| changeset | 9c3ec0a5c7fc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | chore: remove __future print_funcion from code. Not needed as of Python 3. |
| files |
| changeset | c9bec888c3c8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | refactor! move RateLimitExceeded to roundup.cgi.exceptions - test forgot to commit the change to the test as well |
| files |
| changeset | 978285986b2c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: issue2551193 - Fix roundup for removal of cgi and cgitb ... standard python modules (and FieldStorage/MiniFieldStorage). Vendor cgi.py and modify imports. Details: roundup/anypy/cgi_.py import that accesses a working cgi.py. All imports dealing with cgi now use cgi_. roundup/anypy/vendored/cgi.py vendored version 2.6 of cgi.py from: https://pypi.org/project/legacy-cgi/ CHANGES.txt change note added COPYING.txt added license for cgi.py doc/rest.txt change example to use cgi_ doc/upgrading.txt doc removal and how to rework local code using cgi.py. frontends/roundup.cgi remove unneeded cgi import roundup/cgi/actions.py roundup/cgi/apache.py roundup/cgi/client.py roundup/cgi/templating.py roundup/cgi/TAL/TALGenerator.py test/db_test_base.py test/rest_common.py test/test_cgi.py remove import cgi and replace with from roundup.anypy.cgi_ import cgi test/test_actions.py test/test_templating.py modify import to get *FieldStorage test/test_admin.py test/test_hyperdbvals.py test/test_xmlrpc.py remove unneeded cgi import |
| files |
| changeset | 273c8c2b5042 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection. Failed API login rate limiting with expiring lockout added. |
| files |
| changeset | 9ca5cbffa0c4 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Switch off using blank passwords for login There is now a config.ini setting [web] login_empty_passwords to enable logins for users without a password set. By default it's off and every user must have a password. |
| files |
| changeset | 8269e89530e5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test bad number path for ShowAction action. |
| files |
| changeset | 37b57da3374f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | aburke |
| description | issue2550917 - Add a: "Welcome user, you have logged in" ok_message on login. |
| files |
| changeset | f2c31f5ec50b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Move mocknull from test to roundup/test |
| files |
| changeset | 68d83479747b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix testing of :lastactivity |
| files |
| changeset | 2ded9a8be017 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test :lastactivity special variable for lastUserActivity() |
| files |
| changeset | 45ba6b71f1cf |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | actions.py translation. Using mapping rather than tuple for args. Format an error message in handleCollision using named tokens '%(props)s' rather than printf positional format specifier %s. Regenerate roundup.pot and update all .po files to use named tokens in their trnslations. Test handleCollision as well. |
| files |
| changeset | 56854f96d805 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Cover a couple of more paths in Retire and Restore. |
| files |
| changeset | 8ef8aa3d485c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | assertFalse not assertFail... |
| files |
| changeset | cbf2f2ea41d1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Replace deprecated failUnless and failIf with assertTrue and asserFalse. |
| files |
| changeset | 8dbe307bdb57 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Finish up login rate limit code. Set config item to 0 disables, make sure config item can't be negative integer. |
| files |
| changeset | 842252c3ee22 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Change access to config from dict to property. This makes doing the mock for testing easier and unbreaks the changes to the tests that I did earlier. |
| files |
| changeset | cad18de2b988 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope. |
| files |
| changeset | f8893e1cde0d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | assert_ is depricated. Replacing with assertTrue to reduce logs in travisci. |
| files |
| changeset | 2ce41b8dffaf |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Christof Meerwald <cmeerw@cmeerw.org> |
| description | compared sorted lists as order can be random |
| files |
| changeset | 4f6e1ce89557 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Christof Meerwald <cmeerw@cmeerw.org> |
| description | always encode query parameters in sorted order |
| files |
| changeset | d26921b851c3 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: make relative imports explicit. Tool-generated patch. |
| files |
