual(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2393 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2394
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2395 # find file in second directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2396 cl.serve_static_file("README.txt")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2397 self.assertEqual(output[0][1], "text/plain")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2398 self.assertEqual(output[0][3], "_test_cgi_form/extensions/README.txt")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2399 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2400
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2401 # make sure an embedded - ends the searching.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2402 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2403 self.assertRaises(NotFound, cl.serve_static_file, "README.txt")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2404
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2405 cl.instance.config['STATIC_FILES'] = ' detectors - extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2406 self.assertRaises(NotFound, cl.serve_static_file, "issue.index.html")
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2407
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2408 # create an empty README.txt in the first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2409 f = open('_test_cgi_form/detectors/README.txt', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2410 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2411 cl.serve_static_file("README.txt")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2412 self.assertEqual(output[0][1], "text/plain")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2413 self.assertEqual(output[0][3], "_test_cgi_form/detectors/README.txt")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2414 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2415
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2416 cl.instance.config['STATIC_FILES'] = ' detectors extensions '
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2417 # make sure lack of trailing - allows searching TEMPLATES
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2418 cl.serve_static_file("issue.index.html")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2419 self.assertEqual(output[0][1], "text/html")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2420 self.assertEqual(output[0][3], "_test_cgi_form/html/issue.index.html")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2421 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2422
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2423 # Make STATIC_FILES a single element.
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2424 cl.instance.config['STATIC_FILES'] = 'detectors'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2425 # find file now in first directory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2426 cl.serve_static_file("messagesummary.py")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2427 self.assertEqual(output[0][1], "text/x-python")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2428 self.assertEqual(output[0][3], "_test_cgi_form/detectors/messagesummary.py")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2429 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2430
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2431 # make sure files found in subdirectory
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2432 os.mkdir('_test_cgi_form/detectors/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2433 f = open('_test_cgi_form/detectors/css/README.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2434 # use subdir in filename
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2435 cl.serve_static_file("css/README.css")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2436 self.assertEqual(output[0][1], "text/css")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2437 self.assertEqual(output[0][3], "_test_cgi_form/detectors/css/README.css")
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2438 del output[0] # reset output buffer
5980
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2439
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2440 cl.Cache_Control['text/css'] = 'public, max-age=3600'
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2441 # use subdir in static files path
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2442 cl.instance.config['STATIC_FILES'] = 'detectors html/css'
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2443 os.mkdir('_test_cgi_form/html/css')
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2444 f = open('_test_cgi_form/html/css/README1.css', 'a').close()
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2445 cl.serve_static_file("README1.css")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2446 self.assertEqual(output[0][1], "text/css")
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2447 self.assertEqual(output[0][3], "_test_cgi_form/html/css/README1.css")
5980
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2448 self.assertTrue( "Cache-Control" in cl.additional_headers )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2449 self.assertEqual( cl.additional_headers,
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2450 {'Cache-Control': 'public, max-age=3600'} )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2451 del output[0] # reset output buffer
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2452
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2453 cl.Cache_Control['README1.css'] = 'public, max-age=60'
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2454 cl.serve_static_file("README1.css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2455 self.assertEqual(output[0][1], "text/css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2456 self.assertEqual(output[0][3], "_test_cgi_form/html/css/README1.css")
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2457 self.assertTrue( "Cache-Control" in cl.additional_headers )
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2458 self.assertEqual( cl.additional_headers,
54d0080769f9 Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents: 5978
diff changeset
2459 {'Cache-Control': 'public, max-age=60'} )
5231
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2460 del output[0] # reset output buffer
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2461
8743b7226dc7 Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents: 5220
diff changeset
2462
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2463 def testRoles(self):
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2464 cl = self._make_client({})
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2465 self.db.user.set('1', roles='aDmin, uSer')
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2466 item = HTMLItem(cl, 'user', '1')
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2467 self.assertTrue(item.hasRole('Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2468 self.assertTrue(item.hasRole('User'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2469 self.assertTrue(item.hasRole('AdmiN'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2470 self.assertTrue(item.hasRole('UseR'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2471 self.assertTrue(item.hasRole('UseR','Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2472 self.assertTrue(item.hasRole('UseR','somethingelse'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2473 self.assertTrue(item.hasRole('somethingelse','Admin'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2474 self.assertTrue(not item.hasRole('userr'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2475 self.assertTrue(not item.hasRole('adminn'))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2476 self.assertTrue(not item.hasRole(''))
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2477 self.assertTrue(not item.hasRole(' '))
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2478 self.db.user.set('1', roles='')
5649
f8893e1cde0d assert_ is depricated. Replacing with assertTrue to reduce logs in travisci.
