Mercurial Repository: p/roundup/code: test/test

comparison test/test_security.py @ 7224:01c1f357363f

flake8 fixes Test some unused variables, formatting fixes.

author	John Rouillard <rouilj@ieee.org>
date	Sun, 12 Mar 2023 22:15:44 -0400
parents	19db61be18e0
children	5b1b876054ef

comparison

equal deleted inserted replaced

-:19db61be18e0
+:01c1f357363f
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 from __future__ import print_function
-import os, unittest, shutil
+import os
+import shutil
+import unittest
 from roundup import backends
 import roundup.password
 from .db_test_base import setupSchema, MyTestCase, config
 def testInterfaceSecurity(self):
 ' test that the CGI and mailgw have initialised security OK '
 # TODO: some asserts
 def testInitialiseSecurity(self):
-ei = self.db.security.addPermission(name="Edit", klass="issue",
+ei = self.db.security.addPermission(
-description="User is allowed to edit issues")
+name="Edit", klass="issue",
+description="User is allowed to edit issues")
 self.db.security.addPermissionToRole('User', ei)
-ai = self.db.security.addPermission(name="View", klass="issue",
+ai = self.db.security.addPermission(
-description="User is allowed to access issues")
+name="View", klass="issue",
+description="User is allowed to access issues")
 self.db.security.addPermissionToRole('User', ai)
 def testAdmin(self):
-ei = self.db.security.addPermission(name="Edit", klass="issue",
+ei = self.db.security.addPermission(
-description="User is allowed to edit issues")
+name="Edit", klass="issue",
+description="User is allowed to edit issues")
 self.db.security.addPermissionToRole('User', ei)
-ei = self.db.security.addPermission(name="Edit", klass=None,
+ei = self.db.security.addPermission(
-description="User is allowed to edit issues")
+name="Edit", klass=None,
+description="User is allowed to edit issues")
 self.db.security.addPermissionToRole('Admin', ei)
 u1 = self.db.user.create(username='one', roles='Admin')
 u2 = self.db.user.create(username='two', roles='User')
 self.assertTrue(self.db.security.hasPermission('Edit', u1, None))
 self.assertTrue(not self.db.security.hasPermission('Edit', u2, None))
 def testGetPermission(self):
 self.db.security.getPermission('Edit')
 self.db.security.getPermission('View')
 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
 'fubar')
 add = self.db.security.addPermission
 get = self.db.security.getPermission
 # class
 # property
 epi1 = add(name="Edit", klass="issue", properties=['title'])
 self.assertEqual(get('Edit', 'issue', properties=['title']), epi1)
 epi2 = add(name="Edit", klass="issue", properties=['title'],
 props_only=True)
-self.assertEqual(get('Edit', 'issue', properties=['title'], props_only=False), epi1)
+self.assertEqual(get('Edit', 'issue', properties=['title'],
-self.assertEqual(get('Edit', 'issue', properties=['title'], props_only=True), epi2)
+props_only=False), epi1)
+self.assertEqual(get('Edit', 'issue', properties=['title'],
+props_only=True), epi2)
 self.db.security.set_props_only_default(True)
 self.assertEqual(get('Edit', 'issue', properties=['title']), epi2)
 api1 = add(name="View", klass="issue", properties=['title'])
 self.assertEqual(get('View', 'issue', properties=['title']), api1)
 self.db.security.set_props_only_default(False)
 api2 = add(name="View", klass="issue", properties=['title'])
 self.assertEqual(get('View', 'issue', properties=['title']), api2)
 self.assertNotEqual(get('View', 'issue', properties=['title']), api1)
 # check function
 dummy = lambda: 0
 eci = add(name="Edit", klass="issue", check=dummy)
 self.assertEqual(get('Edit', 'issue', check=dummy), eci)
 # props_only only makes sense if you are setting props.
 # make it a no-op unless properties is set.
 self.assertEqual(get('Edit', 'issue', check=dummy,
 props_only=True), eci)
 aci = add(name="View", klass="issue", check=dummy)
