| changeset | 98e17dd0197f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test - fix parsing of integer param values CI broke on the string '1\r#' expecting a 400 but got a 200 in test_element_url_param_accepting_integer_values(). The #, & characters mark a url fragment or start of another parameter and not part of the value. In a couple of tests, I parse the hypothesis generated value to remove a # or & and anything after. Then I set the value to the preceding string. If the string starts with # or &, the value is set to "0" as the server ignores the parameter and returns 200. "0" is a value that asserts that status is 200. The code doing this parsing was different (and broken) between test_element_url_param_accepting_integer_values and test_class_url_param_accepting_integer_values It's now consistent and if it finds a & or #, it actually tests the resulting value/status rather than skipping the test. |
| files |
| changeset | cc3edb260c1b |
|---|---|
| branch | reauth-confirm_id |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | feat: fix tests under postgresql. Wierd issue. Calling self.db.user.lookup('reauth') fails under posttgresql with a cursor closed error. This same call works with anydbm. I tried adding a setup/teardown to open the tracker (self.instance.open('admin') ...etc. But that made the wasgi server fail to shut down for some reason. So I hard coded the id for the reauth user. Also for the postgresql test case, the reauth triggering auditor and user setup weren't done. I tried to reuse the WsgiSetup.setup_class and then add in the few extra things I needed, but it failed. So I copypastaed the code and modified it. Also corrected docstring for one of the test classes. |
| files |
| changeset | 0663a7bcef6c |
|---|---|
| branch | reauth-confirm_id |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | feat: finish reauth docs, enhance code. Decided to keep name Reauth for now. admin_guide.txt: add reference mark to roundup admin help. Used for template command reference in upgrading.txt. customizing.txt: added worked example of adding a reauth auditor for address and password. Also links to OWASP recommendations. Added link to example code in design.doc on detectors. glossary.txt: reference using roundup-admin template command in def for tracker templates. pydoc.txt: Added methods for Client class. Added class and methods for (cgi) Action, LoginAction and ReauthAction. reference.txt Edited and restructured detector section. Added section on registering a detector and priority use/execution order. (reference to design doc was used before). Added/enhanced description of exception an auditor can raise (includes Reauth). Added section on Reauth implementation and use (Confirming the User). Also has paragraph on future ideas. upgrading.txt Stripped down the original section. Moved a lot to reference.txt. Referenced customizing example, mention installation of _generic.reauth.html and reference reference.txt. cgi/actions.py: fixed bad ReST that was breaking pydoc.txt processing changed doc on limitations of Reauth code. added docstring for Reauth::verifyPassword cgi/client.py: fix ReST for a method breaking pydoc.py processing cgi/templating.py: fix docstring on embed_form_fields templates/*/html/_generic.reauth.html disable spelling for password field add timing info to the javascript function that processes file data. reformat javascript IIFE templates/jinja2/html/_generic.reauth.html create a valid jinja2 template. Looks like my original jinja template got overwritten and committed. feature parity with the other reauth templates. test/test_liveserver.py add test case for Reauth workflow. Makefile add doc. |
| files |
| changeset | 51f277ed8adc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: fix fuzz test CI found a new condition that passes but isn't filtered as passing. '0 #stuff' The space is acceptable at the end of a sring otf numbers. New filter allows this to pass. Added an example of this type of value. |
| files |
| changeset | 669dfccca898 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551391 - checkboxes and radiobutton inputs get wrong id's. Actually it breaks automatic id assignment for all inputs. Inputs now get an automatic id assignment that matches the name. It can be overridden by supplting an id parameter in the call to the field() method. This is also a partial fix for issue1513369. I think it obsoletes the changes to templating.py. |
| files |
| changeset | c70ffbc2a003 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: Override Fuzz timeout from env variable. I have a local pytest.ini where I use: env = pytest_fuzz_timeout=30000 to set a 30 second timout while keeping the default 10 second for CI because my machine is slow. So the test now looks for that env variable and uses it if set. |
| files |
| changeset | 05d8806b25ad |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: issue2551387 - TypeError: not indexable. Fix crash due to uninitialized list element on a (Mini)FieldStorage when unexpected input is posted via wsgi. This doesn't happen when running roundup-server. It might happen under other front ends. Moved the code that sets '.list = [] if .list == None' to the main flow. Added an exception hander that logs the value of self.form if self.form.list raises an AttributeError. This exception should never happen if I understand the code correctly (but I probably don't). Fixed a number of test cases that were broken because I was calling Client and passing '[]' rather than a cgi.formStorage object. Added test cases: create a FileStorage (self.form) with .list = None. check AttributeError exception and verify logging. Problem reported and debugged by Christof Meerwald. |
