cubicweb: comparison server/test/unittest

equal deleted inserted replaced

-:d5413f2453a1
+:b2e47617a94e
-# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 #
 # This file is part of CubicWeb.
 #
 # CubicWeb is free software: you can redistribute it and/or modify it under the
 with self.login('iaminusersgrouponly') as cu:
 self.assertRaises(Unauthorized,
 cu.execute, 'Any X,P WHERE X is CWUser, X upassword P')
 def test_update_password(self):
-"""Ensure that if a user's password is stored with a deprecated hash, it will be updated on next login"""
+"""Ensure that if a user's password is stored with a deprecated hash,
-oldhash = str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE cw_login = 'oldpassword'").fetchone()[0])
+it will be updated on next login
+"""
+oldhash = str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser "
+"WHERE cw_login = 'oldpassword'").fetchone()[0])
 with self.login('oldpassword') as cu:
 pass
-newhash = str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE cw_login = 'oldpassword'").fetchone()[0])
+newhash = str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser "
+"WHERE cw_login = 'oldpassword'").fetchone()[0])
 self.assertNotEqual(oldhash, newhash)
 self.assertTrue(newhash.startswith('$6$'))
 with self.login('oldpassword') as cu:
 pass
-self.assertEqual(newhash, str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE cw_login = 'oldpassword'").fetchone()[0]))
+self.assertEqual(newhash,
+str(self.session.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE "
+"cw_login = 'oldpassword'").fetchone()[0]))
 class SecurityRewritingTC(BaseSecurityTC):
 def hijack_source_execute(self):
 def syntax_tree_search(*args, **kwargs):
 def test_update_security_2(self):
 with self.temporary_permissions(Personne={'read': ('users', 'managers'),
 'add': ('guests', 'users', 'managers')}):
 with self.login('anon') as cu:
-self.assertRaises(Unauthorized, cu.execute, "SET X nom 'bidulechouette' WHERE X is Personne")
+self.assertRaises(Unauthorized, cu.execute,
+"SET X nom 'bidulechouette' WHERE X is Personne")
 self.rollback()
 # self.assertRaises(Unauthorized, cnx.commit)
 # test nothing has actually been inserted
 self.assertEqual(self.execute('Personne X WHERE X nom "bidulechouette"').rowcount, 0)
 # this won't actually do anything since the selection query won't return anything
 cu.execute("DELETE A concerne S")
 self.commit()
 # to actually get Unauthorized exception, try to delete a relation we can read
 eid = self.execute("INSERT Affaire X: X sujet 'pascool'")[0][0]
-self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': eid})
+self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"',
+{'x': eid})
 self.execute("SET A concerne S WHERE A sujet 'pascool', S is Societe")
 self.commit()
 with self.login('iaminusersgrouponly') as cu:
 self.assertRaises(Unauthorized, cu.execute, "DELETE A concerne S")
 self.assertRaises(QueryError, self.commit) # can't commit anymore
 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid})
 self.assertEqual(rset.rows, [[aff2]])
 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2})
 self.assertEqual(rset.rows, [])
 # test can't update an attribute of an entity that can't be readen
-self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid})
+self.assertRaises(Unauthorized, cu.execute,
+'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid})
 self.rollback()
 def test_entity_created_in_transaction(self):
 affschema = self.schema['Affaire']
 self.assertRaises(Unauthorized, self.commit)
 def test_read_erqlexpr_has_text1(self):
 aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 card1 = self.execute("INSERT Card X: X title 'cool'")[0][0]
-self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1})
+self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"',
+{'x': card1})
 self.commit()
 with self.login('iaminusersgrouponly') as cu:
 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0]
 cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1})
 self.assertEqual(rset.rows, [[1]])
 rset = cu.execute('Any ETN, COUNT(X) GROUPBY ETN WHERE X is ET, ET name ETN')
 values = dict(rset)
 self.assertEqual(values['Affaire'], 1)
 self.assertEqual(values['Societe'], 2)
-rset = cu.execute('Any ETN, COUNT(X) GROUPBY ETN WHERE X is ET, ET name ETN WITH X BEING ((Affaire X) UNION (Societe X))')
+rset = cu.execute('Any ETN, COUNT(X) GROUPBY ETN WHERE X is ET, ET name ETN '