John Rouillard <rouilj@ieee.org>
parents: 5624
diff changeset
2479 self.assertTrue(not item.hasRole(''))
4306
966592263fb8 Clean up all the places where role processing occurs.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4112
diff changeset
2480
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2481 def testCSVExportCharset(self):
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2482 cl = self._make_client(
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2483 {'@columns': 'id,title,status,keyword,assignedto,nosy'},
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2484 nodeid=None, userid='1')
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2485 cl.classname = 'issue'
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2486
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2487 demo_id=self.db.user.create(username='demo', address='demo@test.test',
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2488 roles='User', realname='demo')
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2489 self.db.issue.create(title=b2s(b'foo1\xc3\xa4'), status='2', assignedto='4', nosy=['3',demo_id])
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2490
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2491 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2492 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2493 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2494 # call export version that outputs names
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2495 actions.ExportCSVAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2496 should_be=(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2497 b'"1","foo1\xc3\xa4","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo"\r\n')
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2498 self.assertEqual(output.getvalue(), should_be)
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2499
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2500 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2501 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2502 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2503 # call export version that outputs id numbers
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2504 actions.ExportCSVWithIdAction(cl).handle()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2505 print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2506 self.assertEqual(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2507 b"\"1\",\"foo1\xc3\xa4\",\"2\",\"[]\",\"4\",\"['3', '4', '5']\"\r\n",
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2508 output.getvalue())
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2509
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2510 # again with ISO-8859-1 client charset
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2511 cl.charset = 'iso8859-1'
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2512 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2513 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2514 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2515 # call export version that outputs names
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2516 actions.ExportCSVAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2517 should_be=(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2518 b'"1","foo1\xe4","deferred","","Contrary, Mary","Bork, Chef;Contrary, Mary;demo"\r\n')
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2519 self.assertEqual(output.getvalue(), should_be)
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2520
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2521 output = io.BytesIO()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2522 cl.request = MockNull()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2523 cl.request.wfile = output
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2524 # call export version that outputs id numbers
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2525 actions.ExportCSVWithIdAction(cl).handle()
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2526 print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2527 self.assertEqual(b'"id","title","status","keyword","assignedto","nosy"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2528 b"\"1\",\"foo1\xe4\",\"2\",\"[]\",\"4\",\"['3', '4', '5']\"\r\n",
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2529 output.getvalue())
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2530
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2531 def testCSVExportBadColumnName(self):
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2532 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2533 userid='1')
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2534 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2535 output = io.BytesIO()
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2536 cl.request = MockNull()
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2537 cl.request.wfile = output
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2538 self.assertRaises(exceptions.NotFound,
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2539 actions.ExportCSVAction(cl).handle)
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2540
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2541 def testCSVExportFailPermissionBadColumn(self):
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2542 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2543 userid='2')
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2544 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2545 output = io.BytesIO()
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2546 cl.request = MockNull()
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2547 cl.request.wfile = output
4624
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2548 # used to be self.assertRaises(exceptions.Unauthorised,
21705126dafa Committed edited fix for issue2550712 by Cedric Krier.
Bernhard Reiter <bernhard@intevation.de>
parents: 4623
diff changeset
2549 # but not acting like the column name is not found
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2550 # see issue2550755 - should this return Unauthorised?
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2551 # The unauthorised user should never get to the point where
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2552 # they can determine if the column name is valid or not.
