Mercurial > p > roundup > code
view test/test_xmlrpc.py @ 5643:a60cbbcc9309
Added support for accepting application/json payload in addition to
the existing application/x-www-form-urlencoded.
The key for this is that the third element of the FieldStorage is a
string as opposed to a list. So the code checks for the string and
that the Content-Type is exactly application/json. I do a string match
for the Content-Type.
This code also adds testing for the dispatch method of
RestfulInstance. It tests dispatch using GET, PUT, POST, PATCH
methods with json and form data payloads. Existing tests bypass the
dispatch method.
It moves check for pretty printing till after the input payload is
checked to see if it's json. So you can set pretty in the json payload
if wanted.
Adds a new class: SimulateFieldStorageFromJson. This class
emulates the calling interface of FieldStorage. The json payload
is parsed into this class. Then the new object is passed off to the
code that expects a FieldStorage class. Note that this may or may not
work for file uploads, but for issue creation, setting properties,
patching objects, it seems to work.
Also refactored/replaced the etag header checks to use a more generic
method that will work for any header (e.g. Content-Type).
Future enhancements are to parse the full form of the Content-Type
mime type so something like: application/vnd.roundup.v1+json will also
work. Also the SimulateFieldStorageFromJson could be used to represent
XML format input, if so need to rename the class dropping
FromJson. But because of the issues with native xml parsers in python
parsing untrusted data, we may not want to go that route.
curl examples for my tracker is:
curl -s -u user:pass -X POST --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{"title": "foo bar", "fyi": "text", "private": "true", "priority": "high" }' \
-w "http status: %{http_code}\n" \
"https://example.net/demo/rest/data/issue"
{
"data": {
"link": "https://example.net/demo/rest/data/issue/2229",
"id": "2229"
}
}
http status: 201
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 10 Mar 2019 17:35:25 -0400 |
| parents | 7f3dfdd6a620 |
| children | 58817c3bf471 |
line wrap: on
line source
# # Copyright (C) 2007 Stefan Seefeld # All rights reserved. # For license terms see the file COPYING.txt. # from __future__ import print_function import unittest, os, shutil, errno, sys, difflib, cgi, re from roundup.anypy import xmlrpc_ MultiCall = xmlrpc_.client.MultiCall from roundup.cgi.exceptions import * from roundup import init, instance, password, hyperdb, date from roundup.xmlrpc import RoundupInstance, RoundupDispatcher from roundup.backends import list_backends from roundup.hyperdb import String from roundup.cgi import TranslationService from . import db_test_base from .test_mysql import skip_mysql from .test_postgresql import skip_postgresql class XmlrpcTest(object): backend = None def setUp(self): self.dirname = '_test_xmlrpc' # set up and open a tracker self.instance = db_test_base.setupTracker(self.dirname, self.backend) # open the database self.db = self.instance.open('admin') print("props_only default", self.db.security.get_props_only_default()) # Get user id (user4 maybe). Used later to get data from db. self.joeid = 'user' + self.db.user.create(username='joe', password=password.Password('random'), address='random@home.org', realname='Joe Random', roles='User') self.db.commit() self.db.close() self.db = self.instance.open('joe') self.db.tx_Source = 'web' self.db.issue.addprop(tx_Source=hyperdb.String()) self.db.msg.addprop(tx_Source=hyperdb.String()) self.db.post_init() thisdir = os.path.dirname(__file__) vars = {} exec(compile(open(os.path.join(thisdir, "tx_Source_detector.py")).read(), os.path.join(thisdir, "tx_Source_detector.py"), 'exec'), vars) vars['init'](self.db) self.server = RoundupInstance(self.db, self.instance.actions, None) def tearDown(self): self.db.close() try: shutil.rmtree(self.dirname) except OSError as error: if error.errno not in (errno.ENOENT, errno.ESRCH): raise def testAccess(self): # Retrieve all three users. results = self.server.list('user', 'id') self.assertEqual(len(results), 3) # Obtain data for 'joe'. results = self.server.display(self.joeid) self.assertEqual(results['username'], 'joe') self.assertEqual(results['realname'], 'Joe Random') def testChange(self): # Reset joe's 'realname'. results = self.server.set(self.joeid, 'realname=Joe Doe') results = self.server.display(self.joeid, 