##// END OF EJS Templates
pull-requests: security, check for permissions on exposure of repo-refs
pull-requests: security, check for permissions on exposure of repo-refs

File last commit:

r2000:9e69eb38 default
r2251:4ded942f stable
Show More
test_home.py
142 lines | 5.3 KiB | text/x-python | PythonLexer
home: moved home and repo group views into pyramid....
r1774 # -*- coding: utf-8 -*-
# Copyright (C) 2010-2017 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import pytest
import rhodecode
security: fixed tests.
r1781 from rhodecode.model.db import Repository
home: moved home and repo group views into pyramid....
r1774 from rhodecode.model.meta import Session
from rhodecode.model.repo import RepoModel
from rhodecode.model.repo_group import RepoGroupModel
from rhodecode.model.settings import SettingsModel
from rhodecode.tests import TestController
from rhodecode.tests.fixture import Fixture
security: fixed tests.
r1781 from rhodecode.lib import helpers as h
home: moved home and repo group views into pyramid....
r1774
fixture = Fixture()
def route_path(name, **kwargs):
return {
'home': '/',
'repo_group_home': '/{repo_group_name}'
}[name].format(**kwargs)
class TestHomeController(TestController):
def test_index(self):
self.log_user()
response = self.app.get(route_path('home'))
# if global permission is set
response.mustcontain('Add Repository')
# search for objects inside the JavaScript JSON
for repo in Repository.getAll():
response.mustcontain('"name_raw": "%s"' % repo.repo_name)
def test_index_contains_statics_with_ver(self):
tests: remove usage of pylons context var in home app test.
r1893 from rhodecode.lib.base import calculate_version_hash
security: fixed tests.
r1781
home: moved home and repo group views into pyramid....
r1774 self.log_user()
response = self.app.get(route_path('home'))
core: removed usage of global pylons config in base lib.
r2000 rhodecode_version_hash = calculate_version_hash(
{'beaker.session.secret':'test-rc-uytcxaz'})
home: moved home and repo group views into pyramid....
r1774 response.mustcontain('style.css?ver={0}'.format(rhodecode_version_hash))
tests: remove usage of pylons context var in home app test.
r1893 response.mustcontain('rhodecode-components.js?ver={0}'.format(
rhodecode_version_hash))
home: moved home and repo group views into pyramid....
r1774
def test_index_contains_backend_specific_details(self, backend):
self.log_user()
response = self.app.get(route_path('home'))
tip = backend.repo.get_commit().raw_id
# html in javascript variable:
response.mustcontain(r'<i class=\"icon-%s\"' % (backend.alias, ))
response.mustcontain(r'href=\"/%s\"' % (backend.repo_name, ))
response.mustcontain("""/%s/changeset/%s""" % (backend.repo_name, tip))
response.mustcontain("""Added a symlink""")
def test_index_with_anonymous_access_disabled(self):
with fixture.anon_access(False):
response = self.app.get(route_path('home'), status=302)
assert 'login' in response.location
def test_index_page_on_groups(self, autologin_user, repo_group):
response = self.app.get(route_path('repo_group_home', repo_group_name='gr1'))
response.mustcontain("gr1/repo_in_group")
def test_index_page_on_group_with_trailing_slash(
self, autologin_user, repo_group):
response = self.app.get(route_path('repo_group_home', repo_group_name='gr1') + '/')
response.mustcontain("gr1/repo_in_group")
@pytest.fixture(scope='class')
def repo_group(self, request):
gr = fixture.create_repo_group('gr1')
fixture.create_repo(name='gr1/repo_in_group', repo_group=gr)
@request.addfinalizer
def cleanup():
RepoModel().delete('gr1/repo_in_group')
RepoGroupModel().delete(repo_group='gr1', force_delete=True)
Session().commit()
def test_index_with_name_with_tags(self, user_util, autologin_user):
user = user_util.create_user()
username = user.username
user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">'
security: fixed tests.
r1781 user.lastname = '#"><img src=x onerror=prompt(document.cookie);>'
home: moved home and repo group views into pyramid....
r1774 Session().add(user)
Session().commit()
user_util.create_repo(owner=username)
response = self.app.get(route_path('home'))
security: use new safe escaped user attributes across the application....
r1815 response.mustcontain(h.html_escape(user.first_name))
response.mustcontain(h.html_escape(user.last_name))
home: moved home and repo group views into pyramid....
r1774
@pytest.mark.parametrize("name, state", [
('Disabled', False),
('Enabled', True),
])
def test_index_show_version(self, autologin_user, name, state):
version_string = 'RhodeCode Enterprise %s' % rhodecode.__version__
sett = SettingsModel().create_or_update_setting(
'show_version', state, 'bool')
Session().add(sett)
Session().commit()
SettingsModel().invalidate_settings_cache()
response = self.app.get(route_path('home'))
if state is True:
response.mustcontain(version_string)
if state is False:
response.mustcontain(no=[version_string])
dan
my-account: migrated left over controller functions into pyramid views....
r1892
def test_logout_form_contains_csrf(self, autologin_user, csrf_token):
response = self.app.get(route_path('home'))
assert_response = response.assert_response()
element = assert_response.get_element('.logout #csrf_token')
assert element.value == csrf_token