##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
gists: fixed tests after timezone change
marcink -
r1350:fd10a3df default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,359 +1,359 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import mock
22 22 import pytest
23 23
24 24 from rhodecode.lib import helpers as h
25 25 from rhodecode.model.db import User, Gist
26 26 from rhodecode.model.gist import GistModel
27 27 from rhodecode.model.meta import Session
28 28 from rhodecode.tests import (
29 29 TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
30 30 TestController, assert_session_flash, url)
31 31 from rhodecode.tests.utils import AssertResponse
32 32
33 33
34 34 class GistUtility(object):
35 35
36 36 def __init__(self):
37 37 self._gist_ids = []
38 38
39 39 def __call__(
40 40 self, f_name, content='some gist', lifetime=-1,
41 41 description='gist-desc', gist_type='public',
42 42 acl_level=Gist.GIST_PUBLIC, owner=TEST_USER_ADMIN_LOGIN):
43 43 gist_mapping = {
44 44 f_name: {'content': content}
45 45 }
46 46 user = User.get_by_username(owner)
47 47 gist = GistModel().create(
48 48 description, owner=user, gist_mapping=gist_mapping,
49 49 gist_type=gist_type, lifetime=lifetime, gist_acl_level=acl_level)
50 50 Session().commit()
51 51 self._gist_ids.append(gist.gist_id)
52 52 return gist
53 53
54 54 def cleanup(self):
55 55 for gist_id in self._gist_ids:
56 56 gist = Gist.get(gist_id)
57 57 if gist:
58 58 Session().delete(gist)
59 59
60 60 Session().commit()
61 61
62 62
63 63 @pytest.fixture
64 64 def create_gist(request):
65 65 gist_utility = GistUtility()
66 66 request.addfinalizer(gist_utility.cleanup)
67 67 return gist_utility
68 68
69 69
70 70 class TestGistsController(TestController):
71 71
72 72 def test_index_empty(self, create_gist):
73 73 self.log_user()
74 74 response = self.app.get(url('gists'))
75 75 response.mustcontain('data: [],')
76 76
77 77 def test_index(self, create_gist):
78 78 self.log_user()
79 79 g1 = create_gist('gist1')
80 80 g2 = create_gist('gist2', lifetime=1400)
81 81 g3 = create_gist('gist3', description='gist3-desc')
82 82 g4 = create_gist('gist4', gist_type='private').gist_access_id
83 83 response = self.app.get(url('gists'))
84 84
85 85 response.mustcontain('gist: %s' % g1.gist_access_id)
86 86 response.mustcontain('gist: %s' % g2.gist_access_id)
87 87 response.mustcontain('gist: %s' % g3.gist_access_id)
88 88 response.mustcontain('gist3-desc')
89 89 response.mustcontain(no=['gist: %s' % g4])
90 90
91 91 # Expiration information should be visible
92 92 expires_tag = '%s' % h.age_component(
93 h.time_to_datetime(g2.gist_expires))
93 h.time_to_utcdatetime(g2.gist_expires))
94 94 response.mustcontain(expires_tag.replace('"', '\\"'))
95 95
96 96 def test_index_private_gists(self, create_gist):
97 97 self.log_user()
98 98 gist = create_gist('gist5', gist_type='private')
99 99 response = self.app.get(url('gists', private=1))
100 100
101 101 # and privates
102 102 response.mustcontain('gist: %s' % gist.gist_access_id)
103 103
104 104 def test_index_show_all(self, create_gist):
105 105 self.log_user()
106 106 create_gist('gist1')
107 107 create_gist('gist2', lifetime=1400)
108 108 create_gist('gist3', description='gist3-desc')
109 109 create_gist('gist4', gist_type='private')
110 110
111 111 response = self.app.get(url('gists', all=1))
112 112
113 113 assert len(GistModel.get_all()) == 4
114 114 # and privates
115 115 for gist in GistModel.get_all():
116 116 response.mustcontain('gist: %s' % gist.gist_access_id)
117 117
118 118 def test_index_show_all_hidden_from_regular(self, create_gist):
119 119 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
120 120 create_gist('gist2', gist_type='private')
121 121 create_gist('gist3', gist_type='private')
122 122 create_gist('gist4', gist_type='private')
123 123
124 124 response = self.app.get(url('gists', all=1))
125 125
126 126 assert len(GistModel.get_all()) == 3
127 127 # since we don't have access to private in this view, we
128 128 # should see nothing
129 129 for gist in GistModel.get_all():
130 130 response.mustcontain(no=['gist: %s' % gist.gist_access_id])
131 131
132 132 def test_create(self):
133 133 self.log_user()
134 134 response = self.app.post(
135 135 url('gists'),
136 136 params={'lifetime': -1,
137 137 'content': 'gist test',
138 138 'filename': 'foo',
139 139 'public': 'public',
140 140 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
141 141 'csrf_token': self.csrf_token},
142 142 status=302)