 self.assertEqual(get('View', 'issue', check=dummy), aci)
 # all
 epci = add(name="Edit", klass="issue", properties=['title'],
 check=dummy)
 self.db.security.set_props_only_default(False)
 # implicit props_only=False
 self.assertEqual(get('Edit', 'issue', properties=['title'],
 check=dummy), epci)
 # explicit props_only=False
 self.assertEqual(get('Edit', 'issue', properties=['title'],
 check=dummy, props_only=False), epci)
 # implicit props_only=True
 self.db.security.set_props_only_default(True)
 self.assertRaises(ValueError, get, 'Edit', 'issue',
 properties=['title'],
 check=dummy)
 # explicit props_only=False
 self.assertRaises(ValueError, get, 'Edit', 'issue',
 properties=['title'],
 check=dummy, props_only=True)
 apci = add(name="View", klass="issue", properties=['title'],
 check=dummy)
 self.assertEqual(get('View', 'issue', properties=['title'],
 check=dummy), apci)
 # Reset to default. Somehow this setting looks like it
 # was bleeding through to other tests in test_xmlrpc.
 # Is the security module being loaded only once for all tests??
 self.db.security.set_props_only_default(False)
 self.assertEqual(has('Test', super, 'test'), 1)
 self.assertEqual(has('Test', none, 'test'), 0)
 # property
 addRole(name='Role2')
-addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
+addToRole('Role2', add(name="Test", klass="test",
+properties=['a', 'b']))
 user2 = self.db.user.create(username='user2', roles='Role2')
 # check function
 check_old_style = lambda db, userid, itemid: itemid == '2'
-#def check_old_style(db, userid, itemid):
+# def check_old_style(db, userid, itemid):
 #    print "checking userid, itemid: %r"%((userid,itemid),)
 #    return(itemid == '2')
 # setup to check function new style. Make sure that
 # other args are passed.
-def check(db,userid,itemid, **other):
+def check(db, userid, itemid, **other):
 prop = other['property']
 prop = other['classname']
 prop = other['permission']
 return (itemid == '1')
 # also create a check as a callable of a class
 #   https://issues.roundup-tracker.org/issue2550952
 class CheckClass(object):
-def __call__(self, db,userid,itemid, **other):
+def __call__(self, db, userid, itemid, **other):
 prop = other['property']
 prop = other['classname']
 prop = other['permission']
 return (itemid == '1')
 self.assertEqual(has('Test', user7, 'test', itemid='2'), 1)
 # returns true because class tests ignore the check command
 # if there is no itemid no check command is run
 self.assertEqual(has('Test', user7, 'test'), 1)
 self.assertEqual(has('Test', none, 'test'), 0)
 # *any* access to item
 self.assertEqual(has('Test', user1, 'test', itemid='1'), 1)
 self.assertEqual(has('Test', user2, 'test', itemid='1'), 1)
 self.assertEqual(has('Test', user3, 'test', itemid='1'), 1)
 self.assertEqual(has('Test', none, 'test', itemid='2'), 0)
 # now mix property and check commands
 # check is old style props_only = false
 self.assertEqual(has('Test', user7, 'test', property="c",
 itemid='2'), 0)
 self.assertEqual(has('Test', user7, 'test', property="c",
 itemid='1'), 0)
 self.assertEqual(has('Test', user7, 'test', property="a",
 itemid='2'), 1)
 self.assertEqual(has('Test', user7, 'test', property="a",
 itemid='1'), 0)
 # check is new style props_only = false
 self.assertEqual(has('Test', user6, 'test', itemid='2',
 property='c'), 0)
 self.assertEqual(has('Test', user6, 'test', itemid='1',
 property='c'), 0)
 self.assertEqual(has('Test', user6, 'test', itemid='2',
 property='b'), 0)
 self.assertEqual(has('Test', user6, 'test', itemid='1',
 property='b'), 1)
 self.assertEqual(has('Test', user6, 'test', itemid='2',
 property='a'), 0)
 self.assertEqual(has('Test', user6, 'test', itemid='1',
 property='a'), 1)
 # check is old style props_only = true
 self.assertEqual(has('Test', user5, 'test', itemid='2',
 property='b'), 0)
 self.assertEqual(has('Test', user5, 'test', itemid='1',