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2553 self.assertRaises(exceptions.NotFound,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2554 actions.ExportCSVAction(cl).handle)
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2555
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2556 def testCSVExportFailPermissionValidColumn(self):
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2557 passwd=password.Password('foo')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2558 demo_id=self.db.user.create(username='demo', address='demo@test.test',
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2559 roles='User', realname='demo',
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2560 password=passwd)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2561 cl = self._make_client({'@columns': 'id,username,address,password'},
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2562 nodeid=None, userid=demo_id)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2563 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2564 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2565 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2566 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2567 # used to be self.assertRaises(exceptions.Unauthorised,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2568 # but not acting like the column name is not found
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2569
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2570 actions.ExportCSVAction(cl).handle()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2571 #print(output.getvalue())
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2572 self.assertEqual(s2b('"id","username","address","password"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2573 '"1","admin","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2574 '"2","anonymous","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2575 '"3","Chef","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2576 '"4","mary","[hidden]","[hidden]"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2577 '"5","demo","demo@test.test","%s"\r\n'%(passwd)),
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2578 output.getvalue())
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2579
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2580 def testCSVExportWithId(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2581 cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2582 userid='1')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2583 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2584 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2585 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2586 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2587 actions.ExportCSVWithIdAction(cl).handle()
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2588 self.assertEqual(s2b('"id","name"\r\n"1","unread"\r\n"2","deferred"\r\n"3","chatting"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2589 '"4","need-eg"\r\n"5","in-progress"\r\n"6","testing"\r\n"7","done-cbb"\r\n'
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6083
diff changeset
2590 '"8","resolved"\r\n'),
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2591 output.getvalue())
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2592
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2593 def testCSVExportWithIdBadColumnName(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2594 cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2595 userid='1')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2596 cl.classname = 'status'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2597 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2598 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2599 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2600 self.assertRaises(exceptions.NotFound,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2601 actions.ExportCSVWithIdAction(cl).handle)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2602
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2603 def testCSVExportWithIdFailPermissionBadColumn(self):
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2604 cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2605 userid='2')
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2606 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2607 output = io.BytesIO()
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2608 cl.request = MockNull()
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2609 cl.request.wfile = output
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2610 # used to be self.assertRaises(exceptions.Unauthorised,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2611 # but not acting like the column name is not found
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2612 # see issue2550755 - should this return Unauthorised?
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2613 # The unauthorised user should never get to the point where
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2614 # they can determine if the column name is valid or not.
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2615 self.assertRaises(exceptions.NotFound,
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2616 actions.ExportCSVWithIdAction(cl).handle)
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2617
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2618 def testCSVExportWithIdFailPermissionValidColumn(self):
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2619 cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2620 userid='2')
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2621 cl.classname = 'user'
6083
f74d078cfd9a issue2551019 needs to be handled in the action code itself, not the WSGI handler
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5980
diff changeset
2622 output = io.BytesIO()
5168
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2623 cl.request = MockNull()
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2624 cl.request.wfile = output
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2625 # used to be self.assertRaises(exceptions.Unauthorised,
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2626 # but not acting like the column name is not found
9e41254430fe issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
John Rouillard <rouilj@ieee.org>
parents: 5166
diff changeset
2627 self.assertRaises(exceptions.Unauthorised,
5614
be99aa02c616 issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents: 5519
diff changeset
2628 actions.ExportCSVWithIdAction(cl).handle)
4112
6441ffe588f7 fix bug introduced into CSV export and view (issue 2550529)
Richard Jones <richard@users.sourceforge.net>
parents: 4088
diff changeset
2629
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2630 class TemplateHtmlRendering(unittest.TestCase, testFtsQuery):
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2631 ''' try to test the rendering code for tal '''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2632 def setUp(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2633 self.dirname = '_test_template'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2634 # set up and open a tracker
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2635 self.instance = setupTracker(self.dirname)
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2636
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2637 # open the database
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2638 self.db = self.instance.open('admin')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2639 self.db.tx_Source = "web"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2640 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2641 realname='Bork, Chef', roles='User')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2642 self.db.user.create(username='mary', address='mary@test.test',
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2643 roles='User', realname='Contrary, Mary')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2644 self.db.post_init()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2645
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2646 # create a client instance and hijack write_html
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2647 self.client = client.Client(self.instance, "user",
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2648 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2649 form=db_test_base.makeForm({"@template": "item"}))
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2650
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2651 self.client._error_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2652 self.client._ok_message = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2653 self.client.db = self.db
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2654 self.client.userid = '1'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2655 self.client.language = ('en',)
5208
23b8eeaf9864 fixing some tests due to changes to classic template by adding anti-csrf code
John Rouillard <rouilj@ieee.org>
parents: 5203
diff changeset
2656 self.client.session_api = MockNull(_sid="1234567890")
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2657
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2658 self.output = []
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2659 # ugly hack to get html_write to return data here.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2660 def html_write(s):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2661 self.output.append(s)
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2662
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2663 # hijack html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2664 self.client.write_html = html_write
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2665
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2666 self.db.issue.create(title='foo')
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2667
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2668 def tearDown(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2669 self.db.close()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2670 try:
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2671 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5231
diff changeset
2672 except OSError as error:
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2673 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2674
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2675 def testrenderFrontPage(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2676 self.client.renderFrontPage("hello world RaNdOmJunk")
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2677 # make sure we can find the "hello world RaNdOmJunk"
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2678 # message in the output.