143 143 response = response.follow()
144 144 response.mustcontain('added file: foo')
145 145 response.mustcontain('gist test')
146 146
147 147 def test_create_with_path_with_dirs(self):
148 148 self.log_user()
149 149 response = self.app.post(
150 150 url('gists'),
151 151 params={'lifetime': -1,
152 152 'content': 'gist test',
153 153 'filename': '/home/foo',
154 154 'public': 'public',
155 155 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
156 156 'csrf_token': self.csrf_token},
157 157 status=200)
158 158 response.mustcontain('Filename /home/foo cannot be inside a directory')
159 159
160 160 def test_access_expired_gist(self, create_gist):
161 161 self.log_user()
162 162 gist = create_gist('never-see-me')
163 163 gist.gist_expires = 0 # 1970
164 164 Session().add(gist)
165 165 Session().commit()
166 166
167 167 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
168 168
169 169 def test_create_private(self):
170 170 self.log_user()
171 171 response = self.app.post(
172 172 url('gists'),
173 173 params={'lifetime': -1,
174 174 'content': 'private gist test',
175 175 'filename': 'private-foo',
176 176 'private': 'private',
177 177 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
178 178 'csrf_token': self.csrf_token},
179 179 status=302)
180 180 response = response.follow()
181 181 response.mustcontain('added file: private-foo<')
182 182 response.mustcontain('private gist test')
183 183 response.mustcontain('Private Gist')
184 184 # Make sure private gists are not indexed by robots
185 185 response.mustcontain(
186 186 '<meta name="robots" content="noindex, nofollow">')
187 187
188 188 def test_create_private_acl_private(self):
189 189 self.log_user()
190 190 response = self.app.post(
191 191 url('gists'),
192 192 params={'lifetime': -1,
193 193 'content': 'private gist test',
194 194 'filename': 'private-foo',
195 195 'private': 'private',
196 196 'gist_acl_level': Gist.ACL_LEVEL_PRIVATE,
197 197 'csrf_token': self.csrf_token},
198 198 status=302)
199 199 response = response.follow()
200 200 response.mustcontain('added file: private-foo<')
201 201 response.mustcontain('private gist test')
202 202 response.mustcontain('Private Gist')
203 203 # Make sure private gists are not indexed by robots
204 204 response.mustcontain(
205 205 '<meta name="robots" content="noindex, nofollow">')
206 206
207 207 def test_create_with_description(self):
208 208 self.log_user()
209 209 response = self.app.post(
210 210 url('gists'),
211 211 params={'lifetime': -1,
212 212 'content': 'gist test',
213 213 'filename': 'foo-desc',
214 214 'description': 'gist-desc',
215 215 'public': 'public',
216 216 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
217 217 'csrf_token': self.csrf_token},
218 218 status=302)
219 219 response = response.follow()
220 220 response.mustcontain('added file: foo-desc')
221 221 response.mustcontain('gist test')
222 222 response.mustcontain('gist-desc')
223 223
224 224 def test_create_public_with_anonymous_access(self):
225 225 self.log_user()
226 226 params = {
227 227 'lifetime': -1,
228 228 'content': 'gist test',
229 229 'filename': 'foo-desc',
230 230 'description': 'gist-desc',
231 231 'public': 'public',
232 232 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
233 233 'csrf_token': self.csrf_token
234 234 }
235 235 response = self.app.post(url('gists'), params=params, status=302)
236 236 self.logout_user()
237 237 response = response.follow()
238 238 response.mustcontain('added file: foo-desc')
239 239 response.mustcontain('gist test')
240 240 response.mustcontain('gist-desc')
241 241
242 242 def test_new(self):
243 243 self.log_user()
244 244 self.app.get(url('new_gist'))
245 245
246 246 def test_delete(self, create_gist):
247 247 self.log_user()
248 248 gist = create_gist('delete-me')
249 249 response = self.app.post(
250 250 url('gist', gist_id=gist.gist_id),
251 251 params={'_method': 'delete', 'csrf_token': self.csrf_token})
252 252 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
253 253
254 254 def test_delete_normal_user_his_gist(self, create_gist):
255 255 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
256 256 gist = create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
257 257 response = self.app.post(
258 258 url('gist', gist_id=gist.gist_id),
259 259 params={'_method': 'delete', 'csrf_token': self.csrf_token})
260 260 assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
261 261
262 262 def test_delete_normal_user_not_his_own_gist(self, create_gist):
