author | Pierre-Yves David <pierre-yves.david@logilab.fr> |
Tue, 25 Jun 2013 14:45:16 +0200 | |
changeset 9069 | aff871b58ba0 |
parent 9065 | b1cad8e4557f |
child 9071 | 46885bfa4150 |
permissions | -rw-r--r-- |
8544
3d049071957e
massive copyright update to avoid clutering later patches
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8312
diff
changeset
|
1 |
# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
5584
c1823448f81d
[web] disallow authenticated users to access to the login form (closes #914873)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
18 |
"""unit tests for cubicweb.web.application""" |
0 | 19 |
|
20 |
import base64, Cookie |
|
21 |
import sys |
|
22 |
from urllib import unquote |
|
2661
f8df42c9da6b
[vreg api update] remove some deprecation warnings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
23 |
|
f8df42c9da6b
[vreg api update] remove some deprecation warnings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
24 |
from logilab.common.testlib import TestCase, unittest_main |
6849
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
25 |
from logilab.common.decorators import clear_cache, classproperty |
0 | 26 |
|
5584
c1823448f81d
[web] disallow authenticated users to access to the login form (closes #914873)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
27 |
from cubicweb import AuthenticationError, Unauthorized |
2773
b2530e3e0afb
[testlib] #345052 and #344207: major test lib refactoring/cleanup + update usage
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2661
diff
changeset
|
28 |
from cubicweb.devtools.testlib import CubicWebTC |
2661
f8df42c9da6b
[vreg api update] remove some deprecation warnings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
29 |
from cubicweb.devtools.fake import FakeRequest |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
30 |
from cubicweb.web import LogOut, Redirect, INTERNAL_FIELD_VALUE |
0 | 31 |
from cubicweb.web.views.basecontrollers import ViewController |
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
32 |
from cubicweb.web.application import anonymized_request |
9065
b1cad8e4557f
[web/test] properly reset the request connection related attribute
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9064
diff
changeset
|
33 |
from cubicweb.dbapi import DBAPISession, _NeedAuthAccessMock |
0 | 34 |
|
35 |
class FakeMapping: |
|
36 |
"""emulates a mapping module""" |
|
37 |
def __init__(self): |
|
38 |
self.ENTITIES_MAP = {} |
|
39 |
self.ATTRIBUTES_MAP = {} |
|
40 |
self.RELATIONS_MAP = {} |
|
41 |
||
42 |
class MockCursor: |
|
43 |
def __init__(self): |
|
44 |
self.executed = [] |
|
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5038
diff
changeset
|
45 |
def execute(self, rql, args=None, build_descr=False): |
0 | 46 |
args = args or {} |
47 |
self.executed.append(rql % args) |
|
48 |
||
49 |
||
50 |
class FakeController(ViewController): |
|
51 |
||
52 |
def __init__(self, form=None): |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
53 |
self._cw = FakeRequest() |
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
54 |
self._cw.form = form or {} |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
55 |
self._cursor = MockCursor() |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
56 |
self._cw.execute = self._cursor.execute |
0 | 57 |
|
58 |
def new_cursor(self): |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
59 |
self._cursor = MockCursor() |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
60 |
self._cw.execute = self._cursor.execute |
0 | 61 |
|
62 |
def set_form(self, form): |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
63 |
self._cw.form = form |
0 | 64 |
|
65 |
||
66 |
class RequestBaseTC(TestCase): |
|
67 |
def setUp(self): |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
68 |
self._cw = FakeRequest() |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
69 |
|
0 | 70 |
|
71 |
def test_list_arg(self): |
|
72 |
"""tests the list_arg() function""" |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
73 |
list_arg = self._cw.list_form_param |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
74 |
self.assertEqual(list_arg('arg3', {}), []) |
0 | 75 |
d = {'arg1' : "value1", |
76 |
'arg2' : ('foo', INTERNAL_FIELD_VALUE,), |
|
77 |
'arg3' : ['bar']} |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
78 |
self.assertEqual(list_arg('arg1', d, True), ['value1']) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
79 |
self.assertEqual(d, {'arg2' : ('foo', INTERNAL_FIELD_VALUE), 'arg3' : ['bar'],}) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
80 |
self.assertEqual(list_arg('arg2', d, True), ['foo']) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
81 |
self.assertEqual({'arg3' : ['bar'],}, d) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
82 |
self.assertEqual(list_arg('arg3', d), ['bar',]) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
83 |
self.assertEqual({'arg3' : ['bar'],}, d) |
0 | 84 |
|
85 |
||
86 |
def test_from_controller(self): |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