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2679 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2680 self.output[0].index('<p class="error-message">hello world RaNdOmJunk <br/ > </p>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2681 # make sure we can find issue 1 title foo in the output
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2682 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2683 self.output[0].index('<a href="issue1">foo</a>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2684
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2685 # make sure we can find the last SHA1 sum line at the end of the
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2686 # page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2687 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2688 self.output[0].index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2689
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2690 def testRenderError(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2691 # set up the client;
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2692 # run determine_context to set the required client attributes
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2693 # run renderError(); check result for proper page
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2694
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2695 self.client.form=db_test_base.makeForm({})
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2696 self.client.path = ''
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2697 self.client.determine_context()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2698
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2699 error = "Houston, we have a problem"
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2700
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2701
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2702 # template rendering will fail and return fallback html
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2703 out = self.client.renderError(error, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2704
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2705 expected_fallback = (
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2706 '\n<html><head><title>Roundup issue tracker: '
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2707 'An error has occurred</title>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2708 ' <link rel="stylesheet" type="text/css" href="@@file/style.css">\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2709 '</head>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2710 '<body class="body" marginwidth="0" marginheight="0">\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2711 ' <p class="error-message">Houston, we have a problem</p>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2712 '</body></html>\n')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2713
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2714 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2715 self.assertIn(error, self.client._error_message)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2716 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2717
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2718 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2719 # Set this so template rendering works.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2720 self.client.classname = 'issue'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2721
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2722 out = self.client.renderError("Houston, we have a problem", 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2723 # match hard coded line in 404 template
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2724 expected = ('There is no <span>issue</span> with id')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2725
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2726 self.assertIn(expected, out)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2727 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2728
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2729
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2730 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2731 # disable template use get fallback
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2732 out = self.client.renderError("Houston, we have a problem", 404,
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2733 use_template=False)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2734
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2735 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2736 self.assertEqual(self.client.response_code, 404)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2737
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2738 ### next test
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2739 # no 400 template (default 2nd param) so we get fallback
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2740 out = self.client.renderError("Houston, we have a problem")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2741 self.assertEqual(out, expected_fallback)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2742 self.assertIn(error, self.client._error_message)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2743 self.assertEqual(self.client.response_code, 400)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2744
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2745 def testrenderContext(self):
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2746 # set up the client;
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2747 # run determine_context to set the required client attributes
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2748 # run renderContext(); check result for proper page
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2749
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2750 # this will generate the default home page like
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2751 # testrenderFrontPage
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2752 self.client.form=db_test_base.makeForm({})
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2753 self.client.path = ''
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2754 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2755 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), (None, '', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2756 self.assertEqual(self.client._ok_message, [])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2757
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2758 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2759 self.assertNotEqual(-1,
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2760 result.index('<!-- SHA: c87a4e18d59a527331f1d367c0c6cc67ee123e63 -->'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2761
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2762 # now look at the user index page
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2763 self.client.form=db_test_base.makeForm(
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2764 { "@ok_message": "ok message", "@template": "index"})
5160
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2765 self.client.path = 'user'
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2766 self.client.determine_context()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2767 self.assertEqual((self.client.classname, self.client.template, self.client.nodeid), ('user', 'index', None))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2768 self.assertEqual(self.client._ok_message, ['ok message'])
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2769
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2770 result = self.client.renderContext()
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2771 self.assertNotEqual(-1, result.index('<title>User listing - Roundup issue tracker</title>'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2772 self.assertNotEqual(-1, result.index('ok message'))
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2773 # print result
f8a32b7331f1 add basic crappy test framework for the client.py::Client::renderFrontPage() ::determine_context() and ::renderContext() methods.