| files |
| changeset | 35beff316883 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(api): issue2551384. Verify REST authorization earlier To reduce the ability of bad actors to spam (DOS) the REST endpoint with bad data and generate logs meant for debugging, modify the flow in client.py's REST handler to verify authorization earlier. If the anonymous user is allowed to use REST, this won't make a difference for a DOS attempt. The templates don't enable REST for the anonymous user by default. Most admins don't change this. The validation order for REST requests has been changed. CORS identfied an handled User authorization to use REST (return 403 on failure) REST request validated (Origin header valid etc.) (return 400 for bad request) Incorrectly formatted CORS preflight requests (e.g. missing Origin header) that are not recogized as a CORS request can now return HTTP status 403 as well as status 400 (when anonymous is allowed access). Note all CORS preflights are sent without authentication so appear as anonymous requests. The tests were updated to compensate, but it is not obvious to me from specs what the proper evaulation order/return codes should be for this case. Both 403/400 are failures and cause CORS to fail so there should be no difference but... |
| files |
| changeset | cae1bbf2536b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: issue2551374 - Add error handling for filter expressions. Fix UI Errors are now reported using the search template. This should work in most situations. However if the query was generated using an alternate search template, the user may not be able to fix it. I'm not sure how to tell what template was used to submit the search. By the time I handle the error, I don't think I have access to an ok template or error template. Might need to add a new field if this becomes a problem. Also fixed a couple of tests changing the status code to 200 from 400 since we aren't on an error page anymore. Updated user_guide including 3 sample error messages for search expressions and how to understand them. |
| files |
| changeset | f6923d2ba9a5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: issue2551366. Probe for open port in test_liveserver.py Add a method to probe for an open port to wsgi_liveserver.py. Start the roundup server under wsgi on the open port. If a port can't be found, it skips all tests. Also changed all hardcoded URL references to use the dynamicly determined tracker url/port value. I fed my patch to wsgi_liveserver.py upstream at: https://github.com/jerrykan/wsgi-liveserver/issues/3 |
| files |
| changeset | 393dfc750d8b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: missed change in error wording. |
| files |
| changeset | 741ea8a86012 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: issue2551374. Error handling for filter expressions. Errors in filter expressions are now reported. The UI needs some work but even the current code is helpful when debugging filter expressions. mlink_expr: defines/raises ExpressionError(error string template, context=dict()) raises ExpressionError when it detects errors when popping arguments off stack raises ExpressionError when more than one element left on the stack before returning also ruff fix to group boolean expression with parens back_anydbm.py, rdbms_common.py: catches ExpressionError, augments context with class and attribute being searched. raises the exception for both link and multilink relations client.py catches ExpressionError returning a basic error page. The page is a dead end. There are no links or anything for the user to move forward. The user has to go back, possibly refresh the page (because the submit button may be disalbled) re-enter the query and try again. This needs to be improved. test_liveserver.py test the error page generated by client.py db_test_base unit tests for filter with too few arguments, too many arguments, check all repr and str formats. |
| files |
| changeset | 9404d56d830f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: add file encoding marker so python2 can run http://python.org/dev/peps/pep-0263/ |
| files |
| changeset | 32aaf5dc562b |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(REST): issue2551383; improve errors for bad json, fix PUT docs While adding fuzz testing for email addresses via REST /rest/data/user/1/address, I had an error when setting the address to the same value it currently had. Traced this to a bug in userauditor.py. Fixed the bug. Documented in upgrading.txt. While trying to track down issue, I realized invalid json was being accepted without error. So I fixed the code that parses the json and have it return an error. Also modified some tests that broke (used invalid json, or passed body (e.g. DELETE) but shouldn't have. Add tests for bad json to verify new code. Fixed test that wasn't initializing the body_file in each loop, so the test wasn't actually supplying a body. Also realised PUT documentation was not correct. Output format isn't quite like GET. Fuss tests for email address also added. |
