cubicweb: comparison web/test/unittest

equal deleted inserted replaced

-:672acc730ce5
+:d628defebc17
 class RequestBaseTC(TestCase):
 def setUp(self):
 self.req = FakeRequest()
 def test_list_arg(self):
 """tests the list_arg() function"""
 list_arg = self.req.list_form_param
 self.assertEquals(list_arg('arg3', {}), [])
 # test on a valid non-view controller
 req = FakeRequest(url='login?x=1&y=2')
 self.assertEquals(req.relative_path(False), 'login')
 self.assertEquals(req.from_controller(), 'login')
 class UtilsTC(TestCase):
 """test suite for misc application utilities"""
 def setUp(self):
 self.ctrl = FakeController()
 #def test_which_mapping(self):
 #    """tests which mapping is used (application or core)"""
 #    init_mapping()
 #    from cubicweb.common import mapping
 #    self.assertEquals(mapping.MAPPING_USED, 'core')
 def test_execute_linkto(self):
 """tests the execute_linkto() function"""
 self.assertEquals(self.ctrl.execute_linkto(), None)
 self.assertEquals(self.ctrl._cursor.executed,
 [])
 self.ctrl.set_form({'__linkto' : 'works_for:12_13_14:object',
 'eid': 8})
 self.ctrl.execute_linkto()
 self.assertEquals(self.ctrl._cursor.executed,
 ['SET Y works_for X WHERE X eid 8, Y eid %s' % i
 'eid': 8})
 self.ctrl.execute_linkto()
 self.assertEquals(self.ctrl._cursor.executed,
 ['SET X works_for Y WHERE X eid 8, Y eid %s' % i
 for i in (12, 13, 14)])
 self.ctrl.new_cursor()
 self.ctrl.req.form = {'__linkto' : 'works_for:12_13_14:object'}
 self.ctrl.execute_linkto(eid=8)
 self.assertEquals(self.ctrl._cursor.executed,
 params = dict(cleanup(p.split('=', 1)) for p in params.split('&') if p)
 path = path[len(req.base_url()):]
 return path, params
 else:
 self.fail('expected a Redirect exception')
 def expect_redirect_publish(self, req, path='view'):
 return self.expect_redirect(lambda x: self.publish(x, path), req)
 def test_cnx_user_groups_sync(self):
 user = self.user()
 self.assertEquals(user.groups, set(('managers',)))
 self.execute('SET X in_group G WHERE X eid %s, G name "guests"' % user.eid)
 user = self.user()
 user = self.user()
 self.assertEquals(user.groups, set(('managers', 'guests')))
 # cleanup
 self.execute('DELETE X in_group G WHERE X eid %s, G name "guests"' % user.eid)
 self.commit()
 def test_nonregr_publish1(self):
 req = self.request(u'CWEType X WHERE X final FALSE, X meta FALSE')
 self.app.publish('view', req)
 def test_nonregr_publish2(self):
 req = self.request(u'Any count(N) WHERE N todo_by U, N is Note, U eid %s'
 % self.user().eid)
 self.app.publish('view', req)
 def test_publish_validation_error(self):
 req = self.request()
 user = self.user()
 req.form = {
 'eid':       `user.eid`,
 self.assertEquals(errors.errors['login'], 'required attribute')
 def test_validation_error_dont_loose_subentity_data(self):
 """test creation of two linked entities
 """
 req = self.request()
 form = {'eid': ['X', 'Y'],
 '__type:X': 'CWUser',
 # missing required field
 'login:X': u'', 'edits-login:X': '',
 'surname:X': u'Mr Ouaoua', 'edits-surname:X': '',
 '__type:Y': 'EmailAddress',
 # but email address is set
 'address:Y': u'bougloup@logilab.fr', 'edits-address:Y': '',
 'alias:Y': u'', 'edits-alias:Y': '',
 self.assertUnorderedIterableEquals(forminfo['eidmap'].keys(), ['X', 'Y'])
 self.assertEquals(forminfo['errors'].entity, forminfo['eidmap']['X'])
 self.assertEquals(forminfo['errors'].errors, {'login': 'required attribute',
 'upassword': 'required attribute'})
 self.assertEquals(forminfo['values'], form)
 def _test_cleaned(self, kwargs, injected, cleaned):
 req = self.request(**kwargs)
 page = self.app.publish('view', req)
 self.failIf(injected in page, (kwargs, injected))
 self.failUnless(cleaned in page, (kwargs, cleaned))
 def test_nonregr_script_kiddies(self):
 """test against current script injection"""
 injected = '<i>toto</i>'
 cleaned = 'toto'
 for kwargs in ({'__message': injected},
 {'vid': injected},
 {'vtitle': injected},
 ):
 yield self._test_cleaned, kwargs, injected, cleaned
 def test_site_wide_eproperties_sync(self):
 # XXX work in all-in-one configuration but not in twisted for instance
 # in which case we need a kindof repo -> http server notification
 # protocol
 vreg = self.app.vreg
 req.form['__fblogin'] = u'turlututu'
 page = self.publish(req)
 self.failIf(req.cnx is origcnx)
 self.assertEquals(req.user.login, 'turlututu')
 self.failUnless('turlututu' in page, page)
