![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/test/test_cgi.py b/test/test_cgi.py
index 92e0a58793a637c232ad1410e764be14aefde5bc..cfccae85c30a886df93dcf4a0ab5070e31a231f8 100644 (file)
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# $Id: test_cgi.py,v 1.16 2003-05-09 01:47:50 richard Exp $
+# $Id: test_cgi.py,v 1.36 2008-08-07 06:12:57 richard Exp $
-import unittest, os, shutil, errno, sys, difflib, cgi, re
+import unittest, os, shutil, errno, sys, difflib, cgi, re, StringIO
-from roundup.cgi import client
+from roundup.cgi import client, actions, exceptions
+from roundup.cgi.exceptions import FormError
+from roundup.cgi.templating import HTMLItem
+from roundup.cgi.form_parser import FormParser
from roundup import init, instance, password, hyperdb, date
+from mocknull import MockNull
+
+import db_test_base
+
+NEEDS_INSTANCE = 1
+
class FileUpload:
def __init__(self, content, filename):
self.content = content
form.list.append(cgi.MiniFieldStorage(k, v))
return form
-class config:
- TRACKER_NAME = 'testing testing'
- TRACKER_WEB = 'http://testing.testing/'
+cm = client.clean_message
+class MessageTestCase(unittest.TestCase):
+ def testCleanMessageOK(self):
+ self.assertEqual(cm('<br>x<br />'), '<br>x<br />')
+ self.assertEqual(cm('<i>x</i>'), '<i>x</i>')
+ self.assertEqual(cm('<b>x</b>'), '<b>x</b>')
+ self.assertEqual(cm('<a href="y">x</a>'),
+ '<a href="y">x</a>')
+ self.assertEqual(cm('<BR>x<BR />'), '<BR>x<BR />')
+ self.assertEqual(cm('<I>x</I>'), '<I>x</I>')
+ self.assertEqual(cm('<B>x</B>'), '<B>x</B>')
+ self.assertEqual(cm('<A HREF="y">x</A>'),
+ '<A HREF="y">x</A>')
+
+ def testCleanMessageBAD(self):
+ self.assertEqual(cm('<script>x</script>'),
+ '<script>x</script>')
+ self.assertEqual(cm('<iframe>x</iframe>'),
+ '<iframe>x</iframe>')
class FormTestCase(unittest.TestCase):
def setUp(self):
self.dirname = '_test_cgi_form'
- try:
- shutil.rmtree(self.dirname)
- except OSError, error:
- if error.errno not in (errno.ENOENT, errno.ESRCH): raise
- # create the instance
- init.install(self.dirname, 'templates/classic')
- init.write_select_db(self.dirname, 'anydbm')
- init.initialise(self.dirname, 'sekrit')
- # check we can load the package
- self.instance = instance.open(self.dirname)
- # and open the database
+ # set up and open a tracker
+ self.instance = db_test_base.setupTracker(self.dirname)
+
+ # open the database
self.db = self.instance.open('admin')
self.db.user.create(username='Chef', address='chef@bork.bork.bork',
realname='Bork, Chef', roles='User')
- self.db.user.create(username='mary', address='mary@test',
+ self.db.user.create(username='mary', address='mary@test.test',
roles='User', realname='Contrary, Mary')
- test = self.instance.dbinit.Class(self.db, "test",
+ test = self.instance.backend.Class(self.db, "test",
string=hyperdb.String(), number=hyperdb.Number(),
boolean=hyperdb.Boolean(), link=hyperdb.Link('test'),
multilink=hyperdb.Multilink('test'), date=hyperdb.Date(),
- interval=hyperdb.Interval())
+ messages=hyperdb.Multilink('msg'), interval=hyperdb.Interval())
# compile the labels re
classes = '|'.join(self.db.classes.keys())
- self.FV_SPECIAL = re.compile(client.Client.FV_LABELS%classes,
+ self.FV_SPECIAL = re.compile(FormParser.FV_LABELS%classes,
re.VERBOSE)
def parseForm(self, form, classname='test', nodeid=None):
- cl = client.Client(self.instance, None, {'PATH_INFO':'/'},
- makeForm(form))
+ cl = client.Client(self.instance, None, {'PATH_INFO':'/',
+ 'REQUEST_METHOD':'POST'}, makeForm(form))
cl.classname = classname
cl.nodeid = nodeid
+ cl.language = ('en',)
cl.db = self.db
- return cl.parsePropsFromForm()
+ return cl.parsePropsFromForm(create=1)