| changeset | 35ea9b1efc14 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: "raise" syntax. Changing "raise Exception, value" to "raise Exception(value)". Tool-assisted patch. Particular cases to check carefully are the one place in frontends/ZRoundup/ZRoundup.py where a string exception needed to be fixed, and the one in roundup/cgi/client.py involving raising an exception with a traceback (requires three-argument form of raise in Python 2, which as I understand it requires exec() to avoid a Python 3 syntax error). |
| files |
| changeset | 64b05e24dbd8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Joseph Myers <jsm@polyomino.org.uk> |
| description | Python 3 preparation: convert print to a function. Tool-assisted patch. It is possible that some "from __future__ import print_function" are not in fact needed, if a file only uses print() with a single string as an argument and so would work fine in Python 2 without that import. |
| files |
| changeset | 198b6e810c67 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Eric S. Raymond <esr@thyrsus.com> |
| description | Use Python-3-compatible 'as' syntax for except statements Many raise statements near these are also fixed. So are two ivorrect file encoding marks ('utf8'->'utf-8'). |
| files |
| changeset | 114d9628fd77 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fixed a couple of failing tests for *LoginRedirect in test_actions.py after url validation. Also raise ValueError from examine_url if base url is None. |
| files |
| changeset | 894aa07be6cb |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2550785: Using login from search (or logout) fails. when logging in from a search page or after a logout it fails with an error. The fix also keeps the user on the same page they started from (e.g. search results) before the login. There are two parts to this: 1) changes to the templates to properly define the __came_from form element. 2) code changes to the LoginAction code in roundup/cgi/actions.py. New test code added. Needed some additional functions from urllib so urllib_.py got a change. |
| files |
| changeset | 748ba87e1aca |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Added a new cgi action restore. The opposite of (and a clone of) the existing retire action. |
| files |
| changeset | 156cbc1d182c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Validate values for Integer and Numeric type filter parameters rather than passing output down to db level. Initial patch at: http://hg.python.org/tracker/roundup/rev/98508a47c126 by Martin.V.Loewis. Numeric test patch applied, Integer code and tests developed by John Rouillard. |
| files |
| changeset | 364c54991861 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Kristensen <john@jerrykan.com> |
| description | Remove unneeded TestSuite code from tests The TestSuite code is no longer needed now that we are using py.test which can automatically discover tests |
| files |
| changeset | 4ad465b09cbe |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Kristensen <john@jerrykan.com> |
| description | Update test/test_actions.py to work with py.test The test_actions tests use a FieldStorage object to mock form submissions. FieldStorage would usually use the 'QUERY_STRING' environment variable to populate the initial list of MiniFieldStorage values stored within the FieldStorage object, but because there is no 'QUERY_STRING' environment variable when running the test from the commandline it tries to parse sys.argv instead. If any py.test options are used (ie. '--tb=short') then they may end up in the MiniFieldStorage list causing some tests to fail because they were not expecting the extra MiniFieldStorage values. To fix this we explicitly pass an dict with an empty 'QUERY_STRING' value as the FieldStorage environ argument to ensure that the initial MiniFieldStorage list is empty. |
| files |
| changeset | b562df8a5056 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix form-parsing for multilinks If multiple new items are added to a multilink property, the old version would create the new items but only link one. |
| files |
| changeset | ca692423e401 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Different approach to fix XSS in issue2550817 Encapsulate the error/ok message append method as add_ok_message and add_error_message. The new approach escapes the messages when appending -- at a point in the code where we still know where the message comes from. Escaping is the default but can bei turned off. This also fixes issue2550836 where certain messages may contain links. Another advantage of the new fix is that users don't need to change installed trackers and are secure by default. |
| files |
| changeset | 9cc6d463cfbe |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | anatoly techtonik <techtonik@gmail.com> |
| description | nested_scopes are here since Python 2.2 |
| files |
| changeset | df7a4400c2ce |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Fix linking of an existing item to a newly created item... ...e.g. edit action in web template is name="issue-1@link@msg" value="msg1" would trigger a traceback about an unbound variable. Add new regression test for this case. |