 # authentication tests ####################################################
 def _init_auth(self, authmode, anonuser=None):
 self.set_option('auth-mode', authmode)
 self.set_option('anonymous-user', anonuser)
 req = self.request()
 origcnx = req.cnx
 req.cnx = None
 sh = self.app.session_handler
 # not properly cleaned between tests
 self.open_sessions = sh.session_manager._sessions = {}
 return req, origcnx
 def _test_auth_succeed(self, req, origcnx):
 sh = self.app.session_handler
 path, params = self.expect_redirect(lambda x: self.app.connect(x), req)
 cnx = req.cnx
 self.assertEquals(len(self.open_sessions), 1, self.open_sessions)
 self.assertEquals(cnx.login, origcnx.login)
 self.assertEquals(cnx.password, origcnx.password)
 self.assertEquals(cnx.anonymous_connection, False)
 self.assertEquals(path, 'view')
 self.assertEquals(params, {'__message': 'welcome %s !' % origcnx.login})
 def _test_auth_fail(self, req):
 self.assertRaises(AuthenticationError, self.app.connect, req)
 self.assertEquals(req.cnx, None)
 self.assertEquals(len(self.open_sessions), 0)
 clear_cache(req, 'get_authorization')
 def test_http_auth_no_anon(self):
 req, origcnx = self._init_auth('http')
 self._test_auth_fail(req)
 self.assertRaises(ExplicitLogin, self.publish, req, 'login')
 self.assertEquals(req.cnx, None)
 authstr = base64.encodestring('%s:%s' % (origcnx.login, origcnx.password))
 req._headers['Authorization'] = 'basic %s' % authstr
 self._test_auth_succeed(req, origcnx)
 self.assertRaises(AuthenticationError, self.publish, req, 'logout')
 self.assertEquals(len(self.open_sessions), 0)
 def test_cookie_auth_no_anon(self):
 req, origcnx = self._init_auth('cookie')
 self._test_auth_fail(req)
 form = self.publish(req, 'login')
 self.assertEquals(req.cnx, None)
 req.form['__login'] = origcnx.login
 req.form['__password'] = origcnx.password
 self._test_auth_succeed(req, origcnx)
 self.assertRaises(AuthenticationError, self.publish, req, 'logout')
 self.assertEquals(len(self.open_sessions), 0)
 def test_login_by_email(self):
 login = self.request().user.login
 address = login + u'@localhost'
 self.execute('INSERT EmailAddress X: X address %(address)s, U primary_email X '
 req, origcnx = self._init_auth('cookie')
 req.form['__login'] = address
 req.form['__password'] = origcnx.password
 self._test_auth_succeed(req, origcnx)
 self.assertRaises(AuthenticationError, self.publish, req, 'logout')
 self.assertEquals(len(self.open_sessions), 0)
 def _test_auth_anon(self, req):
 self.app.connect(req)
 acnx = req.cnx
 self.assertEquals(len(self.open_sessions), 1)
 self.assertEquals(acnx.login, 'anon')
 self.assertEquals(acnx.password, 'anon')
 self.failUnless(acnx.anonymous_connection)
 self._reset_cookie(req)
 def _reset_cookie(self, req):
 # preparing the suite of the test
 # set session id in cookie
 cookie = Cookie.SimpleCookie()
 cookie['__session'] = req.cnx.sessionid
 req._headers['Cookie'] = cookie['__session'].OutputString()
 clear_cache(req, 'get_authorization')
 # reset cnx as if it was a new incoming request
 req.cnx = None
 def _test_anon_auth_fail(self, req):
 self.assertEquals(len(self.open_sessions), 1)
 self.app.connect(req)
 self.assertEquals(req.message, 'authentication failure')
 self.assertEquals(req.cnx.anonymous_connection, True)
 self.assertEquals(len(self.open_sessions), 1)
 self._reset_cookie(req)
 def test_http_auth_anon_allowed(self):
 req, origcnx = self._init_auth('http', 'anon')
 self._test_auth_anon(req)
 authstr = base64.encodestring('toto:pouet')
 req._headers['Authorization'] = 'basic %s' % authstr
 self._test_anon_auth_fail(req)
 authstr = base64.encodestring('%s:%s' % (origcnx.login, origcnx.password))
 req._headers['Authorization'] = 'basic %s' % authstr
 self._test_auth_succeed(req, origcnx)
 self.assertRaises(AuthenticationError, self.publish, req, 'logout')
 self.assertEquals(len(self.open_sessions), 0)
 def test_cookie_auth_anon_allowed(self):
 req, origcnx = self._init_auth('cookie', 'anon')
 self._test_auth_anon(req)
 req.form['__login'] = 'toto'
 req.form['__password'] = 'pouet'
 self._test_anon_auth_fail(req)
 req.form['__login'] = origcnx.login
 req.form['__password'] = origcnx.password
 self._test_auth_succeed(req, origcnx)
 self.assertRaises(AuthenticationError, self.publish, req, 'logout')
 self.assertEquals(len(self.open_sessions), 0)
 if __name__ == '__main__':
 unittest_main()

branch	tls-sprint
changeset 1802	d628defebc17
parent 1490	6b024694d493
child 1977	606923dff11b