14 # details. |
14 # details. |
15 # |
15 # |
16 # You should have received a copy of the GNU Lesser General Public License along |
16 # You should have received a copy of the GNU Lesser General Public License along |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
18 """functional tests for server'security""" |
18 """functional tests for server'security""" |
|
19 |
|
20 from six.moves import range |
19 |
21 |
20 from logilab.common.testlib import unittest_main |
22 from logilab.common.testlib import unittest_main |
21 |
23 |
22 from cubicweb.devtools.testlib import CubicWebTC |
24 from cubicweb.devtools.testlib import CubicWebTC |
23 from cubicweb import Unauthorized, ValidationError, QueryError, Binary |
25 from cubicweb import Unauthorized, ValidationError, QueryError, Binary |
664 with self.admin_access.repo_cnx() as cnx: |
666 with self.admin_access.repo_cnx() as cnx: |
665 if cnx.execute('Any X WHERE X is EmailAddress'): |
667 if cnx.execute('Any X WHERE X is EmailAddress'): |
666 rset = cnx.execute('Any X, U WHERE X is EmailAddress, U use_email X') |
668 rset = cnx.execute('Any X, U WHERE X is EmailAddress, U use_email X') |
667 msg = ['Preexisting email readable by anon found!'] |
669 msg = ['Preexisting email readable by anon found!'] |
668 tmpl = ' - "%s" used by user "%s"' |
670 tmpl = ' - "%s" used by user "%s"' |
669 for i in xrange(len(rset)): |
671 for i in range(len(rset)): |
670 email, user = rset.get_entity(i, 0), rset.get_entity(i, 1) |
672 email, user = rset.get_entity(i, 0), rset.get_entity(i, 1) |
671 msg.append(tmpl % (email.dc_title(), user.dc_title())) |
673 msg.append(tmpl % (email.dc_title(), user.dc_title())) |
672 raise RuntimeError('\n'.join(msg)) |
674 raise RuntimeError('\n'.join(msg)) |
673 # actual test |
675 # actual test |
674 cnx.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
676 cnx.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |