Mercurial Repository: p/roundup/code: test/rest

comparison test/rest_common.py @ 5630:07abc8d36940

Add etag support to rest interface to prevent multiple users from overwriting other users changes. All GET requests for an object (issue, user, keyword etc.) or a property of an object (e.g the title of an issue) return the etag for the object in the ETag header as well as the @etag field in the returned object. All requests that change existing objects (DELETE, PUT or PATCH) require: 1 A request include an ETag header with the etag value retrieved for the object. 2 A submits a form that includes the field @etag that must have the value retrieved for the object. If an etag is not supplied by one of these methods, or any supplied etag does not match the etag calculated at the time the DELETE, PUT or PATCH request is made, HTTP error 412 (Precondition Failed) is returned and no change is made. At that time the client code should retrieve the object again, reconcile the changes and can try to send a new update. The etag is the md5 hash of the representation (repr()) of the object retrieved from the database.

author	John Rouillard <rouilj@ieee.org>
date	Fri, 01 Mar 2019 22:57:07 -0500
parents	1c4adab65faf
children	f576957cbb1f

comparison

equal deleted inserted replaced

-:b3618882f906
+:07abc8d36940
 import shutil
 import errno
 from roundup.cgi.exceptions import *
 from roundup import password, hyperdb
-from roundup.rest import RestfulInstance
+from roundup.rest import RestfulInstance, calculate_etag
 from roundup.backends import list_backends
 from roundup.cgi import client
 import random
 from .db_test_base import setupTracker
+from .mocknull import MockNull
 NEEDS_INSTANCE = 1
 class TestCase():
 env = {
 'PATH_INFO': 'http://localhost/rounduptest/rest/',
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest'
 }
-self.dummy_client = client.Client(self.instance, None, env, [], None)
+self.dummy_client = client.Client(self.instance, MockNull(), env, [], None)
+self.dummy_client.request.headers.getheader = self.get_etag_header
 self.empty_form = cgi.FieldStorage()
 self.server = RestfulInstance(self.dummy_client, self.db)
 def tearDown(self):
 try:
 shutil.rmtree(self.dirname)
 except OSError as error:
 if error.errno not in (errno.ENOENT, errno.ESRCH):
 raise
+def get_etag_header (self, header, not_found=None):
+try:
+return self.etag_header
+except AttributeError:
+return None
 def testGet(self):
 """
 Retrieve all three users
 obtain data for 'joe'
 ]
 results = self.server.get_collection('issue', form)
 self.assertEqual(self.dummy_client.response_code, 200)
 self.assertEqual(len(results['data']), 0)
+def testEtagProcessing(self):
+'''
+Etags can come from two places:
+ETag http header
+@etags value posted in the form
+Both will be checked if availble. If either one
+fails, the etag check will fail.
+Run over header only, etag in form only, both,
+each one broke and no etag. Use the put command
+to triger the etag checking code.
+'''
+for mode in ('header', 'etag', 'both',
+'brokenheader', 'brokenetag', 'none'):
+try:
+# clean up any old header
+del(self.etag_header)
+except AttributeError:
+pass
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.user.getnode(self.joeid))
+form.list = [
+cgi.MiniFieldStorage('data', 'Joe Doe Doe'),
+]
+if mode == 'header':
+print "Mode = %s"%mode
+self.etag_header = etag
+elif mode == 'etag':
+print "Mode = %s"%mode
+form.list.append(cgi.MiniFieldStorage('@etag', etag))
+elif mode == 'both':
+print "Mode = %s"%mode
+self.etag_header = etag
+form.list.append(cgi.MiniFieldStorage('@etag', etag))
+elif mode == 'brokenheader':
+print "Mode = %s"%mode
+self.etag_header = 'bad'
+form.list.append(cgi.MiniFieldStorage('@etag', etag))
+elif mode == 'brokenetag':
+print "Mode = %s"%mode
+self.etag_header = etag
+form.list.append(cgi.MiniFieldStorage('@etag', 'bad'))
+elif mode == 'none':
+print "Mode = %s"%mode
+else:
+self.fail("unknown mode found")
+results = self.server.put_attribute(
+'user', self.joeid, 'realname', form
+)
+if mode not in ('brokenheader', 'brokenetag', 'none'):
+self.assertEqual(self.dummy_client.response_code, 200)
+else:
+self.assertEqual(self.dummy_client.response_code, 412)
 def testPut(self):
 """
 Change joe's 'realname'
 Check if we can't change admin's detail
 """
-# change Joe's realname via attribute uri
+# fail to change Joe's realname via attribute uri
+# no etag
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('data', 'Joe Doe Doe')
 ]
 results = self.server.put_attribute(
 'user', self.joeid, 'realname', form
 )
+self.assertEqual(self.dummy_client.response_code, 412)
 results = self.server.get_attribute(
 'user', self.joeid, 'realname', self.empty_form
 )
 self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(results['data']['data'], 'Joe Random')
+# change Joe's realname via attribute uri
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.user.getnode(self.joeid))
+form.list = [
+cgi.MiniFieldStorage('data', 'Joe Doe Doe'),
+]
+self.etag_header = etag # use etag in header
+results = self.server.put_attribute(
+'user', self.joeid, 'realname', form
+)
+self.assertEqual(self.dummy_client.response_code, 200)
+results = self.server.get_attribute(
+'user', self.joeid, 'realname', self.empty_form
+)
+self.assertEqual(self.dummy_client.response_code, 200)
 self.assertEqual(results['data']['data'], 'Joe Doe Doe')
+del(self.etag_header)
 # Reset joe's 'realname'.
 form = cgi.FieldStorage()
-form.list = [
+etag = calculate_etag(self.db.user.getnode(self.joeid))
-cgi.MiniFieldStorage('realname', 'Joe Doe')
+form.list = [
+cgi.MiniFieldStorage('realname', 'Joe Doe'),
+cgi.MiniFieldStorage('@etag', etag)
 ]
 results = self.server.put_element('user', self.joeid, form)
+self.assertEqual(self.dummy_client.response_code, 200)
 results = self.server.get_element('user', self.joeid, self.empty_form)
 self.assertEqual(self.dummy_client.response_code, 200)
 self.assertEqual(results['data']['attributes']['realname'], 'Joe Doe')
 # check we can't change admin's details
 Test Delete an attribute
 """
 # create a new issue with userid 1 in the nosy list
 issue_id = self.db.issue.create(title='foo', nosy=['1'])
+# No etag, so this should return 412 - Precondition Failed
+# With no changes
+results = self.server.delete_attribute(
+'issue', issue_id, 'nosy', self.empty_form
+)
+self.assertEqual(self.dummy_client.response_code, 412)
+results = self.server.get_element('issue', issue_id, self.empty_form)
+results = results['data']
+self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(len(results['attributes']['nosy']), 1)
+self.assertListEqual(results['attributes']['nosy'], ['1'])
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form.list.append(cgi.MiniFieldStorage('@etag', etag))
 # remove the title and nosy
 results = self.server.delete_attribute(
-'issue', issue_id, 'title', self.empty_form
+'issue', issue_id, 'title', form
 )
 self.assertEqual(self.dummy_client.response_code, 200)
+del(form.list[-1])
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form.list.append(cgi.MiniFieldStorage('@etag', etag))
 results = self.server.delete_attribute(
-'issue', issue_id, 'nosy', self.empty_form
+'issue', issue_id, 'nosy', form
 )
 self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result
 results = self.server.get_element('issue', issue_id, self.empty_form)
 Test Patch op 'Add'
 """
 # create a new issue with userid 1 in the nosy list
 issue_id = self.db.issue.create(title='foo', nosy=['1'])
-# add userid 2 to the nosy list
+# fail to add userid 2 to the nosy list
+# no etag
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('op', 'add'),
 cgi.MiniFieldStorage('nosy', '2')
 ]
 results = self.server.patch_element('issue', issue_id, form)
+self.assertEqual(self.dummy_client.response_code, 412)
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form = cgi.FieldStorage()
+form.list = [
+cgi.MiniFieldStorage('op', 'add'),
+cgi.MiniFieldStorage('nosy', '2'),
+cgi.MiniFieldStorage('@etag', etag)
+]
+results = self.server.patch_element('issue', issue_id, form)
 self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result
 results = self.server.get_element('issue', issue_id, self.empty_form)
 results = results['data']
 Test Patch op 'Replace'
 """
 # create a new issue with userid 1 in the nosy list and status = 1
 issue_id = self.db.issue.create(title='foo', nosy=['1'], status='1')
-# replace userid 2 to the nosy list and status = 3
+# fail to replace userid 2 to the nosy list and status = 3
+# no etag.
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('op', 'replace'),
 cgi.MiniFieldStorage('nosy', '2'),
 cgi.MiniFieldStorage('status', '3')
 ]
 results = self.server.patch_element('issue', issue_id, form)
-self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(self.dummy_client.response_code, 412)
+results = self.server.get_element('issue', issue_id, self.empty_form)
+results = results['data']
+self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(results['attributes']['status'], '1')
+self.assertEqual(len(results['attributes']['nosy']), 1)
+self.assertListEqual(results['attributes']['nosy'], ['1'])
+# replace userid 2 to the nosy list and status = 3
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form = cgi.FieldStorage()
+form.list = [
+cgi.MiniFieldStorage('op', 'replace'),
+cgi.MiniFieldStorage('nosy', '2'),
+cgi.MiniFieldStorage('status', '3'),
+cgi.MiniFieldStorage('@etag', etag)
+]
+results = self.server.patch_element('issue', issue_id, form)
+self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result
 results = self.server.get_element('issue', issue_id, self.empty_form)
 results = results['data']
 self.assertEqual(self.dummy_client.response_code, 200)
 self.assertEqual(results['attributes']['status'], '3')
 Test Patch Action 'Remove'
 """
 # create a new issue with userid 1 and 2 in the nosy list
 issue_id = self.db.issue.create(title='foo', nosy=['1', '2'])
-# remove the nosy list and the title
+# fail to remove the nosy list and the title
+# no etag
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('op', 'remove'),
 cgi.MiniFieldStorage('nosy', ''),
 cgi.MiniFieldStorage('title', '')
 ]
 results = self.server.patch_element('issue', issue_id, form)
+self.assertEqual(self.dummy_client.response_code, 412)
+results = self.server.get_element('issue', issue_id, self.empty_form)
+results = results['data']
+self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(results['attributes']['title'], 'foo')
+self.assertEqual(len(results['attributes']['nosy']), 2)
+self.assertEqual(results['attributes']['nosy'], ['1', '2'])
+# remove the nosy list and the title
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form.list = [
+cgi.MiniFieldStorage('op', 'remove'),
+cgi.MiniFieldStorage('nosy', ''),
+cgi.MiniFieldStorage('title', ''),
+cgi.MiniFieldStorage('@etag', etag)
+]
+results = self.server.patch_element('issue', issue_id, form)
 self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result
 results = self.server.get_element('issue', issue_id, self.empty_form)
 results = results['data']
 Test Patch Action 'Action'
 """
 # create a new issue with userid 1 and 2 in the nosy list
 issue_id = self.db.issue.create(title='foo')
-# execute action retire
+# fail to execute action retire
+# no etag
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('op', 'action'),
 cgi.MiniFieldStorage('action_name', 'retire')
 ]
 results = self.server.patch_element('issue', issue_id, form)
+self.assertEqual(self.dummy_client.response_code, 412)
+self.assertFalse(self.db.issue.is_retired(issue_id))
+# execute action retire
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form.list = [
+cgi.MiniFieldStorage('op', 'action'),
+cgi.MiniFieldStorage('action_name', 'retire'),
+cgi.MiniFieldStorage('@etag', etag)
+]
+results = self.server.patch_element('issue', issue_id, form)
 self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result
 self.assertTrue(self.db.issue.is_retired(issue_id))
 Test Patch Action 'Remove' only some element from a list
 """
 # create a new issue with userid 1, 2, 3 in the nosy list
 issue_id = self.db.issue.create(title='foo', nosy=['1', '2', '3'])
-# remove the nosy list and the title
+# fail to remove the nosy list and the title
+# no etag
 form = cgi.FieldStorage()
 form.list = [
 cgi.MiniFieldStorage('op', 'remove'),
 cgi.MiniFieldStorage('nosy', '1, 2'),
+]
+results = self.server.patch_element('issue', issue_id, form)
+self.assertEqual(self.dummy_client.response_code, 412)
+results = self.server.get_element('issue', issue_id, self.empty_form)
+results = results['data']
+self.assertEqual(self.dummy_client.response_code, 200)
+self.assertEqual(len(results['attributes']['nosy']), 3)
+self.assertEqual(results['attributes']['nosy'], ['1', '2', '3'])
+# remove the nosy list and the title
+form = cgi.FieldStorage()
+etag = calculate_etag(self.db.issue.getnode(issue_id))
+form.list = [
+cgi.MiniFieldStorage('op', 'remove'),
+cgi.MiniFieldStorage('nosy', '1, 2'),
+cgi.MiniFieldStorage('@etag', etag)
 ]
 results = self.server.patch_element('issue', issue_id, form)
 self.assertEqual(self.dummy_client.response_code, 200)
 # verify the result

Mercurial > p > roundup > code

comparison test/rest_common.py @ 5630:07abc8d36940