'realname') self.assertEqual(results['realname'], 'Joe Doe') # check we can't change admin's details self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=Joe Doe') def testCreate(self): results = self.server.create('issue', 'title=foo') issueid = 'issue' + results results = self.server.display(issueid, 'title') self.assertEqual(results['title'], 'foo') self.assertEqual(self.db.issue.get('1', "tx_Source"), 'web') def testFileCreate(self): results = self.server.create('file', 'content=hello\r\nthere') fileid = 'file' + results results = self.server.display(fileid, 'content') self.assertEqual(results['content'], 'hello\r\nthere') def testSchema(self): schema={'status': [('name', '<roundup.hyperdb.String>'), ('order', '<roundup.hyperdb.Number>')], 'keyword': [('name', '<roundup.hyperdb.String>')], 'priority': [('name', '<roundup.hyperdb.String>'), ('order', '<roundup.hyperdb.Number>')], 'user': [('address', '<roundup.hyperdb.String>'), ('alternate_addresses', '<roundup.hyperdb.String>'), ('organisation', '<roundup.hyperdb.String>'), ('password', '<roundup.hyperdb.Password>'), ('phone', '<roundup.hyperdb.String>'), ('queries', '<roundup.hyperdb.Multilink to "query">'), ('realname', '<roundup.hyperdb.String>'), ('roles', '<roundup.hyperdb.String>'), ('timezone', '<roundup.hyperdb.String>'), ('username', '<roundup.hyperdb.String>')], 'file': [('content', '<roundup.hyperdb.String>'), ('name', '<roundup.hyperdb.String>'), ('type', '<roundup.hyperdb.String>')], 'msg': [('author', '<roundup.hyperdb.Link to "user">'), ('content', '<roundup.hyperdb.String>'), ('date', '<roundup.hyperdb.Date>'), ('files', '<roundup.hyperdb.Multilink to "file">'), ('inreplyto', '<roundup.hyperdb.String>'), ('messageid', '<roundup.hyperdb.String>'), ('recipients', '<roundup.hyperdb.Multilink to "user">'), ('summary', '<roundup.hyperdb.String>'), ('tx_Source', '<roundup.hyperdb.String>'), ('type', '<roundup.hyperdb.String>')], 'query': [('klass', '<roundup.hyperdb.String>'), ('name', '<roundup.hyperdb.String>'), ('private_for', '<roundup.hyperdb.Link to "user">'), ('url', '<roundup.hyperdb.String>')], 'issue': [('assignedto', '<roundup.hyperdb.Link to "user">'), ('files', '<roundup.hyperdb.Multilink to "file">'), ('keyword', '<roundup.hyperdb.Multilink to "keyword">'), ('messages', '<roundup.hyperdb.Multilink to "msg">'), ('nosy', '<roundup.hyperdb.Multilink to "user">'), ('priority', '<roundup.hyperdb.Link to "priority">'), ('status', '<roundup.hyperdb.Link to "status">'), ('superseder', '<roundup.hyperdb.Multilink to "issue">'), ('title', '<roundup.hyperdb.String>'), ('tx_Source', '<roundup.hyperdb.String>')]} results = self.server.schema() self.assertEqual(results, schema) def testLookup(self): self.assertRaises(KeyError, self.server.lookup, 'user', '1') results = self.server.lookup('user', 'admin') self.assertEqual(results, '1') def testAction(self): # As this action requires special previledges, we temporarily switch # to 'admin' self.db.setCurrentUser('admin') users_before = self.server.list('user') try: tmp = 'user' + self.db.user.create(username='tmp') self.server.action('retire', tmp) finally: self.db.setCurrentUser('joe') users_after = self.server.list('user') self.assertEqual(users_before, users_after) # test a bogus action with self.assertRaises(Exception) as cm: self.server.action('bogus') print(cm.exception) self.assertEqual(cm.exception.args[0], 'action "bogus" is not supported ') def testAuthDeniedEdit(self): # Wrong permissions (caught by roundup security module). self.assertRaises(Unauthorised, self.server.set, 'user1', 'realname=someone') def testAuthDeniedCreate(self): self.assertRaises(Unauthorised, self.server.create, 'user', {'username': 'blah'}) def testAuthAllowedEdit(self): self.db.setCurrentUser('admin') try: try: self.server.set('user2', 'realname=someone') except Unauthorised as err: self.fail('raised %s'%err) finally: self.db.setCurrentUser('joe') def testAuthAllowedCreate(self): self.db.setCurrentUser('admin') try: try: self.server.create('user', 'username=blah') except Unauthorised as err: self.fail('raised %s'%err) finally: self.db.setCurrentUser('joe') def testAuthFilter(self): # this checks if we properly check for search permissions self.db.security.permissions = {} # self.db.security.set_props_only_default(props_only=False) self.db.security.addRole(name='User') self.db.security.addRole(name='Project') self.db.security.addPermissionToRole('User', 'Web Access') self.db.security.addPermissionToRole('Project', 