263 263 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
264 264 gist = create_gist('delete-me')
265 265 self.app.post(
266 266 url('gist', gist_id=gist.gist_id),
267 267 params={'_method': 'delete', 'csrf_token': self.csrf_token},
268 268 status=403)
269 269
270 270 def test_show(self, create_gist):
271 271 gist = create_gist('gist-show-me')
272 272 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
273 273
274 274 response.mustcontain('added file: gist-show-me<')
275 275
276 276 assert_response = AssertResponse(response)
277 277 assert_response.element_equals_to(
278 278 'div.rc-user span.user',
279 279 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
280 280
281 281 response.mustcontain('gist-desc')
282 282
283 283 def test_show_without_hg(self, create_gist):
284 284 with mock.patch(
285 285 'rhodecode.lib.vcs.settings.ALIASES', ['git']):
286 286 gist = create_gist('gist-show-me-again')
287 287 self.app.get(url('gist', gist_id=gist.gist_access_id), status=200)
288 288
289 289 def test_show_acl_private(self, create_gist):
290 290 gist = create_gist('gist-show-me-only-when-im-logged-in',
291 291 acl_level=Gist.ACL_LEVEL_PRIVATE)
292 292 self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
293 293
294 294 # now we log-in we should see thi gist
295 295 self.log_user()
296 296 response = self.app.get(url('gist', gist_id=gist.gist_access_id))
297 297 response.mustcontain('added file: gist-show-me-only-when-im-logged-in')
298 298
299 299 assert_response = AssertResponse(response)
300 300 assert_response.element_equals_to(
301 301 'div.rc-user span.user',
302 302 '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
303 303 response.mustcontain('gist-desc')
304 304
305 305 def test_show_as_raw(self, create_gist):
306 306 gist = create_gist('gist-show-me', content='GIST CONTENT')
307 307 response = self.app.get(url('formatted_gist',
308 308 gist_id=gist.gist_access_id, format='raw'))
309 309 assert response.body == 'GIST CONTENT'
310 310
311 311 def test_show_as_raw_individual_file(self, create_gist):
312 312 gist = create_gist('gist-show-me-raw', content='GIST BODY')
313 313 response = self.app.get(url('formatted_gist_file',
314 314 gist_id=gist.gist_access_id, format='raw',
315 315 revision='tip', f_path='gist-show-me-raw'))
316 316 assert response.body == 'GIST BODY'
317 317
318 318 def test_edit_page(self, create_gist):
319 319 self.log_user()
320 320 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
321 321 response = self.app.get(url('edit_gist', gist_id=gist.gist_access_id))
322 322 response.mustcontain('GIST EDIT BODY')
323 323
324 324 def test_edit_page_non_logged_user(self, create_gist):
325 325 gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
326 326 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=302)
327 327
328 328 def test_edit_normal_user_his_gist(self, create_gist):
329 329 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
330 330 gist = create_gist('gist-for-edit', owner=TEST_USER_REGULAR_LOGIN)
331 331 self.app.get(url('edit_gist', gist_id=gist.gist_access_id, status=200))
332 332
333 333 def test_edit_normal_user_not_his_own_gist(self, create_gist):
334 334 self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
335 335 gist = create_gist('delete-me')
336 336 self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=403)
337 337
338 338 def test_user_first_name_is_escaped(self, user_util, create_gist):
339 339 xss_atack_string = '"><script>alert(\'First Name\')</script>'
340 340 xss_escaped_string = (
341 341 '&#34;&gt;&lt;script&gt;alert(&#39;First Name&#39;)&lt;/script'
342 342 '&gt;')
343 343 password = 'test'
344 344 user = user_util.create_user(
345 345 firstname=xss_atack_string, password=password)
346 346 create_gist('gist', gist_type='public', owner=user.username)
347 347 response = self.app.get(url('gists'))
348 348 response.mustcontain(xss_escaped_string)
349 349
350 350 def test_user_last_name_is_escaped(self, user_util, create_gist):
351 351 xss_atack_string = '"><script>alert(\'Last Name\')</script>'
352 352 xss_escaped_string = (
353 353 '&#34;&gt;&lt;script&gt;alert(&#39;Last Name&#39;)&lt;/script&gt;')
354 354 password = 'test'
355 355 user = user_util.create_user(
356 356 lastname=xss_atack_string, password=password)
357 357 create_gist('gist', gist_type='public', owner=user.username)
358 358 response = self.app.get(url('gists'))
359 359 response.mustcontain(xss_escaped_string)
General Comments 0
You need to be logged in to leave comments. Login now