Mercurial > p > roundup > code
view test/tx_Source_detector.py @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | |
| children | 64b05e24dbd8 |
line wrap: on
line source
# # Example output when the web interface changes item 3 and the email # (non pgp) interface changes item 4: # # tx_SourceCheckAudit(3) pre db.tx_Source: cgi # tx_SourceCheckAudit(4) pre db.tx_Source: email # tx_SourceCheckAudit(3) post db.tx_Source: cgi # tx_SourceCheckAudit(4) post db.tx_Source: email # tx_SourceCheckReact(4) pre db.tx_Source: email # tx_SourceCheckReact(4) post db.tx_Source: email # tx_SourceCheckReact(3) pre db.tx_Source: cgi # tx_SourceCheckReact(3) post db.tx_Source: cgi # # Note that the calls are interleaved, but the proper # tx_Source is associated with the same ticket. import time as time def tx_SourceCheckAudit(db, cl, nodeid, newvalues): ''' An auditor to print the value of the source of the transaction that trigger this change. The sleep call is used to delay the transaction so that multiple changes will overlap. The expected output from this detector are 2 lines with the same value for tx_Source. Tx source is: None - Reported when using a script or it is an error if the change arrives by another method. "cli" - reported when using roundup-admin "web" - reported when using any web based technique "email" - reported when using an unautheticated email based technique "email-sig-openpgp" - reported when email with a valid pgp signature is used ''' if __debug__ and False: print "\n tx_SourceCheckAudit(%s) db.tx_Source: %s"%(nodeid, db.tx_Source) newvalues['tx_Source'] = db.tx_Source # example use for real to prevent a change from happening if it's # submited via email # # if db.tx_Source == "email": # raise Reject, 'Change not allowed via email' def tx_SourceCheckReact(db, cl, nodeid, oldvalues): ''' An reactor to print the value of the source of the transaction that trigger this change. The sleep call is used to delay the transaction so that multiple changes will overlap. The expected output from this detector are 2 lines with the same value for tx_Source. Tx source is: None - Reported when using a script or it is an error if the change arrives by another method. "cli" - reported when using roundup-admin "web" - reported when using any web based technique "email" - reported when using an unautheticated email based technique "email-sig-openpgp" - reported when email with a valid pgp signature is used ''' if __debug__ and False: print " tx_SourceCheckReact(%s) db.tx_Source: %s"%(nodeid, db.tx_Source) def init(db): db.issue.audit('create', tx_SourceCheckAudit) db.issue.audit('set', tx_SourceCheckAudit) db.issue.react('set', tx_SourceCheckReact) db.issue.react('create', tx_SourceCheckReact) db.msg.audit('create', tx_SourceCheckAudit)