87 |
self._cw.vreg['controllers'] = {'view': 1, 'login': 1} |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
88 |
self.assertEqual(self._cw.from_controller(), 'view') |
0 | 89 |
req = FakeRequest(url='project?vid=list') |
3265
96c8363b8f64
test update, no more a FakeVReg, needs to hack it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2661
diff
changeset
|
90 |
req.vreg['controllers'] = {'view': 1, 'login': 1} |
0 | 91 |
# this assertion is just to make sure that relative_path can be |
92 |
# correctly computed as it is used in from_controller() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
93 |
self.assertEqual(req.relative_path(False), 'project') |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
94 |
self.assertEqual(req.from_controller(), 'view') |
0 | 95 |
# test on a valid non-view controller |
96 |
req = FakeRequest(url='login?x=1&y=2') |
|
3265
96c8363b8f64
test update, no more a FakeVReg, needs to hack it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2661
diff
changeset
|
97 |
req.vreg['controllers'] = {'view': 1, 'login': 1} |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
98 |
self.assertEqual(req.relative_path(False), 'login') |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
99 |
self.assertEqual(req.from_controller(), 'login') |
0 | 100 |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
101 |
|
0 | 102 |
class UtilsTC(TestCase): |
103 |
"""test suite for misc application utilities""" |
|
104 |
||
105 |
def setUp(self): |
|
106 |
self.ctrl = FakeController() |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
107 |
|
0 | 108 |
#def test_which_mapping(self): |
109 |
# """tests which mapping is used (application or core)""" |
|
110 |
# init_mapping() |
|
111 |
# from cubicweb.common import mapping |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
112 |
# self.assertEqual(mapping.MAPPING_USED, 'core') |
0 | 113 |
# sys.modules['mapping'] = FakeMapping() |
114 |
# init_mapping() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
115 |
# self.assertEqual(mapping.MAPPING_USED, 'application') |
0 | 116 |
# del sys.modules['mapping'] |
117 |
||
118 |
def test_execute_linkto(self): |
|
119 |
"""tests the execute_linkto() function""" |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
120 |
self.assertEqual(self.ctrl.execute_linkto(), None) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
121 |
self.assertEqual(self.ctrl._cursor.executed, |
0 | 122 |
[]) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
123 |
|
0 | 124 |
self.ctrl.set_form({'__linkto' : 'works_for:12_13_14:object', |
125 |
'eid': 8}) |
|
126 |
self.ctrl.execute_linkto() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
127 |
self.assertEqual(self.ctrl._cursor.executed, |
0 | 128 |
['SET Y works_for X WHERE X eid 8, Y eid %s' % i |
129 |
for i in (12, 13, 14)]) |
|
130 |
||
131 |
self.ctrl.new_cursor() |
|
132 |
self.ctrl.set_form({'__linkto' : 'works_for:12_13_14:subject', |
|
133 |
'eid': 8}) |
|
134 |
self.ctrl.execute_linkto() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
135 |
self.assertEqual(self.ctrl._cursor.executed, |
0 | 136 |
['SET X works_for Y WHERE X eid 8, Y eid %s' % i |
137 |
for i in (12, 13, 14)]) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
138 |
|
0 | 139 |
|
140 |
self.ctrl.new_cursor() |
|
3462
3a79fecdd2b4
[magicsearch] make tests pass again: base preprocessor must have access to vreg
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3293
diff
changeset
|
141 |
self.ctrl._cw.form = {'__linkto' : 'works_for:12_13_14:object'} |
0 | 142 |
self.ctrl.execute_linkto(eid=8) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
143 |
self.assertEqual(self.ctrl._cursor.executed, |
0 | 144 |
['SET Y works_for X WHERE X eid 8, Y eid %s' % i |
145 |
for i in (12, 13, 14)]) |
|
146 |
||
147 |
self.ctrl.new_cursor() |
|
148 |
self.ctrl.set_form({'__linkto' : 'works_for:12_13_14:subject'}) |
|
149 |
self.ctrl.execute_linkto(eid=8) |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
150 |
self.assertEqual(self.ctrl._cursor.executed, |
0 | 151 |
['SET X works_for Y WHERE X eid 8, Y eid %s' % i |
152 |
for i in (12, 13, 14)]) |
|
153 |
||
154 |
||
2773
b2530e3e0afb
[testlib] #345052 and #344207: major test lib refactoring/cleanup + update usage
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2661
diff
changeset
|
155 |
class ApplicationTC(CubicWebTC): |
0 | 156 |
|
6849
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
157 |
@classproperty |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
158 |
def config(cls): |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
159 |
try: |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
160 |
return cls.__dict__['_config'] |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
161 |
except KeyError: |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
162 |
config = super(ApplicationTC, cls).config |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
163 |
config.global_set_option('allow-email-login', True) |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
