##// END OF EJS Templates
security: limit the maximum password lenght to 72 characters to prevent possible...
security: limit the maximum password lenght to 72 characters to prevent possible server side resource consumption attack. - bcrypt heavy computation can lead to DOS using a very long password .eg 10**8 lenght. - we allowed this on registration or on password update

File last commit:

r2014:b776c5e0 default
r2192:a51e727d stable
Show More
test_vcs_settings.py
117 lines | 4.3 KiB | text/x-python | PythonLexer
# -*- coding: utf-8 -*-
# Copyright (C) 2010-2017 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import mock
import pytest
import rhodecode
from rhodecode.model.settings import SettingsModel
from rhodecode.tests import url
from rhodecode.tests.utils import AssertResponse
def route_path(name, params=None, **kwargs):
import urllib
base_url = {
'edit_repo': '/{repo_name}/settings',
}[name].format(**kwargs)
if params:
base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
return base_url
@pytest.mark.usefixtures('autologin_user', 'app')
class TestAdminRepoVcsSettings(object):
@pytest.mark.parametrize('setting_name, setting_backends', [
('hg_use_rebase_for_merging', ['hg']),
])
def test_labs_settings_visible_if_enabled(
self, setting_name, setting_backends, backend):
if backend.alias not in setting_backends:
pytest.skip('Setting not available for backend {}'.format(backend))
vcs_settings_url = url(
'repo_vcs_settings', repo_name=backend.repo.repo_name)
with mock.patch.dict(
rhodecode.CONFIG, {'labs_settings_active': 'true'}):
response = self.app.get(vcs_settings_url)
assertr = AssertResponse(response)
assertr.one_element_exists('#rhodecode_{}'.format(setting_name))
@pytest.mark.parametrize('setting_name, setting_backends', [
('hg_use_rebase_for_merging', ['hg']),
])
def test_labs_settings_not_visible_if_disabled(
self, setting_name, setting_backends, backend):
if backend.alias not in setting_backends:
pytest.skip('Setting not available for backend {}'.format(backend))
vcs_settings_url = url(
'repo_vcs_settings', repo_name=backend.repo.repo_name)
with mock.patch.dict(
rhodecode.CONFIG, {'labs_settings_active': 'false'}):
response = self.app.get(vcs_settings_url)
assertr = AssertResponse(response)
assertr.no_element_exists('#rhodecode_{}'.format(setting_name))
@pytest.mark.parametrize('setting_name, setting_backends', [
('hg_use_rebase_for_merging', ['hg']),
])
def test_update_boolean_settings(
self, csrf_token, setting_name, setting_backends, backend):
if backend.alias not in setting_backends:
pytest.skip('Setting not available for backend {}'.format(backend))
repo = backend.create_repo()
settings_model = SettingsModel(repo=repo)
vcs_settings_url = url(
'repo_vcs_settings', repo_name=repo.repo_name)
self.app.post(
vcs_settings_url,
params={
'inherit_global_settings': False,
'new_svn_branch': 'dummy-value-for-testing',
'new_svn_tag': 'dummy-value-for-testing',
'rhodecode_{}'.format(setting_name): 'true',
'csrf_token': csrf_token,
})
setting = settings_model.get_setting_by_name(setting_name)
assert setting.app_settings_value
self.app.post(
vcs_settings_url,
params={
'inherit_global_settings': False,
'new_svn_branch': 'dummy-value-for-testing',
'new_svn_tag': 'dummy-value-for-testing',
'rhodecode_{}'.format(setting_name): 'false',
'csrf_token': csrf_token,
})
setting = settings_model.get_setting_by_name(setting_name)
assert not setting.app_settings_value