John Rouillard <rouilj@ieee.org>
parents: 5159
diff changeset
2774
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2775 def testRenderAltTemplates(self):
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2776 # check that right page is returned when rendering
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2777 # @template=oktempl|errortmpl
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2778
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2779 # set up the client;
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2780 # run determine_context to set the required client attributes
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2781 # run renderContext(); check result for proper page
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2782
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2783 # Test ok state template that uses user.forgotten.html
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2784 self.client.form=db_test_base.makeForm({"@template": "forgotten|item"})
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2785 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2786 self.client.determine_context()
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5185
diff changeset
2787 self.client.session_api = MockNull(_sid="1234567890")
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2788 self.assertEqual(
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2789 (self.client.classname, self.client.template, self.client.nodeid),
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2790 ('user', 'forgotten|item', None))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2791 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2792
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2793 result = self.client.renderContext()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
2794 print(result)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
2795 # sha1sum of classic tracker user.forgotten.template must be found
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2796 sha1sum = '<!-- SHA: f93570f95f861da40f9c45bbd2b049bb3a7c0fc5 -->'
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2797 self.assertNotEqual(-1, result.index(sha1sum))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2798
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2799 # now set an error in the form to get error template user.item.html
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2800 self.client.form=db_test_base.makeForm({"@template": "forgotten|item",
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2801 "@error_message": "this is an error"})
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2802 self.client.path = 'user'
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2803 self.client.determine_context()
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2804 self.assertEqual(
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2805 (self.client.classname, self.client.template, self.client.nodeid),
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2806 ('user', 'forgotten|item', None))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2807 self.assertEqual(self.client._ok_message, [])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2808 self.assertEqual(self.client._error_message, ["this is an error"])
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2809
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2810 result = self.client.renderContext()
5376
64b05e24dbd8 Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents: 5316
diff changeset
2811 print(result)
5218
44f7e6b958fe Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents: 5210
diff changeset
2812 # sha1sum of classic tracker user.item.template must be found
5316
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2813 sha1sum = '<!-- SHA: 3b7ce7cbf24f77733c9b9f64a569d6429390cc3f -->'
351763d6400a Fix failing test after recent tab changes
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5310
diff changeset
2814 self.assertNotEqual(-1, result.index(sha1sum))
5185
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2815
349bef975367 Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents: 5168
diff changeset
2816
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2817 def testexamine_url(self):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2818 ''' test the examine_url function '''
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2819
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2820 def te(url, exception, raises=ValueError):
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2821 with self.assertRaises(raises) as cm:
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2822 examine_url(url)
5453
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2823 self.assertEqual(cm.exception.args, (exception,))
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2824
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2825
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2826 action = actions.Action(self.client)
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2827 examine_url = action.examine_url
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2828
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2829 # Christmas tree url: test of every component that passes
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2830 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2831 examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2832 'http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2833
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2834 # allow replacing http with https if base is http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2835 self.assertEqual(
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2836 examine_url("https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue"),
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2837 'https://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2838
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2839
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2840 # change base to use https and make sure we don't redirect to http
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2841 saved_base = action.base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2842 action.base = "https://tracker.example/cgi-bin/roundup.cgi/bugs/"
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2843 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2844 'Base url https://tracker.example/cgi-bin/roundup.cgi/bugs/ requires https. Redirect url http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue uses http.')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2845 action.base = saved_base
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2846
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2847 # url doesn't have to be valid to roundup, just has to be contained
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2848 # inside of roundup. No zoik class is defined
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2849 self.assertEqual(examine_url("http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue"), "http://tracker.example/cgi-bin/roundup.cgi/bugs/zoik7;parm=bar?@template=foo&parm=(zot)#issue")
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2850
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2851 # test with wonky schemes
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2852 te("email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2853 'Unrecognized scheme in email://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2854
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2855 te("http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Unrecognized scheme in http%3a//tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2856
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2857 # test different netloc/path prefix
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2858 # assert port
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2859 te("http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue",'Net location in http://tracker.example:1025/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2860
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2861 #assert user
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2862 te("http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2863
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2864 #assert user:password
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2865 te("http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://user:pass@tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2866
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2867 # try localhost http scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2868 te("http://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in http://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2869
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2870 # try localhost https scheme
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2871 te("https://localhost/cgi-bin/roundup.cgi/bugs/user3", 'Net location in https://localhost/cgi-bin/roundup.cgi/bugs/user3 does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2872
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2873 # try different host
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2874 te("http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Net location in http://bad.guys.are.us/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#issue does not match base: tracker.example')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2875
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2876 # change the base path to .../bug from .../bugs
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2877 te("http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue", 'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgi-bin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2878
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2879 # change the base path eliminate - in cgi-bin
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2880 te("http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue",'Base path /cgi-bin/roundup.cgi/bugs/ is not a prefix for url http://tracker.example/cgibin/roundup.cgi/bug/user3;parm=bar?@template=foo&parm=(zot)#issue')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2881
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2882
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2883 # scan for unencoded characters
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2884 # we skip schema and net location since unencoded character
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2885 # are allowed only by an explicit match to a reference.
