Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
changeset 8655 ab57000bff7b
parent 8624 7e415f457155
parent 8649 8fbb2f65721e
child 8694 d901c36bcfce 
--- a/server/test/unittest_security.py	Thu Jan 10 18:31:43 2013 +0100
+++ b/server/test/unittest_security.py	Thu Jan 17 18:30:08 2013 +0100
@@ -606,6 +606,16 @@
                           {'ti': trinfo.eid})
 
     def test_emailaddress_security(self):
+        # check for prexisting email adresse
+        if self.execute('Any X WHERE X is EmailAddress'):
+            rset = self.execute('Any X, U WHERE X is EmailAddress, U use_email X')
+            msg = ['Preexisting email readable by anon found!']
+            tmpl = '  - "%s" used by user "%s"'
+            for i in xrange(len(rset)):
+                email, user = rset.get_entity(i, 0), rset.get_entity(i, 1)
+                msg.append(tmpl % (email.dc_title(), user.dc_title()))
+            raise RuntimeError('\n'.join(msg))
+        # actual test
         self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
         self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0)
         self.commit()
cubicweb