| files |
| changeset | cd76d5d59c37 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(web) issue2551382 - fix missing hypothesis case Syntax error if hypothesis is not importable. Only affects python2 CI. |
| files |
| changeset | 03020f08a685 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(web) issue2551382 - fix more integer param test cases fix bad unicode in second test. Also be smarter about validating the value I was missing correct handling of other string variants with # or & embedded in them. E.G. 123#dfg - should return 200 as Roundup sees value 123. |
| files |
| changeset | 1b15f635ada1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(web) issue2551382 - handle crash in request call in test due to invalid utf8 with surrogate. Ci reports this failure in the requests call from the test case: > string = string.encode(encoding, errors) E UnicodeEncodeError: 'utf-8' codec can't encode character '\ud800' in position 48: surrogates not allowed E Falsifying example: test_class_url_param_accepting_integer_values( E self=<test.test_liveserver.FuzzGetUrls testMethod=test_class_url_param_accepting_integer_values>, E param='@verbose', # or any other generated value E value='\ud800', E ) E Explanation: E These lines were always and only run by failing examples: E /opt/hostedtoolcache/Python/3.13.1/x64/lib/python3.13/site-packages/requests/utils.py:675 E E You can reproduce this example by temporarily adding @reproduce_failure('6.122.3', b'AAAAAQDXAA==') as a decorator on your test case |
| files |
| changeset | 55b0abde56ab |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(web) issue2551382 - case 1# or 1& failing. HAndle case for integer followed by a url delimiter. e.g. 1# and 1& |
| files |
| changeset | 14e92a595828 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(web) issue2551382 - 409 not 400 errors returned invalid integer values for @verbose, @page_* values in rest uri's generated a 409 (Update Conflict) error not a generic 400 error. Found it when I was working on adding fuzz testing to check error handling for query parameters in REST url's. This also ads the tests in test_liveserver that found the error. Also refactored tst_liveserver to allow resuse of session login method for the new fuzz testing class as well. |
| files |
| changeset | 3f0f4746dc7e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551370 - prefix session cookie with __Secure- over https Limit use of roundup session cookie to HTTPS protocol by adding __Secure- prefix. Automatic testing includes http behavior only. Https behavious has been manually tested only. Need to be able to spin up an https server using wsgiref to test https behavior in CI. issue 2551373 opened to track automatic testing of https behavior. |
| files |
| changeset | 603aa730b067 |
|---|---|
| branch | permission-performance |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix failing test due to mokey patching An earlier test monkey-patched the permission checks which subsequently failed in another test. |
| files |
| changeset | 28aa76443f58 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's. |
| files |
| changeset | 60c98a8a23bd |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix: make If-None-Match work for static file (@@file) case Found by Redbot testing. |
| files |
| changeset | dd229bbdd32d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue 2551353 - add roundup-classhelper Add test for rest/data/user/roles endpoint. Fix allow header returned from endpoint to allow GET only. |
| files |
| changeset | 22354d7fc94a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: issue1525113 - notation to filter by logged-in user Add a test_liveserver test of a @current_user query. Maybe this will catch the templating change somehow?? |
| files |
| changeset | f670446b5e50 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: populate db with query using @current_user For future testing. |
| files |
| changeset | 6a13cf7bdca5 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: refactor tests to use create_login_session |
| files |
| changeset | 4cca0ae9f901 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551334 - get test suite running under windows https://stackoverflow.com/questions/59506097/python-requests-library-is-very-slow-on-windows/75425238#75425238 reports that the requests libary uses urllib3. On windows this tries (and retries) an IPv6 address if localhost is used in the url. This takes 2s per request to test IPv6, give up and use IPv4. At that rate, the rate limit is never reached and the rest_login_RateLimit test fails. This patch rewrites the base url to use 127.0.0.1 replacing localhost. It forced urllib3 to open only an IPv4 address and the speedup allows the test to pass. |
| files |
| changeset | 80cf6098ea65 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551334 - Get test suite to pass using windows python Mark classes that use requests library with skip markers if requests is not available. |
| files |
