604 self.assertRaises(Unauthorized, |
604 self.assertRaises(Unauthorized, |
605 self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"', |
605 self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"', |
606 {'ti': trinfo.eid}) |
606 {'ti': trinfo.eid}) |
607 |
607 |
608 def test_emailaddress_security(self): |
608 def test_emailaddress_security(self): |
|
609 # check for prexisting email adresse |
|
610 if self.execute('Any X WHERE X is EmailAddress'): |
|
611 rset = self.execute('Any X, U WHERE X is EmailAddress, U use_email X') |
|
612 msg = ['Preexisting email readable by anon found!'] |
|
613 tmpl = ' - "%s" used by user "%s"' |
|
614 for i in xrange(len(rset)): |
|
615 email, user = rset.get_entity(i, 0), rset.get_entity(i, 1) |
|
616 msg.append(tmpl % (email.dc_title(), user.dc_title())) |
|
617 raise RuntimeError('\n'.join(msg)) |
|
618 # actual test |
609 self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
619 self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
610 self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0) |
620 self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0) |
611 self.commit() |
621 self.commit() |
612 self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 2) |
622 self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 2) |
613 self.login('anon') |
623 self.login('anon') |