Mercurial > p > roundup > code
comparison test/test_security.py @ 4480:1613754d2646
Fix first part of Password handling security issue2550688
(thanks Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 12:24:59 +0000 |
| parents | 8137456a86f3 |
| children | 6e3e4f24c753 |
comparison
equal
deleted
inserted
replaced
| 4479:0bdcb1e7f7ce | 4480:1613754d2646 |
|---|---|
| 21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $ | 21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $ |
| 22 | 22 |
| 23 import os, unittest, shutil | 23 import os, unittest, shutil |
| 24 | 24 |
| 25 from roundup import backends | 25 from roundup import backends |
| 26 from roundup.password import Password | 26 import roundup.password |
| 27 from db_test_base import setupSchema, MyTestCase, config | 27 from db_test_base import setupSchema, MyTestCase, config |
| 28 | 28 |
| 29 class PermissionTest(MyTestCase): | 29 class PermissionTest(MyTestCase): |
| 30 def setUp(self): | 30 def setUp(self): |
| 31 backend = backends.get_backend('anydbm') | 31 backend = backends.get_backend('anydbm') |
| 231 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1) | 231 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1) |
| 232 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1) | 232 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1) |
| 233 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1) | 233 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1) |
| 234 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1) | 234 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1) |
| 235 | 235 |
| 236 # roundup.password has its own built-in test, call it. | |
| 237 def test_password(self): | |
| 238 roundup.password.test() | |
| 239 | |
| 236 def test_suite(): | 240 def test_suite(): |
| 237 suite = unittest.TestSuite() | 241 suite = unittest.TestSuite() |
| 238 suite.addTest(unittest.makeSuite(PermissionTest)) | 242 suite.addTest(unittest.makeSuite(PermissionTest)) |
| 239 return suite | 243 return suite |
| 240 | 244 |