Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[test] precheck initial condition stable
authorPierre-Yves David <pierre-yves.david@logilab.fr>
Thu, 17 Jan 2013 15:11:37 +0100
branchstable
changeset 8649 8fbb2f65721e
parent 8648 67a5fccb802a
child 8650 9a6e80bfad9d
[test] precheck initial condition
server/test/unittest_security.py file | annotate | diff | comparison | revisions 
--- a/server/test/unittest_security.py	Wed Jan 16 17:42:16 2013 +0100
+++ b/server/test/unittest_security.py	Thu Jan 17 15:11:37 2013 +0100
@@ -606,6 +606,16 @@
                           {'ti': trinfo.eid})
 
     def test_emailaddress_security(self):
+        # check for prexisting email adresse
+        if self.execute('Any X WHERE X is EmailAddress'):
+            rset = self.execute('Any X, U WHERE X is EmailAddress, U use_email X')
+            msg = ['Preexisting email readable by anon found!']
+            tmpl = '  - "%s" used by user "%s"'
+            for i in xrange(len(rset)):
+                email, user = rset.get_entity(i, 0), rset.get_entity(i, 1)
+                msg.append(tmpl % (email.dc_title(), user.dc_title()))
+            raise RuntimeError('\n'.join(msg))
+        # actual test
         self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
         self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0)
         self.commit()
cubicweb