Mercurial > p > roundup > code
comparison test/test_cgi.py @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | 61e922a93112 |
| children | dad18ee491a9 |
comparison
equal
deleted
inserted
replaced
| 4774:3adff0fb0207 | 4781:6e9b9743de89 |
|---|---|
| 73 # set up and open a tracker | 73 # set up and open a tracker |
| 74 self.instance = db_test_base.setupTracker(self.dirname) | 74 self.instance = db_test_base.setupTracker(self.dirname) |
| 75 | 75 |
| 76 # open the database | 76 # open the database |
| 77 self.db = self.instance.open('admin') | 77 self.db = self.instance.open('admin') |
| 78 self.db.tx_Source = "web" | |
| 78 self.db.user.create(username='Chef', address='chef@bork.bork.bork', | 79 self.db.user.create(username='Chef', address='chef@bork.bork.bork', |
| 79 realname='Bork, Chef', roles='User') | 80 realname='Bork, Chef', roles='User') |
| 80 self.db.user.create(username='mary', address='mary@test.test', | 81 self.db.user.create(username='mary', address='mary@test.test', |
| 81 roles='User', realname='Contrary, Mary') | 82 roles='User', realname='Contrary, Mary') |
| 83 | |
| 84 self.db.issue.addprop(tx_Source=hyperdb.String()) | |
| 85 self.db.msg.addprop(tx_Source=hyperdb.String()) | |
| 86 | |
| 87 self.db.post_init() | |
| 88 | |
| 89 vars = dict(globals()) | |
| 90 vars['db'] = self.db | |
| 91 vars = {} | |
| 92 execfile("test/tx_Source_detector.py", vars) | |
| 93 vars['init'](self.db) | |
| 94 | |
| 82 | 95 |
| 83 test = self.instance.backend.Class(self.db, "test", | 96 test = self.instance.backend.Class(self.db, "test", |
| 84 string=hyperdb.String(), number=hyperdb.Number(), | 97 string=hyperdb.String(), number=hyperdb.Number(), |
| 85 boolean=hyperdb.Boolean(), link=hyperdb.Link('test'), | 98 boolean=hyperdb.Boolean(), link=hyperdb.Link('test'), |
| 86 multilink=hyperdb.Multilink('test'), date=hyperdb.Date(), | 99 multilink=hyperdb.Multilink('test'), date=hyperdb.Date(), |
| 205 self.db.status.set('2', name='1') | 218 self.db.status.set('2', name='1') |
| 206 issue = self.db.issue.create(title='i1-status1', status='1') | 219 issue = self.db.issue.create(title='i1-status1', status='1') |
| 207 self.assertEqual(self.db.issue.get(issue,'status'),'1') | 220 self.assertEqual(self.db.issue.get(issue,'status'),'1') |
| 208 self.assertEqual(self.db.status.lookup('1'),'2') | 221 self.assertEqual(self.db.status.lookup('1'),'2') |
| 209 self.assertEqual(self.db.status.lookup('2'),'1') | 222 self.assertEqual(self.db.status.lookup('2'),'1') |
| 223 self.assertEqual(self.db.issue.get('1','tx_Source'),'web') | |
| 210 form = cgi.FieldStorage() | 224 form = cgi.FieldStorage() |
| 211 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form) | 225 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form) |
| 212 cl.classname = 'issue' | 226 cl.classname = 'issue' |
| 213 cl.nodeid = issue | 227 cl.nodeid = issue |
| 214 cl.db = self.db | 228 cl.db = self.db |
| 224 self.assertEqual(id,'2') | 238 self.assertEqual(id,'2') |
| 225 issue = self.db.issue.create(title='i1-status1', keyword=['1']) | 239 issue = self.db.issue.create(title='i1-status1', keyword=['1']) |
| 226 self.assertEqual(self.db.issue.get(issue,'keyword'),['1']) | 240 self.assertEqual(self.db.issue.get(issue,'keyword'),['1']) |
| 227 self.assertEqual(self.db.keyword.lookup('1'),'2') | 241 self.assertEqual(self.db.keyword.lookup('1'),'2') |
| 228 self.assertEqual(self.db.keyword.lookup('2'),'1') | 242 self.assertEqual(self.db.keyword.lookup('2'),'1') |
| 243 self.assertEqual(self.db.issue.get(issue,'tx_Source'),'web') | |
| 229 form = cgi.FieldStorage() | 244 form = cgi.FieldStorage() |
| 230 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form) | 245 cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form) |
| 231 cl.classname = 'issue' | 246 cl.classname = 'issue' |
| 232 cl.nodeid = issue | 247 cl.nodeid = issue |
| 233 cl.db = self.db | 248 cl.db = self.db |
| 269 self.assertEqual(self.parseForm({'status': '1'}, 'issue'), | 284 self.assertEqual(self.parseForm({'status': '1'}, 'issue'), |
| 270 ({('issue', None): {'status': '1'}}, [])) | 285 ({('issue', None): {'status': '1'}}, [])) |
| 271 nodeid = self.db.issue.create(status='unread') | 286 nodeid = self.db.issue.create(status='unread') |
| 272 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid), | 287 self.assertEqual(self.parseForm({'status': 'unread'}, 'issue', nodeid), |
| 273 ({('issue', nodeid): {}}, [])) | 288 ({('issue', nodeid): {}}, [])) |
| 289 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web') | |
| 274 | 290 |
| 275 def testUnsetLink(self): | 291 def testUnsetLink(self): |
| 276 nodeid = self.db.issue.create(status='unread') | 292 nodeid = self.db.issue.create(status='unread') |
| 277 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid), | 293 self.assertEqual(self.parseForm({'status': '-1'}, 'issue', nodeid), |
| 278 ({('issue', nodeid): {'status': None}}, [])) | 294 ({('issue', nodeid): {'status': None}}, [])) |
| 295 self.assertEqual(self.db.issue.get(nodeid,'tx_Source'),'web') | |
| 279 | 296 |
| 280 def testInvalidLinkValue(self): | 297 def testInvalidLinkValue(self): |
| 281 # XXX This is not the current behaviour - should we enforce this? | 298 # XXX This is not the current behaviour - should we enforce this? |
| 282 # self.assertRaises(IndexError, self.parseForm, | 299 # self.assertRaises(IndexError, self.parseForm, |
| 283 # {'status': '4'})) | 300 # {'status': '4'})) |