164 |
return config |
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
165 |
|
0 | 166 |
def test_cnx_user_groups_sync(self): |
167 |
user = self.user() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
168 |
self.assertEqual(user.groups, set(('managers',))) |
0 | 169 |
self.execute('SET X in_group G WHERE X eid %s, G name "guests"' % user.eid) |
170 |
user = self.user() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
171 |
self.assertEqual(user.groups, set(('managers',))) |
0 | 172 |
self.commit() |
173 |
user = self.user() |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
174 |
self.assertEqual(user.groups, set(('managers', 'guests'))) |
0 | 175 |
# cleanup |
176 |
self.execute('DELETE X in_group G WHERE X eid %s, G name "guests"' % user.eid) |
|
177 |
self.commit() |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
178 |
|
0 | 179 |
def test_publish_validation_error(self): |
180 |
req = self.request() |
|
181 |
user = self.user() |
|
4172
4d4cef034eec
all web tests OK
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3890
diff
changeset
|
182 |
eid = unicode(user.eid) |
0 | 183 |
req.form = { |
4172
4d4cef034eec
all web tests OK
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3890
diff
changeset
|
184 |
'eid': eid, |
7584
e1881933f366
[form, controller] closes #1787233: form should provide a method to process posted content
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7235
diff
changeset
|
185 |
'__type:'+eid: 'CWUser', '_cw_entity_fields:'+eid: 'login-subject', |
4172
4d4cef034eec
all web tests OK
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3890
diff
changeset
|
186 |
'login-subject:'+eid: '', # ERROR: no login specified |
0 | 187 |
# just a sample, missing some necessary information for real life |
188 |
'__errorurl': 'view?vid=edition...' |
|
189 |
} |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
190 |
path, params = self.expect_redirect_handle_request(req, 'edit') |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
191 |
forminfo = req.session.data['view?vid=edition...'] |
0 | 192 |
eidmap = forminfo['eidmap'] |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
193 |
self.assertEqual(eidmap, {}) |
0 | 194 |
values = forminfo['values'] |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
195 |
self.assertEqual(values['login-subject:'+eid], '') |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
196 |
self.assertEqual(values['eid'], eid) |
4276 | 197 |
error = forminfo['error'] |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
198 |
self.assertEqual(error.entity, user.eid) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
199 |
self.assertEqual(error.errors['login-subject'], 'required field') |
0 | 200 |
|
201 |
||
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
202 |
def test_validation_error_dont_loose_subentity_data_ctrl(self): |
0 | 203 |
"""test creation of two linked entities |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
204 |
|
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
205 |
error occurs on the web controller |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
206 |
""" |
0 | 207 |
req = self.request() |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
208 |
# set Y before X to ensure both entities are edited, not only X |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
209 |
req.form = {'eid': ['Y', 'X'], '__maineid': 'X', |
7584
e1881933f366
[form, controller] closes #1787233: form should provide a method to process posted content
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7235
diff
changeset
|
210 |
'__type:X': 'CWUser', '_cw_entity_fields:X': 'login-subject', |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
211 |
# missing required field |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
212 |
'login-subject:X': u'', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
213 |
# but email address is set |
7584
e1881933f366
[form, controller] closes #1787233: form should provide a method to process posted content
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7235
diff
changeset
|
214 |
'__type:Y': 'EmailAddress', '_cw_entity_fields:Y': 'address-subject', |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
215 |
'address-subject:Y': u'bougloup@logilab.fr', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
216 |
'use_email-object:Y': 'X', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
217 |
# necessary to get validation error handling |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
218 |
'__errorurl': 'view?vid=edition...', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
219 |
} |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
220 |
path, params = self.expect_redirect_handle_request(req, 'edit') |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
221 |
forminfo = req.session.data['view?vid=edition...'] |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
222 |
self.assertEqual(set(forminfo['eidmap']), set('XY')) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