def tearDown(self):
self.db.close()
self.assertEqual(self.parseForm({}), ({('test', None): {}}, []))
def testNothingWithRequired(self):
- self.assertRaises(ValueError, self.parseForm, {':required': 'string'})
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm, {':required': 'string'})
+ self.assertRaises(FormError, self.parseForm,
{':required': 'title,status', 'status':'1'}, 'issue')
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{':required': ['title','status'], 'status':'1'}, 'issue')
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{':required': 'status', 'status':''}, 'issue')
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{':required': 'nosy', 'nosy':''}, 'issue')
+ self.assertRaises(FormError, self.parseForm,
+ {':required': 'msg-1@content', 'msg-1@content':''}, 'issue')
+ self.assertRaises(FormError, self.parseForm,
+ {':required': 'msg-1@content'}, 'issue')
#
# Nonexistant edit
#
def testEditNonexistant(self):
- self.assertRaises(IndexError, self.parseForm, {'boolean': ''},
+ self.assertRaises(FormError, self.parseForm, {'boolean': ''},
'test', '1')
#
({('test', None): {}}, []))
self.assertEqual(self.parseForm({'string': ' '}),
({('test', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'string': ['', '']})
+ self.assertRaises(FormError, self.parseForm, {'string': ['', '']})
def testSetString(self):
self.assertEqual(self.parseForm({'string': 'foo'}),
self.assertEqual(self.parseForm({'title': ' '}, 'issue', nodeid),
({('issue', nodeid): {'title': None}}, []))
+ def testStringLinkId(self):
+ self.db.status.set('1', name='2')
+ self.db.status.set('2', name='1')
+ issue = self.db.issue.create(title='i1-status1', status='1')
+ self.assertEqual(self.db.issue.get(issue,'status'),'1')
+ self.assertEqual(self.db.status.lookup('1'),'2')
+ self.assertEqual(self.db.status.lookup('2'),'1')
+ form = cgi.FieldStorage()
+ cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
+ cl.classname = 'issue'
+ cl.nodeid = issue
+ cl.db = self.db
+ cl.language = ('en',)
+ item = HTMLItem(cl, 'issue', issue)
+ self.assertEqual(item.status.id, '1')
+ self.assertEqual(item.status.name, '2')
+
+ def testStringMultilinkId(self):
+ id = self.db.keyword.create(name='2')
+ self.assertEqual(id,'1')
+ id = self.db.keyword.create(name='1')
+ self.assertEqual(id,'2')
+ issue = self.db.issue.create(title='i1-status1', keyword=['1'])
+ self.assertEqual(self.db.issue.get(issue,'keyword'),['1'])
+ self.assertEqual(self.db.keyword.lookup('1'),'2')
+ self.assertEqual(self.db.keyword.lookup('2'),'1')
+ form = cgi.FieldStorage()
+ cl = client.Client(self.instance, None, {'PATH_INFO':'/'}, form)
+ cl.classname = 'issue'
+ cl.nodeid = issue
+ cl.db = self.db
+ cl.language = ('en',)
+ cl.userid = '1'
+ item = HTMLItem(cl, 'issue', issue)
+ for keyword in item.keyword:
+ self.assertEqual(keyword.id, '1')
+ self.assertEqual(keyword.name, '2')
+
def testFileUpload(self):
file = FileUpload('foo', 'foo.txt')
self.assertEqual(self.parseForm({'content': file}, 'file'),
({('file', None): {'content': 'foo', 'name': 'foo.txt',
'type': 'text/plain'}}, []))
+ def testEditFileClassAttributes(self):
+ self.assertEqual(self.parseForm({'name': 'foo.txt',
+ 'type': 'application/octet-stream'},
+ 'file'),
+ ({('file', None): {'name': 'foo.txt',
+ 'type': 'application/octet-stream'}},[]))
+
#
# Link
#
({('test', None): {}}, []))
self.assertEqual(self.parseForm({'link': ' '}),
({('test', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'link': ['', '']})
+ self.assertRaises(FormError, self.parseForm, {'link': ['', '']})
self.assertEqual(self.parseForm({'link': '-1'}),
({('test', None): {}}, []))
