##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: fixed tests.
marcink -
r1781:ac222064 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,137 +1,134 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 import pytest
23 from pylons import tmpl_context as c
24 23
25 24 import rhodecode
26 from rhodecode.model.db import Repository, User
25 from rhodecode.model.db import Repository
27 26 from rhodecode.model.meta import Session
28 27 from rhodecode.model.repo import RepoModel
29 28 from rhodecode.model.repo_group import RepoGroupModel
30 29 from rhodecode.model.settings import SettingsModel
31 30 from rhodecode.tests import TestController
32 31 from rhodecode.tests.fixture import Fixture
33
32 from rhodecode.lib import helpers as h
34 33
35 34 fixture = Fixture()
36 35
37 36
38 37 def route_path(name, **kwargs):
39 38 return {
40 39 'home': '/',
41 40 'repo_group_home': '/{repo_group_name}'
42 41 }[name].format(**kwargs)
43 42
44 43
45 44 class TestHomeController(TestController):
46 45
47 46 def test_index(self):
48 47 self.log_user()
49 48 response = self.app.get(route_path('home'))
50 49 # if global permission is set
51 50 response.mustcontain('Add Repository')
52 51
53 52 # search for objects inside the JavaScript JSON
54 53 for repo in Repository.getAll():
55 54 response.mustcontain('"name_raw": "%s"' % repo.repo_name)
56 55
57 56 def test_index_contains_statics_with_ver(self):
57 from pylons import tmpl_context as c
58
58 59 self.log_user()
59 60 response = self.app.get(route_path('home'))
60 61
61 62 rhodecode_version_hash = c.rhodecode_version_hash
62 63 response.mustcontain('style.css?ver={0}'.format(rhodecode_version_hash))
63 64 response.mustcontain('rhodecode-components.js?ver={0}'.format(rhodecode_version_hash))
64 65
65 66 def test_index_contains_backend_specific_details(self, backend):
66 67 self.log_user()
67 68 response = self.app.get(route_path('home'))
68 69 tip = backend.repo.get_commit().raw_id
69 70
70 71 # html in javascript variable:
71 72 response.mustcontain(r'<i class=\"icon-%s\"' % (backend.alias, ))
72 73 response.mustcontain(r'href=\"/%s\"' % (backend.repo_name, ))
73 74
74 75 response.mustcontain("""/%s/changeset/%s""" % (backend.repo_name, tip))
75 76 response.mustcontain("""Added a symlink""")
76 77
77 78 def test_index_with_anonymous_access_disabled(self):
78 79 with fixture.anon_access(False):
79 80 response = self.app.get(route_path('home'), status=302)
80 81 assert 'login' in response.location
81 82
82 83 def test_index_page_on_groups(self, autologin_user, repo_group):
83 84 response = self.app.get(route_path('repo_group_home', repo_group_name='gr1'))
84 85 response.mustcontain("gr1/repo_in_group")
85 86
86 87 def test_index_page_on_group_with_trailing_slash(
87 88 self, autologin_user, repo_group):
88 89 response = self.app.get(route_path('repo_group_home', repo_group_name='gr1') + '/')
89 90 response.mustcontain("gr1/repo_in_group")
90 91
91 92 @pytest.fixture(scope='class')
92 93 def repo_group(self, request):
93 94 gr = fixture.create_repo_group('gr1')
94 95 fixture.create_repo(name='gr1/repo_in_group', repo_group=gr)
95 96
96 97 @request.addfinalizer
97 98 def cleanup():
98 99 RepoModel().delete('gr1/repo_in_group')
99 100 RepoGroupModel().delete(repo_group='gr1', force_delete=True)
100 101 Session().commit()
101 102
102 103 def test_index_with_name_with_tags(self, user_util, autologin_user):
103 104 user = user_util.create_user()
104 105 username = user.username
105 106 user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">'
106 user.lastname = (
107 '<img src="/image2" onload="alert(\'Hello, World!\');">')
107 user.lastname = '#"><img src=x onerror=prompt(document.cookie);>'
108
108 109 Session().add(user)
109 110 Session().commit()
110 111 user_util.create_repo(owner=username)
111 112
112 113 response = self.app.get(route_path('home'))
113 response.mustcontain(
114 '&lt;img src=&#34;/image1&#34; onload=&#34;'
115 'alert(&#39;Hello, World!&#39;);&#34;&gt;')
116 response.mustcontain(
117 '&lt;img src=&#34;/image2&#34; onload=&#34;'
118 'alert(&#39;Hello, World!&#39;);&#34;&gt;')
114 response.mustcontain(h.html_escape(h.escape(user.name)))
115 response.mustcontain(h.html_escape(h.escape(user.lastname)))
119 116
120 117 @pytest.mark.parametrize("name, state", [
121 118 ('Disabled', False),
122 119 ('Enabled', True),
123 120 ])
124 121 def test_index_show_version(self, autologin_user, name, state):
125 122 version_string = 'RhodeCode Enterprise %s' % rhodecode.__version__
126 123
127 124 sett = SettingsModel().create_or_update_setting(
128 125 'show_version', state, 'bool')
129 126 Session().add(sett)
130 127 Session().commit()
131 128 SettingsModel().invalidate_settings_cache()
132 129
133 130 response = self.app.get(route_path('home'))
134 131 if state is True:
135 132 response.mustcontain(version_string)
136 133 if state is False:
137 134 response.mustcontain(no=[version_string])
General Comments 0
You need to be logged in to leave comments. Login now