223 |
self.assertEqual(forminfo['eidmap']['X'], None) |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
224 |
self.assertIsInstance(forminfo['eidmap']['Y'], int) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
225 |
self.assertEqual(forminfo['error'].entity, 'X') |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
226 |
self.assertEqual(forminfo['error'].errors, |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
227 |
{'login-subject': 'required field'}) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
228 |
self.assertEqual(forminfo['values'], req.form) |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
229 |
|
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
230 |
|
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
231 |
def test_validation_error_dont_loose_subentity_data_repo(self): |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
232 |
"""test creation of two linked entities |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
233 |
|
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
234 |
error occurs on the repository |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
235 |
""" |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
236 |
req = self.request() |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
237 |
# set Y before X to ensure both entities are edited, not only X |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
238 |
req.form = {'eid': ['Y', 'X'], '__maineid': 'X', |
7584
e1881933f366
[form, controller] closes #1787233: form should provide a method to process posted content
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7235
diff
changeset
|
239 |
'__type:X': 'CWUser', '_cw_entity_fields:X': 'login-subject,upassword-subject', |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
240 |
# already existent user |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
241 |
'login-subject:X': u'admin', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
242 |
'upassword-subject:X': u'admin', 'upassword-subject-confirm:X': u'admin', |
7584
e1881933f366
[form, controller] closes #1787233: form should provide a method to process posted content
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7235
diff
changeset
|
243 |
'__type:Y': 'EmailAddress', '_cw_entity_fields:Y': 'address-subject', |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
244 |
'address-subject:Y': u'bougloup@logilab.fr', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
245 |
'use_email-object:Y': 'X', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
246 |
# necessary to get validation error handling |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
247 |
'__errorurl': 'view?vid=edition...', |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
248 |
} |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
249 |
path, params = self.expect_redirect_handle_request(req, 'edit') |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
250 |
forminfo = req.session.data['view?vid=edition...'] |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
251 |
self.assertEqual(set(forminfo['eidmap']), set('XY')) |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
252 |
self.assertIsInstance(forminfo['eidmap']['X'], int) |
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
253 |
self.assertIsInstance(forminfo['eidmap']['Y'], int) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
254 |
self.assertEqual(forminfo['error'].entity, forminfo['eidmap']['X']) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
255 |
self.assertEqual(forminfo['error'].errors, |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
256 |
{'login-subject': u'the value "admin" is already used, use another one'}) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
257 |
self.assertEqual(forminfo['values'], req.form) |
5038
90493551b1eb
[form] fix validation error handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
258 |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
259 |
|
0 | 260 |
def _test_cleaned(self, kwargs, injected, cleaned): |
261 |
req = self.request(**kwargs) |
|
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
262 |
page = self.app_handle_request(req, 'view') |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
263 |
self.assertNotIn(injected, page) |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
264 |
self.assertIn(cleaned, page) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
265 |
|
0 | 266 |
def test_nonregr_script_kiddies(self): |
267 |
"""test against current script injection""" |
|
268 |
injected = '<i>toto</i>' |
|
269 |
cleaned = 'toto' |
|
270 |
for kwargs in ({'__message': injected}, |
|
271 |
{'vid': injected}, |
|
272 |
{'vtitle': injected}, |
|
273 |
): |
|
274 |
yield self._test_cleaned, kwargs, injected, cleaned |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
275 |
|
0 | 276 |
def test_site_wide_eproperties_sync(self): |
277 |
# XXX work in all-in-one configuration but not in twisted for instance |
|
278 |