# XXX This is not the current behaviour - should we enforce this?
# self.assertRaises(IndexError, self.parseForm,
# {'status': '4'}))
- self.assertRaises(ValueError, self.parseForm, {'link': 'frozzle'})
- self.assertRaises(ValueError, self.parseForm, {'status': 'frozzle'},
+ self.assertRaises(FormError, self.parseForm, {'link': 'frozzle'})
+ self.assertRaises(FormError, self.parseForm, {'status': 'frozzle'},
'issue')
#
cl.classname = 'issue'
cl.nodeid = None
cl.db = self.db
- self.assertEqual(cl.parsePropsFromForm(),
+ cl.language = ('en',)
+ self.assertEqual(cl.parsePropsFromForm(create=1),
({('issue', None): {'nosy': ['1','2', '3']}}, []))
def testEmptyMultilinkSet(self):
nodeid = self.db.issue.create(nosy=['1','2'])
- self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
+ self.assertEqual(self.parseForm({'nosy': ''}, 'issue', nodeid),
({('issue', nodeid): {'nosy': []}}, []))
nodeid = self.db.issue.create(nosy=['1','2'])
- self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
+ self.assertEqual(self.parseForm({'nosy': ' '}, 'issue', nodeid),
({('issue', nodeid): {'nosy': []}}, []))
self.assertEqual(self.parseForm({'nosy': '1,2'}, 'issue', nodeid),
({('issue', nodeid): {}}, []))
# XXX This is not the current behaviour - should we enforce this?
# self.assertRaises(IndexError, self.parseForm,
# {'nosy': '4'}))
- self.assertRaises(ValueError, self.parseForm, {'nosy': 'frozzle'},
+ self.assertRaises(FormError, self.parseForm, {'nosy': 'frozzle'},
'issue')
- self.assertRaises(ValueError, self.parseForm, {'nosy': '1,frozzle'},
+ self.assertRaises(FormError, self.parseForm, {'nosy': '1,frozzle'},
'issue')
- self.assertRaises(ValueError, self.parseForm, {'multilink': 'frozzle'})
+ self.assertRaises(FormError, self.parseForm, {'multilink': 'frozzle'})
def testMultilinkAdd(self):
nodeid = self.db.issue.create(nosy=['1'])
'issue', nodeid), ({('issue', nodeid): {'nosy': ['3']}}, []))
# remove one that doesn't exist?
- self.assertRaises(ValueError, self.parseForm, {':remove:nosy': '4'},
+ self.assertRaises(FormError, self.parseForm, {':remove:nosy': '4'},
'issue', nodeid)
def testMultilinkRetired(self):
({('issue', nodeid): {'nosy': ['1','2','3']}}, []))
def testAddRemoveNonexistant(self):
- self.assertRaises(ValueError, self.parseForm, {':remove:foo': '2'},
+ self.assertRaises(FormError, self.parseForm, {':remove:foo': '2'},
'issue')
- self.assertRaises(ValueError, self.parseForm, {':add:foo': '2'},
+ self.assertRaises(FormError, self.parseForm, {':add:foo': '2'},
'issue')
#
({('user', None): {}}, []))
self.assertEqual(self.parseForm({'password': ''}, 'user'),
({('user', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'password': ['', '']},
+ self.assertRaises(FormError, self.parseForm, {'password': ['', '']},
'user')
- self.assertRaises(ValueError, self.parseForm, {'password': 'foo',
+ self.assertRaises(FormError, self.parseForm, {'password': 'foo',
':confirm:password': ['', '']}, 'user')
def testSetPassword(self):
({('user', None): {'password': 'foo'}}, []))
def testSetPasswordConfirmBad(self):
- self.assertRaises(ValueError, self.parseForm, {'password': 'foo'},
+ self.assertRaises(FormError, self.parseForm, {'password': 'foo'},
'user')
- self.assertRaises(ValueError, self.parseForm, {'password': 'foo',
+ self.assertRaises(FormError, self.parseForm, {'password': 'foo',
':confirm:password': 'bar'}, 'user')
def testEmptyPasswordNotSet(self):
({('test', None): {}}, []))