+'WITH X BEING ((Affaire X) UNION (Societe X))')
 self.assertEqual(len(rset), 2)
 values = dict(rset)
 self.assertEqual(values['Affaire'], 1)
 self.assertEqual(values['Societe'], 2)
 def test_attribute_security(self):
 # only managers should be able to edit the 'test' attribute of Personne entities
-eid = self.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test TRUE")[0][0]
+eid = self.execute("INSERT Personne X: X nom 'bidule', "
+"X web 'http://www.debian.org', X test TRUE")[0][0]
 self.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid})
 self.commit()
 with self.login('iaminusersgrouponly') as cu:
-cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test TRUE")
+cu.execute("INSERT Personne X: X nom 'bidule', "
-self.assertRaises(Unauthorized, self.commit)
+"X web 'http://www.debian.org', X test TRUE")
-cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test FALSE")
+self.assertRaises(Unauthorized, self.commit)
-self.assertRaises(Unauthorized, self.commit)
+cu.execute("INSERT Personne X: X nom 'bidule', "
-eid = cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org'")[0][0]
+"X web 'http://www.debian.org', X test FALSE")
+self.assertRaises(Unauthorized, self.commit)
+eid = cu.execute("INSERT Personne X: X nom 'bidule', "
+"X web 'http://www.debian.org'")[0][0]
 self.commit()
 cu.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid})
 self.assertRaises(Unauthorized, self.commit)
 cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid})
 self.assertRaises(Unauthorized, self.commit)
 self.assertRaises(Unauthorized, self.commit)
 note2 = cu.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0)
 self.commit()
 note2.cw_adapt_to('IWorkflowable').fire_transition('markasdone')
 self.commit()
-self.assertEqual(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s', {'x': note2.eid})),
+self.assertEqual(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s',
+{'x': note2.eid})),
 0)
 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid})
 self.assertRaises(Unauthorized, self.commit)
 note2.cw_adapt_to('IWorkflowable').fire_transition('redoit')
 self.commit()
 x.complete()
 self.assertEqual(x.login, None)
 self.assertTrue(x.creation_date)
 def test_yams_inheritance_and_security_bug(self):
-with self.temporary_permissions(Division={'read': ('managers', ERQLExpression('X owned_by U'))}):
+with self.temporary_permissions(Division={'read': ('managers',
+ERQLExpression('X owned_by U'))}):
 with self.login('iaminusersgrouponly'):
 querier = self.repo.querier
 rqlst = querier.parse('Any X WHERE X is_instance_of Societe')
 querier.solutions(self.session, rqlst, {})
 querier._annotate(rqlst)
 plan = querier.plan_factory(rqlst, {}, self.session)
 plan.preprocess(rqlst)
 self.assertEqual(
 rqlst.as_string(),
-'(Any X WHERE X is IN(SubDivision, Societe)) UNION (Any X WHERE X is Division, EXISTS(X owned_by %(B)s))')
+'(Any X WHERE X is IN(SubDivision, Societe)) UNION '
+'(Any X WHERE X is Division, EXISTS(X owned_by %(B)s))')
 class BaseSchemaSecurityTC(BaseSecurityTC):
 """tests related to the base schema permission configuration"""
 self.assertRaises(Unauthorized, cu.execute, rql)
 self.rollback()
 def test_bookmarked_by_guests_security(self):
 beid1 = self.execute('INSERT Bookmark B: B path "?vid=manage", B title "manage"')[0][0]
-beid2 = self.execute('INSERT Bookmark B: B path "?vid=index", B title "index", B bookmarked_by U WHERE U login "anon"')[0][0]
+beid2 = self.execute('INSERT Bookmark B: B path "?vid=index", B title "index", '
+'B bookmarked_by U WHERE U login "anon"')[0][0]
 self.commit()
 with self.login('anon') as cu:
 anoneid = self.session.user.eid
 self.assertEqual(cu.execute('Any T,P ORDERBY lower(T) WHERE B is Bookmark,B title T,B path P,'
 'B bookmarked_by U, U eid %s' % anoneid).rows,
 email, user = rset.get_entity(i, 0), rset.get_entity(i, 1)
 msg.append(tmpl % (email.dc_title(), user.dc_title()))
 raise RuntimeError('\n'.join(msg))
 # actual test
 self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
-self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0)
+self.execute('INSERT EmailAddress X: X address "anon", '
+'U use_email X WHERE U login "anon"').get_entity(0, 0)
 self.commit()
 self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 2)
 self.login('anon')
 self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 1)

changeset 9777	b2e47617a94e
parent 9586	121c88b360d0
child 9782	95e8fa2c8da8