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2886 #
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2887 # break components with unescaped character '<'
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2888 # path component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2889 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue", 'Path component (/cgi-bin/roundup.cgi/bugs/<user3) in http://tracker.example/cgi-bin/roundup.cgi/bugs/<user3;parm=bar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2890
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2891 # params component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2892 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue", 'Params component (parm=b<ar) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=b<ar?@template=foo&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2893
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2894 # query component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2895 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue", 'Query component (@template=<foo>&parm=(zot)) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=<foo>&parm=(zot)#issue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2896
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2897 # fragment component
5162
3ee79a2d95d4 rename clean_url method to examine_url. the method doesn't realy clean anything, it throws a ValueError if it finds a problem
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2898 te("http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue", 'Fragment component (iss<ue) in http://tracker.example/cgi-bin/roundup.cgi/bugs/user3;parm=bar?@template=foo&parm=(zot)#iss<ue is not properly escaped')
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5160
diff changeset
2899
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2900 class TemplateTestCase(unittest.TestCase):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2901 ''' Test the template resolving code, i.e. what can be given to @template
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2902 '''
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2903 def setUp(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2904 self.dirname = '_test_template'
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2905 # set up and open a tracker
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2906 self.instance = setupTracker(self.dirname)
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2907
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2908 # open the database
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2909 self.db = self.instance.open('admin')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2910 self.db.tx_Source = "web"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2911 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2912 realname='Bork, Chef', roles='User')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2913 self.db.user.create(username='mary', address='mary@test.test',
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2914 roles='User', realname='Contrary, Mary')
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2915 self.db.post_init()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2916
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2917 def tearDown(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2918 self.db.close()
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2919 try:
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2920 shutil.rmtree(self.dirname)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5231
diff changeset
2921 except OSError as error:
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2922 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2923
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2924 def testTemplateSubdirectory(self):
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2925 # test for templates in subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2926
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2927 # make the directory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2928 subdir = self.dirname + "/html/subdir"
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2929 os.mkdir(subdir)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2930
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2931 # get the client instance The form is needed to initialize,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2932 # but not used since I call selectTemplate directly.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2933 t = client.Client(self.instance, "user",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2934 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
5310
efb34cbdba7c Add (currently failing) test for atomic actions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
2935 form=db_test_base.makeForm({"@template": "item"}))
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2936
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2937 # create new file in subdir and a dummy file outside of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2938 # the tracker's html subdirectory
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2939 shutil.copyfile(self.dirname + "/html/issue.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2940 subdir + "/issue.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2941 shutil.copyfile(self.dirname + "/html/user.item.html",
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2942 self.dirname + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2943
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2944 # create link outside the html subdir. This should fail due to
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2945 # path traversal check.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2946 os.symlink("../../user.item.html", subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2947 # it will be removed and replaced by a later test
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2948
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2949 # make sure a simple non-subdir template works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2950 # user.item.html exists so this works.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2951 # note that the extension is not included just the basename
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2952 self.assertEqual("user.item", t.selectTemplate("user", "item"))
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2953
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2954
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2955 # make sure home templates work
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2956 self.assertEqual("home", t.selectTemplate(None, ""))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2957 self.assertEqual("home.classlist", t.selectTemplate(None, "classlist"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2958
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2959 # home.item doesn't exist should return _generic.item.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2960 self.assertEqual("_generic.item", t.selectTemplate(None, "item"))
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2961
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2962 # test case where there is no view so generic template can't
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2963 # be determined.
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2964 with self.assertRaises(NoTemplate) as cm:
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2965 t.selectTemplate("user", "")
5453
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2966 self.assertEqual(cm.exception.args,
2b4f606d8e72 use exception.args instead of exception.message
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5418
diff changeset
2967 ('''Template "user" doesn't exist''',))
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2968
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2969 # there is no html/subdir/user.item.{,xml,html} so it will
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2970 # raise NoTemplate.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2971 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2972 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2973
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2974 # there is an html/subdir/issue.item.html so this succeeeds
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2975 r = t.selectTemplate("issue", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2976 self.assertEqual("subdir/issue.item", r)
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2977
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2978 # there is a self.directory + /html/subdir/user.item.html file,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2979 # but it is a link to self.dir /user.item.html which is outside
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2980 # the html subdir so is rejected by the path traversal check.
5159
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2981 # Prefer NoTemplate here, or should the code be changed to
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2982 # report a new PathTraversal exception? Could the PathTraversal
7fb697267fdb adding test case for home templates in various incantations. Also added comment about possibly creating/raising PageTraversal exception. I don't think we need it since @@file doesn't do it but...