self.assertEqual(self.parseForm({'boolean': ' '}),
({('test', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'boolean': ['', '']})
+ self.assertRaises(FormError, self.parseForm, {'boolean': ['', '']})
def testSetBoolean(self):
self.assertEqual(self.parseForm({'boolean': 'yes'}),
self.assertEqual(self.parseForm({'boolean': ' '}, 'test', nodeid),
({('test', nodeid): {'boolean': None}}, []))
+ def testRequiredBoolean(self):
+ self.assertRaises(FormError, self.parseForm, {'boolean': '',
+ ':required': 'boolean'})
+ try:
+ self.parseForm({'boolean': 'no', ':required': 'boolean'})
+ except FormError:
+ self.fail('boolean "no" raised "required missing"')
+
#
# Number
#
({('test', None): {}}, []))
self.assertEqual(self.parseForm({'number': ' '}),
({('test', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'number': ['', '']})
+ self.assertRaises(FormError, self.parseForm, {'number': ['', '']})
def testInvalidNumber(self):
- self.assertRaises(ValueError, self.parseForm, {'number': 'hi, mum!'})
+ self.assertRaises(FormError, self.parseForm, {'number': 'hi, mum!'})
def testSetNumber(self):
self.assertEqual(self.parseForm({'number': '1'}),
({('test', None): {'number': 1}}, []))
+ self.assertEqual(self.parseForm({'number': '0'}),
+ ({('test', None): {'number': 0}}, []))
self.assertEqual(self.parseForm({'number': '\n0\n'}),
({('test', None): {'number': 0}}, []))
+
+ def testSetNumberReplaceOne(self):
nodeid = self.db.test.create(number=1)
self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
({('test', nodeid): {}}, []))
+ self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
+ ({('test', nodeid): {'number': 0}}, []))
+
+ def testSetNumberReplaceZero(self):
nodeid = self.db.test.create(number=0)
self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
({('test', nodeid): {}}, []))
+ def testSetNumberReplaceNone(self):
+ nodeid = self.db.test.create()
+ self.assertEqual(self.parseForm({'number': '0'}, 'test', nodeid),
+ ({('test', nodeid): {'number': 0}}, []))
+ self.assertEqual(self.parseForm({'number': '1'}, 'test', nodeid),
+ ({('test', nodeid): {'number': 1}}, []))
+
def testEmptyNumberSet(self):
nodeid = self.db.test.create(number=0)
self.assertEqual(self.parseForm({'number': ''}, 'test', nodeid),
self.assertEqual(self.parseForm({'number': ' '}, 'test', nodeid),
({('test', nodeid): {'number': None}}, []))
+ def testRequiredNumber(self):
+ self.assertRaises(FormError, self.parseForm, {'number': '',
+ ':required': 'number'})
+ try:
+ self.parseForm({'number': '0', ':required': 'number'})
+ except FormError:
+ self.fail('number "no" raised "required missing"')
+
#
# Date
#
({('test', None): {}}, []))
self.assertEqual(self.parseForm({'date': ' '}),
({('test', None): {}}, []))
- self.assertRaises(ValueError, self.parseForm, {'date': ['', '']})
+ self.assertRaises(FormError, self.parseForm, {'date': ['', '']})
def testInvalidDate(self):
- self.assertRaises(ValueError, self.parseForm, {'date': '12'})
+ self.assertRaises(FormError, self.parseForm, {'date': '12'})
def testSetDate(self):
self.assertEqual(self.parseForm({'date': '2003-01-01'}),
({('test', None): {'date': date.Date('2003-01-01')}}, []))
nodeid = self.db.test.create(date=date.Date('2003-01-01'))
- self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
+ self.assertEqual(self.parseForm({'date': '2003-01-01'}, 'test',
nodeid), ({('test', nodeid): {}}, []))
def testEmptyDateSet(self):
nodeid = self.db.test.create(date=date.Date('.'))
