Mercurial > p > roundup > code

comparison test/test_xmlrpc.py @ 3937:3c3077582c16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add security checks and tests for xmlrpc interface.
author Richard Jones <richard@users.sourceforge.net>
date Sat, 03 Nov 2007 00:50:38 +0000
parents cf6c45201980
children 85cbaa50eba1
comparison
equal deleted inserted replaced
3936:63d58cc1394a 3937:3c3077582c16
12 12
13 import db_test_base 13 import db_test_base
14 14
15 NEEDS_INSTANCE = 1 15 NEEDS_INSTANCE = 1
16 16
17 class TestCaseBase(unittest.TestCase): 17 class TestCase(unittest.TestCase):
18
19 def setUp(self): 18 def setUp(self):
20
21 self.dirname = '_test_xmlrpc' 19 self.dirname = '_test_xmlrpc'
22 # set up and open a tracker 20 # set up and open a tracker
23 self.instance = db_test_base.setupTracker(self.dirname) 21 self.instance = db_test_base.setupTracker(self.dirname)
24 22
25 # open the database 23 # open the database
26 self.db = self.instance.open('admin') 24 self.db = self.instance.open('admin')
27 self.db.user.create(username='joe', password=password.Password('random'), 25 self.joeid = 'user' + self.db.user.create(username='joe',
28 address='random@home.org', 26 password=password.Password('random'), address='random@home.org',
29 realname='Joe Random', roles='User') 27 realname='Joe Random', roles='User')
30 28
31 self.db.commit() 29 self.db.commit()
32 self.db.close() 30 self.db.close()
33 31
34 self.server = RoundupServer(self.dirname) 32 self.server = RoundupServer(self.dirname)
35 33
36
37 def tearDown(self): 34 def tearDown(self):
38
39 try: 35 try:
40 shutil.rmtree(self.dirname) 36 shutil.rmtree(self.dirname)
41 except OSError, error: 37 except OSError, error:
42 if error.errno not in (errno.ENOENT, errno.ESRCH): raise 38 if error.errno not in (errno.ENOENT, errno.ESRCH): raise
43 39
44 class AccessTestCase(TestCaseBase): 40 def testAccess(self):
45
46 def test(self):
47
48 # Retrieve all three users. 41 # Retrieve all three users.
49 results = self.server.list('joe', 'random', 'user', 'id') 42 results = self.server.list('joe', 'random', 'user', 'id')
50 self.assertEqual(len(results), 3) 43 self.assertEqual(len(results), 3)
44
51 # Obtain data for 'joe'. 45 # Obtain data for 'joe'.
52 userid = 'user' + results[-1] 46 results = self.server.display('joe', 'random', self.joeid)
53 results = self.server.display('joe', 'random', userid)
54 self.assertEqual(results['username'], 'joe') 47 self.assertEqual(results['username'], 'joe')
55 self.assertEqual(results['realname'], 'Joe Random') 48 self.assertEqual(results['realname'], 'Joe Random')
49
50 def testChange(self):
56 # Reset joe's 'realname'. 51 # Reset joe's 'realname'.
57 results = self.server.set('joe', 'random', userid, 'realname=Joe Doe') 52 results = self.server.set('joe', 'random', self.joeid,
58 results = self.server.display('joe', 'random', userid, 'realname') 53 'realname=Joe Doe')
54 results = self.server.display('joe', 'random', self.joeid,
55 'realname')
59 self.assertEqual(results['realname'], 'Joe Doe') 56 self.assertEqual(results['realname'], 'Joe Doe')
60 # Create test 57
58 def testCreate(self):
61 results = self.server.create('joe', 'random', 'issue', 'title=foo') 59 results = self.server.create('joe', 'random', 'issue', 'title=foo')
62 issueid = 'issue' + results 60 issueid = 'issue' + results
63 results = self.server.display('joe', 'random', issueid, 'title') 61 results = self.server.display('joe', 'random', issueid, 'title')
64 self.assertEqual(results['title'], 'foo') 62 self.assertEqual(results['title'], 'foo')
65 63
66 class AuthenticationTestCase(TestCaseBase): 64 def testAuthUnknown(self):
67
68 def test(self):
69
70 # Unknown user (caught in XMLRPC frontend). 65 # Unknown user (caught in XMLRPC frontend).
71 self.assertRaises(Unauthorised, self.server.list, 66 self.assertRaises(Unauthorised, self.server.list,
72 'nobody', 'nobody', 'user', 'id') 67 'nobody', 'nobody', 'user', 'id')
68
69 def testAuthDeniedEdit(self):
73 # Wrong permissions (caught by roundup security module). 70 # Wrong permissions (caught by roundup security module).
74 results = self.server.list('joe', 'random', 'user', 'id')
75 userid = 'user' + results[0] # admin
76 self.assertRaises(Unauthorised, self.server.set, 71 self.assertRaises(Unauthorised, self.server.set,
77 'joe', 'random', userid, 'realname=someone') 72 'joe', 'random', 'user1', 'realname=someone')
78 73
74 def testAuthDeniedCreate(self):
75 self.assertRaises(Unauthorised, self.server.create,
76 'joe', 'random', 'user', {'username': 'blah'})
77
78 def testAuthAllowedEdit(self):
79 try:
80 self.server.set('admin', 'sekrit', 'user2', 'realname=someone')
81 except Unauthorised, err:
82 self.fail('raised %s'%err)
83
84 def testAuthAllowedCreate(self):
85 try:
86 self.server.create('admin', 'sekrit', 'user', 'username=blah')
87 except Unauthorised, err:
88 self.fail('raised %s'%err)
79 89
80 def test_suite(): 90 def test_suite():
81 suite = unittest.TestSuite() 91 suite = unittest.TestSuite()
82 suite.addTest(unittest.makeSuite(AccessTestCase)) 92 suite.addTest(unittest.makeSuite(TestCase))
83 suite.addTest(unittest.makeSuite(AuthenticationTestCase))
84 return suite 93 return suite
85 94
86 if __name__ == '__main__': 95 if __name__ == '__main__':
87 runner = unittest.TextTestRunner() 96 runner = unittest.TextTestRunner()
88 unittest.main(testRunner=runner) 97 unittest.main(testRunner=runner)
98
Roundup Issue Tracker: http://roundup-tracker.org/