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2983 # exception leak useful info to an attacker??
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2984 self.assertRaises(NoTemplate,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2985 t.selectTemplate, "user", "subdir/item")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2986
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2987 # clear out the link and create a new one to self.dirname +
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2988 # html/user.item.html which is inside the html subdir
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2989 # so the template check returns the symbolic link path.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2990 os.remove(subdir + "/user.item.html")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2991 os.symlink("../user.item.html", subdir + "/user.item.xml")
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2992
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2993 # template check works
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2994 r = t.selectTemplate("user", "subdir/item")
5786
68b0c1767b50 Replace assertEquals (depricated) with assertEqual.
John Rouillard <rouilj@ieee.org>
parents: 5771
diff changeset
2995 self.assertEqual("subdir/user.item", r)
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5094
diff changeset
2996
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
2997 class SqliteNativeFtsCgiTest(unittest.TestCase, testFtsQuery, testCsvExport):
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
2998 """All of the rest of the tests use anydbm as the backend.
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2999 In addtion to normal fts test, this class tests renderError
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3000 when renderContext fails.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3001 Triggering this error requires the native-fts backend for
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3002 the sqlite db.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3003 """
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3004
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3005 def setUp(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3006 self.dirname = '_test_template'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3007 # set up and open a tracker
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3008 self.instance = setupTracker(self.dirname, backend="sqlite")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3009
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3010 self.instance.config.INDEXER = "native-fts"
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3011
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3012 # open the database
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3013 self.db = self.instance.open('admin')
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3014 self.db.tx_Source = "web"
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3015 self.db.user.create(username='Chef', address='chef@bork.bork.bork',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3016 realname='Bork, Chef', roles='User')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3017 self.db.user.create(username='mary', address='mary@test.test',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3018 roles='User', realname='Contrary, Mary')
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3019 self.db.post_init()
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3020
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3021 # create a client instance and hijack write_html
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3022 self.client = client.Client(self.instance, "user",
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3023 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3024 form=db_test_base.makeForm({"@template": "item"}))
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3025
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3026 self.client._error_message = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3027 self.client._ok_message = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3028 self.client.db = self.db
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3029 self.client.userid = '1'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3030 self.client.language = ('en',)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3031 self.client.session_api = MockNull(_sid="1234567890")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3032
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3033 self.output = []
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3034 # ugly hack to get html_write to return data here.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3035 def html_write(s):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3036 self.output.append(s)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3037
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3038 # hijack html_write
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3039 self.client.write_html = html_write
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3040
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3041 def tearDown(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3042 self.db.close()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3043 try:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3044 shutil.rmtree(self.dirname)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3045 except OSError as error:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3046 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3047
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3048 def testRenderContextBadFtsQuery(self):
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3049 # only test for sqlite
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3050 if self.db.dbtype not in [ "sqlite" ]:
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3051 pytest.skip("Not tested for backends without native FTS")
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3052
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3053 # generate a bad fts query
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3054 self.client.form=db_test_base.makeForm(
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3055 { "@ok_message": "ok message", "@template": "index",
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3056 "@search_text": "foo-bar"})
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3057 self.client.path = 'issue'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3058 self.client.determine_context()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3059
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3060 result = self.client.renderContext()
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3061
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3062 expected = '\n<html><head><title>Roundup issue tracker: An error has occurred</title>\n <link rel="stylesheet" type="text/css" href="@@file/style.css">\n</head>\n<body class="body" marginwidth="0" marginheight="0">\n <p class="error-message">Search failed. Try quoting any terms that include a \'-\' and retry the search.</p>\n</body></html>\n'
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3063
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3064 self.assertEqual(result, expected)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3065 self.assertEqual(self.client.response_code, 400)
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3066
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3067 #
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3068 # SECURITY
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3069 #
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3070 # XXX test all default permissions
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3071 def _make_client(self, form, classname='user', nodeid='1',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3072 userid='2', template='item'):
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3073 cl = client.Client(self.instance, None, {'PATH_INFO':'/',
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3074 'REQUEST_METHOD':'POST'}, db_test_base.makeForm(form))
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3075 cl.classname = classname
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3076 if nodeid is not None:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3077 cl.nodeid = nodeid
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3078 cl.db = self.db
7164
5487882ff17a Fix test failure when run alone.