| files |
| changeset | de4c2e538e06 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Bug-Fix: File attachments from the web-interface didn't work. Added test for file attachments. |
| files |
| changeset | 0dd05c9e5fff |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | New test for linking of non-existing and existing properties via a form. The idea of the test is to track all create and set operations and afterwards compare that they occurred as expected. Sorry for the peculiar syntax for the expected updates to the database -- this should be one line for each update... An a bug-fix: I've reverted a change from April in roundup/cgi/actions.py that broke linking of messages to issues. The tests above now catch that. I couldn't figure out what the change was meant for, sorry if I broke something here. |
| files |
| changeset | 53987aa153d2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
| description | Transitive-property support. - Fixed some of the pet-peeves from pep8 - Better parameter names for new _subselect method - use new-style class for support.Proptree but needed a new-style class for the property I introduced anyway. - Fix a bug where searching did the wrong thing (interestingly enough the same wrong thing for all backends): A search for {'messages': ['1'], 'messages.author': ['2']} would ignore the 'messages' part (messages being non-leaf node in proptree). Fixed and added a regression test for this. - Added the transitive searching to the SearchAction. New method get_transitive_prop introduced in hyperdb that does the transitive version of getprops()[name]. Fixed two tests to use the (faked) method instead of getprop. Now searching for transitive props via the web-interface works for me. Thanks to alexander smishlajev for pointing me at the coding style. Sorry for stepping on the peeves -- I'm using a different coding style in most other projects I'm doing ... |
| files |
| changeset | 79bcf944ceb8 |
|---|---|
| branch | maint-0.8 |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | fixes |
| files |
| changeset | e665582ec099 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Johannes Gijsbers <jlgijsbers@users.sourceforge.net> |
| description | Fix failing test: mock lambda now also takes keyword arguments. |
| files |
| changeset | 4b5d7b4bc089 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | applied patch [SF#1067690]; wrap long lines, add vim modeline, fix ShowActionTestCase.assertRaisesMessage() |
| files |
| changeset | f8dafdd91bf5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Alexander Smishlajev <a1s@users.sourceforge.net> |
| description | remove extra CRs |
| files |
| changeset | 091711fb2f8c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Initial logging integration: replace all debug prints with logging calls... ...clean up and replace some with info() logs. |
| files |
| changeset | a15f91a10e45 |
|---|---|
| branch | maint-0.7 |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | merge from HEAD |
| files |
| changeset | cd5dcc39193d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | fix for test_actions |
| files |
| changeset | 3f89c8ffe4f1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | version info in scripts |
| files |
| changeset | a0cfea4e5956 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | start at templating tests |
| files |
| changeset | 44f3c1dd636b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | pre-release stuff |
| files |
| changeset | 666402433998 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | Fix some tests. |
| files |
| changeset | 71efaf27eddc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Johannes Gijsbers <jlgijsbers@users.sourceforge.net> |
| description | Use assertRaises... ...instead of introducing _nocheck machinery into assertRaisesMessage. |
| files |
| changeset | d6bcdae0b085 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | test fix |
| files |
| changeset | 5a7ec0c63095 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Richard Jones <richard@users.sourceforge.net> |
| description | fixes to some unit tests, and a cleanup |
| files |
| changeset | 366d3bbce982 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Johannes Gijsbers <jlgijsbers@users.sourceforge.net> |
| description | Simple version of collision detection... ...with tests and a new generic template for classic and minimal. |
| files |
| changeset | 1782fe36e7b8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Johannes Gijsbers <jlgijsbers@users.sourceforge.net> |
| description | Move out parts of client.py to new modules: * actions.py - the xxxAction and xxxPermission functions refactored into Action classes * exceptions.py - all exceptions * form_parser.py - parsePropsFromForm & extractFormList in a FormParser class Also added some new tests for the Actions. |
| files |