test/unittest_req.py
author Julien Cristau <julien.cristau@logilab.fr>
Thu, 13 Mar 2014 16:57:22 +0100
changeset 9659 c45073a96aee
parent 9654 f788e5e7e6ea
permissions -rw-r--r--
[web] return 403 for Unauthorized, not 401 401 is reserved to HTTP authentication. Just because it's also called "unauthorized" doesn't mean it's the same as cubicweb's Unauthorized exception. Closes #3648809.

# copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
#
# This file is part of CubicWeb.
#
# CubicWeb is free software: you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.

from logilab.common.testlib import TestCase, unittest_main
from cubicweb import ObjectNotFound
from cubicweb.req import RequestSessionBase, FindEntityError
from cubicweb.devtools.testlib import CubicWebTC
from cubicweb import Unauthorized

class RequestTC(TestCase):
    def test_rebuild_url(self):
        rebuild_url = RequestSessionBase(None).rebuild_url
        self.assertEqual(rebuild_url('http://logilab.fr?__message=pouet', __message='hop'),
                          'http://logilab.fr?__message=hop')
        self.assertEqual(rebuild_url('http://logilab.fr', __message='hop'),
                          'http://logilab.fr?__message=hop')
        self.assertEqual(rebuild_url('http://logilab.fr?vid=index', __message='hop'),
                          'http://logilab.fr?__message=hop&vid=index')

    def test_build_url(self):
        req = RequestSessionBase(None)
        req.from_controller = lambda : 'view'
        req.relative_path = lambda includeparams=True: None
        req.base_url = lambda secure=None: 'http://testing.fr/cubicweb/'
        self.assertEqual(req.build_url(), u'http://testing.fr/cubicweb/view')
        self.assertEqual(req.build_url(None), u'http://testing.fr/cubicweb/view')
        self.assertEqual(req.build_url('one'), u'http://testing.fr/cubicweb/one')
        self.assertEqual(req.build_url(param='ok'), u'http://testing.fr/cubicweb/view?param=ok')
        self.assertRaises(AssertionError, req.build_url, 'one', 'two not allowed')
        self.assertRaises(AssertionError, req.build_url, 'view', test=None)

    def test_ensure_no_rql(self):
        req = RequestSessionBase(None)
        self.assertEqual(req.ensure_ro_rql('Any X WHERE X is CWUser'), None)
        self.assertEqual(req.ensure_ro_rql('  Any X WHERE X is CWUser  '), None)
        self.assertRaises(Unauthorized, req.ensure_ro_rql, 'SET X login "toto" WHERE X is CWUser')
        self.assertRaises(Unauthorized, req.ensure_ro_rql, '   SET X login "toto" WHERE X is CWUser   ')


class RequestCWTC(CubicWebTC):

    def test_base_url(self):
        base_url = self.config['base-url']
        with self.admin_access.repo_cnx() as session:
            self.assertEqual(session.base_url(), base_url)
            assert 'https-url' not in self.config
            self.assertEqual(session.base_url(secure=True), base_url)
            secure_base_url = base_url.replace('http', 'https')
            self.config.global_set_option('https-url', secure_base_url)
            self.assertEqual(session.base_url(secure=True), secure_base_url)

    def test_view_catch_ex(self):
        with self.admin_access.web_request() as req:
            rset = req.execute('CWUser X WHERE X login "hop"')
            self.assertEqual(req.view('oneline', rset, 'null'), '')
            self.assertRaises(ObjectNotFound, req.view, 'onelinee', rset, 'null')

    def test_find_one_entity(self):
        with self.admin_access.web_request() as req:
            req.create_entity(
                'CWUser', login=u'cdevienne', upassword=u'cdevienne',
                surname=u'de Vienne', firstname=u'Christophe',
                in_group=req.find('CWGroup', name=u'users').one())

            req.create_entity(
                'CWUser', login=u'adim', upassword='adim', surname=u'di mascio',
                firstname=u'adrien',
                in_group=req.find('CWGroup', name=u'users').one())

            u = req.find_one_entity('CWUser', login=u'cdevienne')
            self.assertEqual(u.firstname, u"Christophe")

            with self.assertRaises(FindEntityError):
                req.find_one_entity('CWUser', login=u'patanok')

            with self.assertRaises(FindEntityError):
                req.find_one_entity('CWUser')

    def test_find_entities(self):
        with self.admin_access.web_request() as req:
            req.create_entity(
                'CWUser', login=u'cdevienne', upassword=u'cdevienne',
                surname=u'de Vienne', firstname=u'Christophe',
                in_group=req.find('CWGroup', name=u'users').one())

            req.create_entity(
                'CWUser', login=u'adim', upassword='adim', surname=u'di mascio',
                firstname=u'adrien',
                in_group=req.find('CWGroup', name=u'users').one())

            l = list(req.find_entities('CWUser', login=u'cdevienne'))
            self.assertEqual(1, len(l))
            self.assertEqual(l[0].firstname, u"Christophe")

            l = list(req.find_entities('CWUser', login=u'patanok'))
            self.assertEqual(0, len(l))

            l = list(req.find_entities('CWUser'))
            self.assertEqual(4, len(l))

    def test_find(self):
        with self.admin_access.web_request() as req:
            req.create_entity(
                'CWUser', login=u'cdevienne', upassword=u'cdevienne',
                surname=u'de Vienne', firstname=u'Christophe',
                in_group=req.find('CWGroup', name=u'users').one())

            req.create_entity(
                'CWUser', login=u'adim', upassword='adim', surname=u'di mascio',
                firstname=u'adrien',
                in_group=req.find('CWGroup', name=u'users').one())

            u = req.find('CWUser', login=u'cdevienne').one()
            self.assertEqual(u.firstname, u"Christophe")

            users = list(req.find('CWUser').entities())
            self.assertEqual(len(users), 4)

            groups = list(
                req.find('CWGroup', reverse_in_group=u).entities())
            self.assertEqual(len(groups), 1)
            self.assertEqual(groups[0].name, u'users')

            users = req.find('CWUser', in_group=groups[0]).entities()
            users = list(users)
            self.assertEqual(len(users), 2)

            with self.assertRaises(AssertionError):
                req.find('CWUser', chapeau=u"melon")

            with self.assertRaises(AssertionError):
                req.find('CWUser', reverse_buddy=users[0])

            with self.assertRaises(NotImplementedError):
                req.find('CWUser', in_group=[1, 2])

if __name__ == '__main__':
    unittest_main()