 property='b'), 0)
 self.assertEqual(has('Test', user5, 'test', itemid='2',
 property='a'), 1)
 self.assertEqual(has('Test', user5, 'test', itemid='1',
 property='a'), 0)
 # check is new style props_only = true
 self.assertEqual(has('Test', user4, 'test', itemid='2',
 property='b'), 0)
 self.assertEqual(has('Test', user4, 'test', itemid='1',
 property='b'), 0)
 self.assertEqual(has('Test', user4, 'test', itemid='2',
 property='a'), 0)
 self.assertEqual(has('Test', user4, 'test', itemid='1',
 property='a'), 1)
 def testTransitiveSearchPermissions(self):
 add = self.db.security.addPermission
 has = self.db.security.hasSearchPermission
 addRole = self.db.security.addRole
 # pretend import of crypt failed
 orig_crypt = roundup.password.crypt
 roundup.password.crypt = None
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
 roundup.password.test_missing_crypt()
+self.assertEqual(ctx.exception.args[0],
+"Unsupported encryption scheme 'crypt'")
 roundup.password.crypt = orig_crypt
 def test_pbkdf2_unpack_errors(self):
 pbkdf2_unpack = roundup.password.pbkdf2_unpack
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
 pbkdf2_unpack("fred$password")
 self.assertEqual(ctx.exception.args[0],
 'invalid PBKDF2 hash (wrong number of separators)')
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
 pbkdf2_unpack("0200000$salt$password")
 self.assertEqual(ctx.exception.args[0],
 'invalid PBKDF2 hash (zero-padded rounds)')
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
 pbkdf2_unpack("fred$salt$password")
 def test_pbkdf2_migrate_rounds(self):
 '''Check that migration happens when number of rounds in
 config is larger than number of rounds in current password.
 '''
 p = roundup.password.Password('sekrit', 'PBKDF2',
 config=self.db.config)
 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000000
 def test_encodePassword_errors(self):
 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999
 os.environ["PYTEST_USE_CONFIG"] = "True"
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
-p = roundup.password.encodePassword('sekrit', 'PBKDF2',
+roundup.password.encodePassword('sekrit', 'PBKDF2',
 config=self.db.config)
 self.assertEqual(ctx.exception.args[0],
 'invalid PBKDF2 hash (rounds too low)')
 del(os.environ["PYTEST_USE_CONFIG"])
 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
-p = roundup.password.encodePassword('sekrit', 'fred',
+roundup.password.encodePassword('sekrit', 'fred',
 config=self.db.config)
 self.assertEqual(ctx.exception.args[0],
 "Unknown encryption scheme 'fred'")
 def test_pbkdf2_errors(self):
 with self.assertRaises(ValueError) as ctx:
 roundup.password.pbkdf2('sekret', b'saltandpepper', 0, 41)
 self.assertEqual(ctx.exception.args[0],
 "key length too large")
 self.assertEqual(ctx.exception.args[0],
 "rounds must be positive number")
 def test_pbkdf2_sha512_errors(self):
 with self.assertRaises(ValueError) as ctx:
 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 65)
 self.assertEqual(ctx.exception.args[0],
 "key length too large")
 with self.assertRaises(ValueError) as ctx:
 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64)
 self.assertEqual(ctx.exception.args[0],
 "rounds must be positive number")
 def test_encodePasswordNoConfig(self):
 # should run cleanly as we are in a test.
 #
 p = roundup.password.encodePassword('sekrit', 'PBKDF2')
+# verify 1000 rounds being used becaue we are in test mode
+self.assertTrue(p.startswith("1000$"))
 del(os.environ["PYTEST_CURRENT_TEST"])
 self.assertNotIn("PYTEST_CURRENT_TEST", os.environ)
 with self.assertRaises(roundup.password.ConfigNotSet) as ctx:
 roundup.password.encodePassword('sekrit', 'PBKDF2')
+self.assertEqual(ctx.exception.args[0],
+"encodePassword called without config.")
 # vim: set filetype=python sts=4 sw=4 et si :

Mercurial > p > roundup > code

comparison test/test_security.py @ 7224:01c1f357363f