| changeset | 0fe2b9f6e19f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551212 - enable wsgi cache_tracker by default Switch the code so the wsgi cache_tracker optimization is enabled by default. Leave the unoptimized/uncached code path available in case it breaks something. The feature flag can be set to False to disable caching. Updated tests to test the disabled (non-cache) code path. Updated upgrading.txt with info on how to disable caching. |
| files |
| changeset | 1b5daee24dc7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: fix test for invalid etag in if-range. The broken etag was missing the initial ", so the wrong code path was duplicated. Also add test that correct size of file was returned and fix comment(s). |
| files |
| changeset | ec59729b3b7e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix typo |
| files |
| changeset | 0abc225864d1 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | only run TestPostgresWsgiServer if ostgresl is available. |
| files |
| changeset | 7b481ec7f169 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | test: fix test_rest_login_RateLimit CI has different char numbers It looks like the json returned has different spacing when pretty printed. Under CI, I get 157 chars under python2 and 161 under python3. On local development, I get 167. The data is the same in all three environments. Change test to load json data structure and compare against a dict that matches the returned data. Also remove encoding type, not critical to test. |
| files |
| changeset | 273c8c2b5042 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection. Failed API login rate limiting with expiring lockout added. |
| files |
| changeset | 765222ef4cec |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | - issue2551257: add 'X-Content-Type-Options: nosniff' header for file download when downloading an attached (user supplied file), make sure that an 'X-Content-Type-Options: nosniff' header is sent. Added test for header as well. |
| files |
| changeset | a9be849d4dd2 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | disable and fix errors in test_rest_login_rate_limit The test is testing functionality that doesn't yet exist. So disable for now. Also with tightening of origin checks in rev: 72a54826ff4f add origin header to options requests. |
| files |
| changeset | 72a54826ff4f |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | better rest Origin check; refactor CORS preflight code. A previous version allowed requests without an origin that should require it (e.g. an OPTIONS or PATCH request). Moved the origin checking logic into the main flow. It looks like this was limited to OPTIONS/PATCH requests as handle_csrf() (called later in the main flow) handles POST, PUT, DELETE verbs. Refactored CORS preflight request code into functions and call them from main flow. Also return immediately. Prior code processed the options request a second time due to falling through. Modified is_origin_header_ok to return True if origin was missing and it was a get request. Fixed tests that make OPTIONS requests to supply origin. Comment fixups. |
| files |
| changeset | 3c4047cdc77a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | cange type or arg to assertIn from string to byte. |
| files |
| changeset | ff2c8b430738 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | flake8 - remove re.compile from method arg + test + doc changed 2 methods defined like: def method(..., dre=re.compile(r'...')): moved re.compile to module variables and passed the var name def method(..., dre=var_name): while doing this I found out that a url of .../issue0001 will behave like .../issue1. Who knew. Documented in customizing. Tested same in test_liveserver. Added msg1 as well so I could verify msg0001 worked. Also added some range tests as well. |
| files |
| changeset | cb2ed1e8c852 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Change method for settin indexer; have test_livetest for pg cleanup Add code to defer opening the indexer only if indexer is native-fts. See if this fixes the sqlite OperationalError. Also under python 2.7 (only), the db from test_livetracker when using postgres FTS didn't empty the db. This caused the following test_postgres.py test to fail. Why it only showed up on 2.7 and not any of the 3.x releases is a mystery. |
| files |
| changeset | 9ff091537f43 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | postgresql native-fts; more indexer tests 1) Make postgresql native-fts actually work. 2) Add simple stopword filtering to sqlite native-fts indexer. 3) Add more tests for indexer_common get_indexer Details: 1) roundup/backends/indexer_postgresql_fts.py: ignore ValueError raised if we try to index a string with a null character in it. This could happen due to an incorrect text/ mime type on a file that has nulls in it. Replace ValueError raised by postgresql with customized IndexerQueryError if a search string has a null in it. roundup/backends/rdbms_common.py: Make postgresql native-fts work. When specified it was using using whatever was returned from get_indexer(). However loading the native-fts indexer backend failed because there was no connection to the postgresql database when this call was made. Simple solution, move the call after the open_connection call in Database::__init__(). However the open_connection call creates the schema for the database if it is not there. The schema builds tables for indexer=native type indexing. As part of the build it looks at the indexer to see the min/max size of the indexed tokens. No indexer define, we get a crash. So it's a a chicken/egg issue. I solved it by setting the indexer to the Indexer from indexer_common which has the min/max token size info. I also added a no-op save_indexer to this Indexer class. I claim save_indexer() isn't needed as a commit() on the db does all the saving required. Then after open_connection is called, I call get_indexer to retrieve the correct indexer and indexer_postgresql_fts woks since the conn connection property is defined. roundup/backends/indexer_common.py: add save_index() method for indexer. It does nothing but is needed in rdbms backends during schema initialization. 