rhodecode-enterprise-ce Files · rhodecode/tests/models/schemas/test_user_schema.py

security: fixed issues with exposing repository names using global PR redirection link...

security: fixed issues with exposing repository names using global PR redirection link logic. - Since redirect was created to repository which linked to the PR, users who didn't have permissions to those repos could still see the name in the url generated.

marcink - - Load All Authors

File last commit:

r3363:f08e98b1 default


                r4044:573a1043

default

Download file

             test_user_schema.py
        
                    72 lines
            
             | 3.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / tests / models / schemas / test_user_schema.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # -*- coding: utf-8 -*-

      # Copyright (C) 2016-2019 RhodeCode GmbH

      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import colander

      import pytest

      from rhodecode.model import validation_schema

      from rhodecode.model.validation_schema.schemas import user_schema

      class TestChangePasswordSchema(object):

          original_password = 'm092d903fnio0m'

          def test_deserialize_bad_data(self, user_regular):

              schema = user_schema.ChangePasswordSchema().bind(

                  username=user_regular.username)

              with pytest.raises(validation_schema.Invalid) as exc_info:

                  schema.deserialize('err')

              err = exc_info.value.asdict()

              assert err[''] == '"err" is not a mapping type: ' \

                                'Does not implement dict-like functionality.'

          def test_validate_valid_change_password_data(self, user_util):

              user = user_util.create_user(password=self.original_password)

              schema = user_schema.ChangePasswordSchema().bind(

                  username=user.username)

              schema.deserialize({

                  'current_password': self.original_password,

                  'new_password': '23jf04rm04imr'

              })

          @pytest.mark.parametrize(

              'current_password,new_password,key,message', [

              ('', 'abcdef123', 'current_password', 'required'),

              ('wrong_pw', 'abcdef123', 'current_password', 'incorrect'),

              (original_password, original_password, 'new_password', 'different'),

              (original_password, '', 'new_password', 'Required'),

              (original_password, 'short', 'new_password', 'minimum'),

          ])

          def test_validate_invalid_change_password_data(self, current_password,

                                                         new_password, key, message,

                                                         user_util):

              user = user_util.create_user(password=self.original_password)

              schema = user_schema.ChangePasswordSchema().bind(

                  username=user.username)

              with pytest.raises(validation_schema.Invalid) as exc_info:

                  schema.deserialize({

                      'current_password': current_password,

                      'new_password': new_password

                  })

              err = exc_info.value.asdict()

              assert message.lower() in err[key].lower()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# -- coding: utf-8 --

				# Copyright (C) 2016-2019 RhodeCode GmbH
				#
				# This program is free software: you can redistribute it and/or modify
				# it under the terms of the GNU Affero General Public License, version 3
				# (only), as published by the Free Software Foundation.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU Affero General Public License
				# along with this program. If not, see <http://www.gnu.org/licenses/>.
				#
				# This program is dual-licensed. If you wish to learn more about the
				# RhodeCode Enterprise Edition, including its added features, Support services,
				# and proprietary license terms, please see https://rhodecode.com/licenses/

				import colander
				import pytest

				from rhodecode.model import validation_schema
				from rhodecode.model.validation_schema.schemas import user_schema


				class TestChangePasswordSchema(object):
				original_password = 'm092d903fnio0m'

				def test_deserialize_bad_data(self, user_regular):
				schema = user_schema.ChangePasswordSchema().bind(
				username=user_regular.username)

				with pytest.raises(validation_schema.Invalid) as exc_info:
				schema.deserialize('err')
				err = exc_info.value.asdict()
				assert err[''] == '"err" is not a mapping type: ' \
				'Does not implement dict-like functionality.'

				def test_validate_valid_change_password_data(self, user_util):
				user = user_util.create_user(password=self.original_password)
				schema = user_schema.ChangePasswordSchema().bind(
				username=user.username)

				schema.deserialize({
				'current_password': self.original_password,
				'new_password': '23jf04rm04imr'
				})

				@pytest.mark.parametrize(
				'current_password,new_password,key,message', [
				('', 'abcdef123', 'current_password', 'required'),
				('wrong_pw', 'abcdef123', 'current_password', 'incorrect'),
				(original_password, original_password, 'new_password', 'different'),
				(original_password, '', 'new_password', 'Required'),
				(original_password, 'short', 'new_password', 'minimum'),
				])
				def test_validate_invalid_change_password_data(self, current_password,
				new_password, key, message,
				user_util):
				user = user_util.create_user(password=self.original_password)
				schema = user_schema.ChangePasswordSchema().bind(
				username=user.username)

				with pytest.raises(validation_schema.Invalid) as exc_info:
				schema.deserialize({
				'current_password': current_password,
				'new_password': new_password
				})
				err = exc_info.value.asdict()
				assert message.lower() in err[key].lower()