1 # copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2016 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
35 with self.admin_access.client_cnx() as cnx: |
35 with self.admin_access.client_cnx() as cnx: |
36 self.create_user(cnx, u'iaminusersgrouponly') |
36 self.create_user(cnx, u'iaminusersgrouponly') |
37 hash = _CRYPTO_CTX.encrypt('oldpassword', scheme='des_crypt') |
37 hash = _CRYPTO_CTX.encrypt('oldpassword', scheme='des_crypt') |
38 self.create_user(cnx, u'oldpassword', password=Binary(hash.encode('ascii'))) |
38 self.create_user(cnx, u'oldpassword', password=Binary(hash.encode('ascii'))) |
39 |
39 |
|
40 |
40 class LowLevelSecurityFunctionTC(BaseSecurityTC): |
41 class LowLevelSecurityFunctionTC(BaseSecurityTC): |
41 |
42 |
42 def test_check_relation_read_access(self): |
43 def test_check_relation_read_access(self): |
43 rql = u'Personne U WHERE U nom "managers"' |
44 rql = u'Personne U WHERE U nom "managers"' |
44 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
45 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
80 """Ensure that if a user's password is stored with a deprecated hash, |
81 """Ensure that if a user's password is stored with a deprecated hash, |
81 it will be updated on next login |
82 it will be updated on next login |
82 """ |
83 """ |
83 with self.repo.internal_cnx() as cnx: |
84 with self.repo.internal_cnx() as cnx: |
84 oldhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
85 oldhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
85 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
86 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
86 oldhash = self.repo.system_source.binary_to_str(oldhash) |
87 oldhash = self.repo.system_source.binary_to_str(oldhash) |
87 session = self.repo.new_session('oldpassword', password='oldpassword') |
88 session = self.repo.new_session('oldpassword', password='oldpassword') |
88 session.close() |
89 session.close() |
89 newhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
90 newhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
90 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
91 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
113 def test_not_relation_read_security(self): |
114 def test_not_relation_read_security(self): |
114 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |
115 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |
115 self.hijack_source_execute() |
116 self.hijack_source_execute() |
116 cnx.execute('Any U WHERE NOT A todo_by U, A is Affaire') |
117 cnx.execute('Any U WHERE NOT A todo_by U, A is Affaire') |
117 self.assertEqual(self.query[0][1].as_string(), |
118 self.assertEqual(self.query[0][1].as_string(), |
118 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
119 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
119 cnx.execute('Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
120 cnx.execute('Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
120 self.assertEqual(self.query[0][1].as_string(), |
121 self.assertEqual(self.query[0][1].as_string(), |
121 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
122 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
|
123 |
122 |
124 |
123 class SecurityTC(BaseSecurityTC): |
125 class SecurityTC(BaseSecurityTC): |
124 |
126 |
125 def setUp(self): |
127 def setUp(self): |
126 super(SecurityTC, self).setUp() |
128 super(SecurityTC, self).setUp() |