# in which case we need a kindof repo -> http server notification |
|
279 |
# protocol |
|
280 |
vreg = self.app.vreg |
|
281 |
# default value |
|
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
282 |
self.assertEqual(vreg.property_value('ui.language'), 'en') |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
0
diff
changeset
|
283 |
self.execute('INSERT CWProperty X: X value "fr", X pkey "ui.language"') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
284 |
self.assertEqual(vreg.property_value('ui.language'), 'en') |
0 | 285 |
self.commit() |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
286 |
self.assertEqual(vreg.property_value('ui.language'), 'fr') |
0 | 287 |
self.execute('SET X value "de" WHERE X pkey "ui.language"') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
288 |
self.assertEqual(vreg.property_value('ui.language'), 'fr') |
0 | 289 |
self.commit() |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
290 |
self.assertEqual(vreg.property_value('ui.language'), 'de') |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
0
diff
changeset
|
291 |
self.execute('DELETE CWProperty X WHERE X pkey "ui.language"') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
292 |
self.assertEqual(vreg.property_value('ui.language'), 'de') |
0 | 293 |
self.commit() |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
294 |
self.assertEqual(vreg.property_value('ui.language'), 'en') |
0 | 295 |
|
296 |
# authentication tests #################################################### |
|
297 |
||
3657
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
298 |
def test_http_auth_no_anon(self): |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
299 |
req, origsession = self.init_authentication('http') |
3657
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
300 |
self.assertAuthFailure(req) |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
301 |
self.app.handle_request(req, 'login') |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
302 |
self.assertEqual(401, req.status_out) |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
303 |
clear_cache(req, 'get_authorization') |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
304 |
authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
7224
e5833657c646
[testlib] make a clear distinction between input / output HTTP headers
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7163
diff
changeset
|
305 |
req.set_request_header('Authorization', 'basic %s' % authstr) |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
306 |
self.assertAuthSuccess(req, origsession) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
307 |
self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
308 |
self.assertEqual(len(self.open_sessions), 0) |
0 | 309 |
|
310 |
def test_cookie_auth_no_anon(self): |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
311 |
req, origsession = self.init_authentication('cookie') |
3657
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
312 |
self.assertAuthFailure(req) |
8311
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
7876
diff
changeset
|
313 |
try: |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
314 |
form = self.app.handle_request(req, 'login') |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
315 |
except Redirect as redir: |
8311
76a44a0d7f4b
[login] split authentication logic from post authentication logic (closes #2200755)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
7876
diff
changeset
|
316 |
self.fail('anonymous user should get login form') |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8695
diff
changeset
|
317 |
clear_cache(req, 'get_authorization') |
7791
31bb51ea5485
[deprecation] fix unittest pending deprecation warnings on failIf/failUnless methods family
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7584
diff
changeset
|
318 |
self.assertTrue('__login' in form) |
31bb51ea5485
[deprecation] fix unittest pending deprecation warnings on failIf/failUnless methods family
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7584
diff
changeset
|
319 |
self.assertTrue('__password' in form) |
9039
488255d1cf3b
[testlib] rework request building in init_authentication
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9019
diff
changeset
|
320 |
self.assertFalse(req.cnx) # Mock cnx are False |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
321 |
req.form['__login'] = self.admlogin |
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
322 |
req.form['__password'] = self.admpassword |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
323 |
self.assertAuthSuccess(req, origsession) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
324 |
self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
325 |
self.assertEqual(len(self.open_sessions), 0) |
0 | 326 |
|
1490
6b024694d493
add allow-email-login option
Florent <florent@secondweb.fr>
parents:
1489
diff
changeset
|
327 |
def test_login_by_email(self): |
1489
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
328 |
login = self.request().user.login |