- self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
+ self.assertEqual(self.parseForm({'date': ''}, 'test', nodeid),
({('test', nodeid): {'date': None}}, []))
nodeid = self.db.test.create(date=date.Date('1970-01-01.00:00:00'))
- self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
+ self.assertEqual(self.parseForm({'date': ' '}, 'test', nodeid),
({('test', nodeid): {'date': None}}, []))
#
}),
({('test', None): {'string': 'a'},
('issue', '-1'): {'nosy': ['1']},
- ('issue', '-2'): {}
},
[('issue', '-2', 'superseder', [('issue', '-1')])
]
)
)
+ def testMessages(self):
+ self.assertEqual(self.parseForm({
+ 'msg-1@content': 'asdf',
+ 'msg-2@content': 'qwer',
+ '@link@messages': 'msg-1, msg-2'}),
+ ({('test', None): {},
+ ('msg', '-2'): {'content': 'qwer'},
+ ('msg', '-1'): {'content': 'asdf'}},
+ [('test', None, 'messages', [('msg', '-1'), ('msg', '-2')])]
+ )
+ )
+
def testLinkBadDesignator(self):
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{'test-1@link@link': 'blah'})
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{'test-1@link@link': 'issue'})
def testLinkNotLink(self):
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{'test-1@link@boolean': 'issue-1'})
- self.assertRaises(ValueError, self.parseForm,
+ self.assertRaises(FormError, self.parseForm,
{'test-1@link@string': 'issue-1'})
def testBackwardsCompat(self):
'name': 'foo.txt', 'type': 'text/plain'}},
[('issue', None, 'files', [('file', '-1')])]))
-def suite():
- l = [unittest.makeSuite(FormTestCase),
- ]
- return unittest.TestSuite(l)
+ #
+ # SECURITY
+ #
+ # XXX test all default permissions
+ def _make_client(self, form, classname='user', nodeid='1', userid='2'):
+ cl = client.Client(self.instance, None, {'PATH_INFO':'/',
+ 'REQUEST_METHOD':'POST'}, makeForm(form))
+ cl.classname = 'user'
+ cl.nodeid = nodeid
+ cl.db = self.db
+ cl.userid = userid
+ cl.language = ('en',)
+ return cl
+
+ def testClassPermission(self):
+ cl = self._make_client(dict(username='bob'))
+ self.failUnlessRaises(exceptions.Unauthorised,
+ actions.EditItemAction(cl).handle)
+ cl.nodeid = '1'
+ self.assertRaises(exceptions.Unauthorised,
+ actions.EditItemAction(cl).handle)
+
+ def testCheckAndPropertyPermission(self):
+ self.db.security.permissions = {}
+ def own_record(db, userid, itemid): return userid == itemid
+ p = self.db.security.addPermission(name='Edit', klass='user',
+ check=own_record, properties=("password", ))
+ self.db.security.addPermissionToRole('User', p)
+
+ cl = self._make_client(dict(username='bob'))
+ self.assertRaises(exceptions.Unauthorised,
+ actions.EditItemAction(cl).handle)
+ cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
+ self.failUnlessRaises(exceptions.Unauthorised,
+ actions.EditItemAction(cl).handle)
+
+ def testCSVExport(self):
+ cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
+ userid='1')
+ cl.classname = 'status'
+ output = StringIO.StringIO()
+ cl.request = MockNull()
+ cl.request.wfile = output
+ actions.ExportCSVAction(cl).handle()
+ self.assertEquals('id,name\r\n1,unread\r\n2,deferred\r\n3,chatting\r\n'
+ '4,need-eg\r\n5,in-progress\r\n6,testing\r\n7,done-cbb\r\n'
+ '8,resolved\r\n',
+ output.getvalue())
+
+ def testCSVExportFailPermission(self):
+ cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
+ userid='2')
+ cl.classname = 'user'
+ output = StringIO.StringIO()
+ cl.request = MockNull()
+ cl.request.wfile = output
+ self.assertRaises(exceptions.Unauthorised,
+ actions.ExportCSVAction(cl).handle)
+
+
+def test_suite():
+ suite = unittest.TestSuite()
+
+def test_suite():
+ suite = unittest.TestSuite()
+ suite.addTest(unittest.makeSuite(FormTestCase))
+ suite.addTest(unittest.makeSuite(MessageTestCase))
+ return suite
-def run():
+if __name__ == '__main__':
runner = unittest.TextTestRunner()
unittest.main(testRunner=runner)
-if __name__ == '__main__':
- run()
-
-# vim: set filetype=python ts=4 sw=4 et si
+# vim: set filetype=python sts=4 sw=4 et si :