2) roundup/backends/indexer_sqlite_fts.py: when this indexer is used, the indexer test in DBTest on the word "the" fail. This is due to missing stopword filtering. Implement basic stopword filtering for bare stopwords (like 'the') to make the test pass. Note: this indexer is not currently automatically run by the CI suite, it was found during manual testing. However there is a FIXME to extract the indexer tests from DBTest and run it using this backend. roundup/configuration.py, roundup/doc/admin_guide.txt: update doc on stopword use for sqlite native-fts. test/db_test_base.py: DBTest::testStringBinary creates a file with nulls in it. It was breaking postgresql with native-fts indexer. Changed test to assign mime type application/octet-stream that prevents it from being processed by any text search indexer. add test to exclude indexer searching in specific props. This code path was untested before. test/test_indexer.py: add test to call find with no words. Untested code path. add test to index and find a string with a null \x00 byte. it was tested inadvertently by testStringBinary but this makes it explicit and moves it to indexer testing. (one version each for: generic, postgresql and mysql) Renamed Get_IndexerAutoSelectTest to Get_IndexerTest and renamed autoselect tests to include autoselect. Added tests for an invalid indexer and using native-fts with anydbm (unsupported combo) to make sure the code does something useful if the validation in configuration.py is broken. test/test_liveserver.py: add test to load an issue add test using text search (fts) to find the issue add tests to find issue using postgresql native-fts test/test_postgresql.py, test/test_sqlite.py: added explanation on how to setup integration test using native-fts. added code to clean up test environment if native-fts test is run. |
| files |
| changeset | d9c9f5b81d4d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | application/javascript is now text/javascript ubuntu-22.04 chnged js file mime type from the depricated application/javascript. to text/javascript. client.py cache text/javascript like application/javascript test_liveserver: use current environment's mapping for .js files to mimetype. |
| files |
| changeset | 6b636fb29740 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Refactor client.py session cookie code. Remove session db access. The original code did a session_db.exists test followed by a session_db.getall. Refactor does a getall and if a KeyError is thrown, handles the error. Most likely the session key will be found so exception handling won't be triggered. Added test case to test the exception code path and minor rearrangement of setup code. |
| files |
| changeset | 6d4ac1ae2ae8 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Mark test__generic_item_template_editbad as xfail This test passes locally but fails in TravisCI. Commit as xfail so tests pass and fix later. |
| files |
| changeset | f6dd6cd920bc |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Split edit ok and edit not ok test into two tests. Having them combined seems to cause them to fail in CI. Will splitting them with separate setup for each work better? |
| files |
| changeset | 1572568fe146 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | See if explicit logout prevents fred from having a submit button. I don't need this on my slow test machine, but perhaps it's a race condition. |
| files |
| changeset | d308fb5ba9b0 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Disable rate limit. Tests log in and trip the limit causeing failures. |
| files |
| changeset | bb04638dc78d |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test _generic.item.html to mke sure submit button displayed properly Login as admin and new fred user. Admin user should see submit button when viewing /status7. User fred should not see it. Both should see the word 'done-cbb' which is the name of status7. Chose that since done-cbb is unliely to occur naturally while unread (name of /status1) could occur by chance in the future. |
| files |
| changeset | c63ddea96fcb |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test form login failure code path. |
| files |
| changeset | be3fd5e9577e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Add test for incorrect url. Test using '/_bad>' url path. Make sure it returns 404 and encodes the '>' in the returned html. |
| files |