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
329 |
address = login + u'@localhost' |
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
330 |
self.execute('INSERT EmailAddress X: X address %(address)s, U primary_email X ' |
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
331 |
'WHERE U login %(login)s', {'address': address, 'login': login}) |
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
332 |
self.commit() |
6849
5a0c2cfc19bf
[repository auth] cleanup email login by turning it into a proper repo-side authentication plugin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6848
diff
changeset
|
333 |
# # option allow-email-login not set |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
334 |
req, origsession = self.init_authentication('cookie') |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
335 |
# req.form['__login'] = address |
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
336 |
# req.form['__password'] = self.admpassword |
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
337 |
# self.assertAuthFailure(req) |
1490
6b024694d493
add allow-email-login option
Florent <florent@secondweb.fr>
parents:
1489
diff
changeset
|
338 |
# option allow-email-login set |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
339 |
origsession.login = address |
1490
6b024694d493
add allow-email-login option
Florent <florent@secondweb.fr>
parents:
1489
diff
changeset
|
340 |
self.set_option('allow-email-login', True) |
1489
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
341 |
req.form['__login'] = address |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
342 |
req.form['__password'] = self.admpassword |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
343 |
self.assertAuthSuccess(req, origsession) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
344 |
self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
345 |
self.assertEqual(len(self.open_sessions), 0) |
1489
08acef58ad08
add a test regarding login with a primary email
Florent <florent@secondweb.fr>
parents:
1398
diff
changeset
|
346 |
|
0 | 347 |
def _reset_cookie(self, req): |
348 |
# preparing the suite of the test |
|
349 |
# set session id in cookie |
|
350 |
cookie = Cookie.SimpleCookie() |
|
6797
90d687bd4c52
[web test] fix authentication test: session cookie should now be computed by the session handler (changed in cw 3.10.6)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6796
diff
changeset
|
351 |
sessioncookie = self.app.session_handler.session_cookie(req) |
90d687bd4c52
[web test] fix authentication test: session cookie should now be computed by the session handler (changed in cw 3.10.6)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6796
diff
changeset
|
352 |
cookie[sessioncookie] = req.session.sessionid |
7224
e5833657c646
[testlib] make a clear distinction between input / output HTTP headers
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7163
diff
changeset
|
353 |
req.set_request_header('Cookie', cookie[sessioncookie].OutputString(), |
e5833657c646
[testlib] make a clear distinction between input / output HTTP headers
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7163
diff
changeset
|
354 |
raw=True) |
0 | 355 |
clear_cache(req, 'get_authorization') |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
356 |
# reset session as if it was a new incoming request |
9065
b1cad8e4557f
[web/test] properly reset the request connection related attribute
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9064
diff
changeset
|
357 |
req.session = DBAPISession(None) |
b1cad8e4557f
[web/test] properly reset the request connection related attribute
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9064
diff
changeset
|
358 |
req.user = req.cnx = _NeedAuthAccessMock |
b1cad8e4557f
[web/test] properly reset the request connection related attribute
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9064
diff
changeset
|
359 |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
360 |
|
3657
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
361 |
def _test_auth_anon(self, req): |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9017
diff
changeset
|
362 |
asession = self.app.get_session(req) |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9017
diff
changeset
|
363 |
req.set_session(asession) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
364 |
self.assertEqual(len(self.open_sessions), 1) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
365 |
self.assertEqual(asession.login, 'anon') |
7791
31bb51ea5485
[deprecation] fix unittest pending deprecation warnings on failIf/failUnless methods family
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7584
diff
changeset
|
366 |
self.assertTrue(asession.anonymous_session) |
3657
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
367 |
self._reset_cookie(req) |
706d7bf0ae3d
factor out code reusable for authentication tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3524
diff
changeset
|
368 |
|
0 | 369 |
def _test_anon_auth_fail(self, req): |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