'Web Access') # Allow viewing keyword p = self.db.security.addPermission(name='View', klass='keyword') print("View keyword class: %r"%p) self.db.security.addPermissionToRole('User', p) # Allow viewing interesting things (but not keyword) on issue # But users might only view issues where they are on nosy # (so in the real world the check method would be better) p = self.db.security.addPermission(name='View', klass='issue', properties=("title", "status"), check=lambda x,y,z: True) print("View keyword class w/ props: %r"%p) self.db.security.addPermissionToRole('User', p) # Allow role "Project" access to whole issue p = self.db.security.addPermission(name='View', klass='issue') self.db.security.addPermissionToRole('Project', p) # Allow all access to status: p = self.db.security.addPermission(name='View', klass='status') self.db.security.addPermissionToRole('User', p) self.db.security.addPermissionToRole('Project', p) keyword = self.db.keyword status = self.db.status issue = self.db.issue d1 = keyword.create(name='d1') d2 = keyword.create(name='d2') open = status.create(name='open') closed = status.create(name='closed') issue.create(title='i1', status=open, keyword=[d2]) issue.create(title='i2', status=open, keyword=[d1]) issue.create(title='i2', status=closed, keyword=[d1]) chef = self.db.user.create(username = 'chef', roles='User, Project') joe = self.db.user.lookup('joe') # Conditionally allow view of whole issue (check is False here, # this might check for keyword owner in the real world) p = self.db.security.addPermission(name='View', klass='issue', check=lambda x,y,z: False) print("View issue class: %r"%p) self.db.security.addPermissionToRole('User', p) # Allow user to search for issue.status p = self.db.security.addPermission(name='Search', klass='issue', properties=("status",)) print("View Search class w/ props: %r"%p) self.db.security.addPermissionToRole('User', p) keyw = {'keyword':self.db.keyword.lookup('d1')} stat = {'status':self.db.status.lookup('open')} keygroup = keysort = [('+', 'keyword')] self.db.commit() # Filter on keyword ignored for role 'User': r = self.server.filter('issue', None, keyw) self.assertEqual(r, ['1', '2', '3']) # Filter on status works for all: r = self.server.filter('issue', None, stat) self.assertEqual(r, ['1', '2']) # Sorting and grouping for class User fails: r = self.server.filter('issue', None, {}, sort=keysort) self.assertEqual(r, ['1', '2', '3']) r = self.server.filter('issue', None, {}, group=keygroup) self.assertEqual(r, ['1', '2', '3']) self.db.close() self.db = self.instance.open('chef') self.db.tx_Source = 'web' self.db.issue.addprop(tx_Source=hyperdb.String()) self.db.msg.addprop(tx_Source=hyperdb.String()) self.db.post_init() self.server = RoundupInstance(self.db, self.instance.actions, None) # Filter on keyword works for role 'Project': r = self.server.filter('issue', None, keyw) self.assertEqual(r, ['2', '3']) # Filter on status works for all: r = self.server.filter('issue', None, stat) self.assertEqual(r, ['1', '2']) # Sorting and grouping for class Project works: r = self.server.filter('issue', None, {}, sort=keysort) self.assertEqual(r, ['2', '3', '1']) r = self.server.filter('issue', None, {}, group=keygroup) self.assertEqual(r, ['2', '3', '1']) def testMulticall(self): translator = TranslationService.get_translation( language=self.instance.config["TRACKER_LANGUAGE"], tracker_home=self.instance.config["TRACKER_HOME"]) self.server = RoundupDispatcher(self.db, self.instance.actions, translator, allow_none = True) class S: multicall=self.server.funcs['system.multicall'] self.server.system = S() self.db.issue.create(title='i1') self.db.issue.create(title='i2') m = MultiCall(self.server) m.display('issue1') m.display('issue2') result = m() results = [ {'files': [], 'status': '1', 'tx_Source': 'web', 'keyword': [], 'title': 'i1', 'nosy': [], 'messages': [], 'priority': None, 'assignedto': None, 'superseder': []}, {'files': [], 'status': '1', 'tx_Source': 'web', 'keyword': [], 'title': 'i2', 'nosy': [], 'messages': [], 'priority': None, 'assignedto': None, 'superseder': []}] for n, r in enumerate(result): self.assertEqual(r, results[n]) class anydbmXmlrpcTest(XmlrpcTest, unittest.TestCase): backend = 'anydbm' @skip_mysql class mysqlXmlrpcTest(XmlrpcTest, unittest.TestCase): backend = 'mysql' class sqliteXmlrpcTest(XmlrpcTest, unittest.TestCase): backend = 'sqlite' @skip_postgresql class postgresqlXmlrpcTest(XmlrpcTest, unittest.TestCase): backend = 'postgresql'