John Rouillard <rouilj@ieee.org>
parents: 7160
diff changeset
3079 cl.db.Otk = cl.db.getOTKManager()
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3080 #cl.db.Otk = MockNull()
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3081 #cl.db.Otk.data = {}
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3082 #cl.db.Otk.getall = self.data_get
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3083 #cl.db.Otk.set = self.data_set
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3084 cl.userid = userid
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3085 cl.language = ('en',)
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3086 cl._error_message = []
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3087 cl._ok_message = []
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3088 cl.template = template
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3089 return cl
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3090
6600
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3091 def testCSVExportSearchError(self):
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3092 # test full text search
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3093 cl = self._make_client(
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3094 {'@columns': 'id,title,status,keyword,assignedto,nosy',
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3095 "@search_text": "foo + ^bar2"}, nodeid=None, userid='1')
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3096 cl.classname = 'issue'
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3097 output = io.BytesIO()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3098 cl.request = MockNull()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3099 cl.request.wfile = output
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3100
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3101 # note NotFound isn't quite right. however this exception
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3102 # passes up the stack to where it is handled with a suitable
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3103 # display of the error.
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3104 # call export version that outputs names
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3105 with self.assertRaises(NotFound) as cm:
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3106 actions.ExportCSVAction(cl).handle()
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3107
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3108 # call export version that outputs id numbers
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3109 with self.assertRaises(NotFound) as cm:
65336409738c Fix csv export with text search. test csv export Sqlite FTS syntax error
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3110 actions.ExportCSVWithIdAction(cl).handle()
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6593
diff changeset
3111
6593
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3112 class SqliteNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3113 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3114 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3115 Run with sqlite and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3116 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3117
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3118 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3119 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3120 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3121 self.instance = setupTracker(self.dirname, backend="sqlite")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3122
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3123 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3124
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3125 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3126 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3127 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3128
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3129 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3130 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3131 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3132 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3133
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3134 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3135 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3136 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3137 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3138 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3139 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3140
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3141 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3142 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3143 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3144 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3145
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3146 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3147 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3148
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3149 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3150 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3151 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3152 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3153 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3154 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3155
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3156 @skip_postgresql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3157 class PostgresqlNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3158 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3159 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3160 Run with postgresql and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3161 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3162
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3163 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3164 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3165 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3166 self.instance = setupTracker(self.dirname, backend="postgresql")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3167
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3168 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3169
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3170 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3171 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3172 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3173
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3174 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3175 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3176 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3177 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3178
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3179 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3180 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3181 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3182 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3183 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3184 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3185
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3186 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3187 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3188 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3189 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3190
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3191 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3192 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3193
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3194 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3195 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3196 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3197 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3198 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3199 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3200
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3201 @skip_mysql
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3202 class MysqlNativeCgiTest(unittest.TestCase, testFtsQuery):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3203 """All of the rest of the tests use anydbm as the backend.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3204 This class tests renderContext for fulltext search.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3205 Run with mysql and native indexer.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3206 """
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3207
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3208 def setUp(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3209 self.dirname = '_test_template'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3210 # set up and open a tracker
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3211 self.instance = setupTracker(self.dirname, backend="mysql")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3212
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3213 self.instance.config.INDEXER = "native"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3214
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3215 # open the database
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3216 self.db = self.instance.open('admin')
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3217 self.db.tx_Source = "web"
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3218
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3219 # create a client instance and hijack write_html
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3220 self.client = client.Client(self.instance, "user",
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3221 {'PATH_INFO':'/user', 'REQUEST_METHOD':'POST'},
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3222 form=db_test_base.makeForm({"@template": "item"}))
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3223
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3224 self.client._error_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3225 self.client._ok_message = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3226 self.client.db = self.db
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3227 self.client.userid = '1'
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3228 self.client.language = ('en',)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3229 self.client.session_api = MockNull(_sid="1234567890")
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3230
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3231 self.output = []
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3232 # ugly hack to get html_write to return data here.
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3233 def html_write(s):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3234 self.output.append(s)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3235
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3236 # hijack html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3237 self.client.write_html = html_write
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3238
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3239 def tearDown(self):
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3240 self.db.close()
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3241 try:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3242 shutil.rmtree(self.dirname)
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3243 except OSError as error:
e70e2789bc2c issue2551189 - increase text search maxlength
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
3244 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6435
diff changeset
3245
2696
a5c5a1106e3b init.initialize() was removed in [[CVS:1.30]] (27-jul-2004)
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2027
diff changeset
3246 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/