370 |
self.assertEqual(len(self.open_sessions), 1) |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9017
diff
changeset
|
371 |
session = self.app.get_session(req) |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9017
diff
changeset
|
372 |
req.set_session(session) |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
373 |
self.assertEqual(req.message, 'authentication failure') |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
374 |
self.assertEqual(req.session.anonymous_session, True) |
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
375 |
self.assertEqual(len(self.open_sessions), 1) |
0 | 376 |
self._reset_cookie(req) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
377 |
|
0 | 378 |
def test_http_auth_anon_allowed(self): |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
379 |
req, origsession = self.init_authentication('http', 'anon') |
0 | 380 |
self._test_auth_anon(req) |
381 |
authstr = base64.encodestring('toto:pouet') |
|
7224
e5833657c646
[testlib] make a clear distinction between input / output HTTP headers
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7163
diff
changeset
|
382 |
req.set_request_header('Authorization', 'basic %s' % authstr) |
0 | 383 |
self._test_anon_auth_fail(req) |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
384 |
authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
7224
e5833657c646
[testlib] make a clear distinction between input / output HTTP headers
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7163
diff
changeset
|
385 |
req.set_request_header('Authorization', 'basic %s' % authstr) |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
386 |
self.assertAuthSuccess(req, origsession) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
387 |
self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
388 |
self.assertEqual(len(self.open_sessions), 0) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1490
diff
changeset
|
389 |
|
0 | 390 |
def test_cookie_auth_anon_allowed(self): |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
391 |
req, origsession = self.init_authentication('cookie', 'anon') |
0 | 392 |
self._test_auth_anon(req) |
393 |
req.form['__login'] = 'toto' |
|
394 |
req.form['__password'] = 'pouet' |
|
395 |
self._test_anon_auth_fail(req) |
|
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
396 |
req.form['__login'] = self.admlogin |
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6797
diff
changeset
|
397 |
req.form['__password'] = self.admpassword |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
398 |
self.assertAuthSuccess(req, origsession) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
399 |
self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
6340
470d8e828fda
[test] update test to unittest2 api (still using lgc.testlib though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5584
diff
changeset
|
400 |
self.assertEqual(len(self.open_sessions), 0) |
0 | 401 |
|
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
402 |
def test_anonymized_request(self): |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
403 |
req = self.request() |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
404 |
self.assertEqual(req.session.login, self.admlogin) |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
405 |
# admin should see anon + admin |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
406 |
self.assertEqual(len(list(req.find_entities('CWUser'))), 2) |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
407 |
with anonymized_request(req): |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
408 |
self.assertEqual(req.session.login, 'anon') |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
409 |
# anon should only see anon user |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
410 |
self.assertEqual(len(list(req.find_entities('CWUser'))), 1) |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
411 |
self.assertEqual(req.session.login, self.admlogin) |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
412 |
self.assertEqual(len(list(req.find_entities('CWUser'))), 2) |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7791
diff
changeset
|
413 |
|
3523
16880e7ee3fa
don't accept None to avoid error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3265
diff
changeset
|
414 |
def test_non_regr_optional_first_var(self): |
16880e7ee3fa
don't accept None to avoid error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3265
diff
changeset
|
415 |
req = self.request() |
16880e7ee3fa
don't accept None to avoid error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3265
diff
changeset
|
416 |
# expect a rset with None in [0][0] |
16880e7ee3fa
don't accept None to avoid error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3265
diff
changeset
|
417 |
req.form['rql'] = 'rql:Any OV1, X WHERE X custom_workflow OV1?' |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
418 |
self.app_handle_request(req) |
0 | 419 |
|
420 |
if __name__ == '__main__': |
|
421 |
unittest_main() |