| changeset | d32d43e4a5ba |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | wsgi can cache tracker instance enabled by feature flag. Patch by Marcus Priesch caches a loaded tracker instance and reuse it for future client sessions. It is enabled by a feature flag in wsgi.py since it arrived during the 2.2.0 beta period. The provided wsgi.py is modified to enable it. Testing is run with flag enabled and disabled. Ralf Schlatterbeck and Marcus tested it on one of their larger more complex trackers and it sped up the response time to a client request by a factor of 3 (270ms down to about 80-85ms). |
| files |
| changeset | 9a1f5e496e6c |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | issue2551203 - Add support for CORS preflight request Add support for unauthenticated CORS preflight and fix headers for CORS. client.py: pass through unauthenticated CORS preflight to rest backend. Normal rest OPTION handlers (including tracker defined extensions) can see and handle the request. make some error cases return error json with crrect mime type rather than plain text tracebacks. create new functions to verify origin and referer that filter using allowed origins setting. remove tracker base url from error message is referer is not at an allowed origin. rest.py: fix up OPTION methods handlers to include Access-Control-Allow-Methods that are the same as the Allow header. set cache to one week for all Access-Control headers for CORS preflight only. remove self.client.setHeader("Access-Control-Allow-Origin", "*") and set Access-Control-Allow-Origin to the client supplied origin if it passes allowed origin checks. Required for CORS otherwise data isn't available to caller. Set for all responses. set Vary header now includes Origin as responses can differ based on Origin for all responses. set Access-Control-Allow-Credentials to true on all responses. test_liveserver.py: run server with setting to enforce origin csrf header check run server with setting to enforce x-requested-with csrf header check run server with setting for allowed_api_origins requests now set required csrf headers test preflight request on collections check new headers and Origin is no longer '*' rewrite all compression checks to use a single method with argument to use different compression methods. Reduce a lot of code duplication and makes updating for new headers easier. test_cgi: test new error messages in client.py account for new headers test preflight and new code paths |
| files |
| changeset | a193653d6fa4 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test more range error cases. check content-range and content-length where applicable cases: invalid if-range etag should return whole file with a 200 exit code invalid range with invalid etag return whole file 200 exit code invalid range with valid etag return whole file 200 exit code invalid range with no etag return 416 unable to satify and check valid content-range. |
| files |
| changeset | da6c9050a79e |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Fix modification of Cache_Control The previous code modified the Cache_Control dictionary in the Client class (in one of the cgi tests) which made a later test in test_liveserver fail |
| files |
| changeset | 5be4f9104cf7 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Ralf Schlatterbeck <rsc@runtux.com> |
| description | Make i18n tests work These use installed roundup locales but should use the checked-out locales. Also revert monkey patches in i18n after the test. |
| files |
| changeset | 53c9b62494e6 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Add language test for cookie and accept-header; Test Range header Added tests for start page translated to german using cookies retuened when @language is used. Checked that @language=none unsets roundup-langage cookie. Also test Accept-Language makes change to german. Add test for Range and If-Range headers. Roundup support for these is simple: Range: single range with both endpoints If-Range: strong etag only |
| files |
| changeset | 6ac3667706be |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Test german translation of start page. Issue 2551199 wants to remove translationService from templating.py. I wanted to get some translation test in place that went through templating. AFAICT, translation test are done through the i18n interface and not via the web interface. |
| files |
| changeset | 198875530c04 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | fix test_new_issue_with_file_upload file designator can change if tests running before this add/remove files. Create the issue and use the returned url to extract the issue number and file number from the redirected url and the @ok_message param respectively. Use these values for the rest of the steps. |
| files |
| changeset | 3ae0c0fb2d08 |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | John Rouillard <rouilj@ieee.org> |
| description | Fix test_new_file_via_rest This test was failing under python2. The cgi.py module was calling readline(1<<16). I was using the wasgiref/validate.py validator to make sure the wsgi protocol was correct. The validator replaces the normal readline with it's own wrapper. The wrapper doesn't support the max bytes to read value. The same module/wrapper in python 3 fixed this bug. So fixed this by disabling the validator under python2. Keeping it on python3 so we get its benefit. |
| files |