def test_ip_restriction_git(self, webserver): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = webserver.repo_url(GIT_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute( 'git clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True) # The message apparently changed in Git 1.8.3, so match it loosely. assert re.search(r'\b403\b', stderr) finally: #release IP restrictions for ip in UserIpMap.query(): UserIpMap.delete(ip.ip_id) Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = webserver.repo_url(GIT_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute( 'git clone', clone_url, _get_tmp_dir()) assert 'Cloning into' in stdout + stderr assert stderr == '' or stdout == ''
def test_ip_restriction_hg(self, webserver): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = webserver.repo_url(HG_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute('hg clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True) assert 'abort: HTTP Error 403: Forbidden' in stderr finally: #release IP restrictions for ip in UserIpMap.query(): UserIpMap.delete(ip.ip_id) Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = webserver.repo_url(HG_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute('hg clone', clone_url, _get_tmp_dir()) assert 'requesting all changes' in stdout assert 'adding changesets' in stdout assert 'adding manifests' in stdout assert 'adding file changes' in stdout assert stderr == ''
def test_ip_restriction_hg(self, webserver): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = webserver.repo_url(HG_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute( 'hg clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True) assert 'abort: HTTP Error 403: Forbidden' in stderr finally: #release IP restrictions for ip in UserIpMap.query(): UserIpMap.delete(ip.ip_id) Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = webserver.repo_url(HG_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute( 'hg clone', clone_url, _get_tmp_dir()) assert 'requesting all changes' in stdout assert 'adding changesets' in stdout assert 'adding manifests' in stdout assert 'adding file changes' in stdout assert stderr == ''
def add_ip(self, id): """POST /user_ips:Add an existing item""" # url('user_ips', id=ID, method='put') ip = request.POST.get('new_ip') user_model = UserModel() try: user_model.add_extra_ip(id, ip) Session().commit() h.flash(_("Added ip %s to user whitelist") % ip, category='success') except formencode.Invalid, error: msg = error.error_dict['ip'] h.flash(msg, category='error')
def test_delete_ips(self, auto_clear_ip_permissions): self.log_user() default_user_id = User.get_default_user().user_id ## first add new_ip = '127.0.0.0/24' with test_context(self.app): user_model = UserModel() ip_obj = user_model.add_extra_ip(default_user_id, new_ip) Session().commit() ## double check that add worked # IP permissions are cached, need to invalidate this cache explicitly invalidate_all_caches() self.app.get(url('admin_permissions_ips'), status=302) # REMOTE_ADDR must match 127.0.0.0/24 response = self.app.get(url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '127.0.0.1'}) response.mustcontain('127.0.0.0/24') response.mustcontain('127.0.0.0 - 127.0.0.255') ## now delete response = self.app.post( url('edit_user_ips_delete', id=default_user_id), params=dict(del_ip_id=ip_obj.ip_id, _authentication_token=self.authentication_token()), extra_environ={'REMOTE_ADDR': '127.0.0.1'}) # IP permissions are cached, need to invalidate this cache explicitly invalidate_all_caches() response = self.app.get(url('admin_permissions_ips')) response.mustcontain('All IP addresses are allowed') response.mustcontain(no=['127.0.0.0/24']) response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
def test_delete_ips(self, auto_clear_ip_permissions): self.log_user() default_user_id = User.get_default_user().user_id ## first add new_ip = '127.0.0.0/24' with test_context(self.app): user_model = UserModel() ip_obj = user_model.add_extra_ip(default_user_id, new_ip) Session().commit() ## double check that add worked # IP permissions are cached, need to invalidate this cache explicitly invalidate_all_caches() self.app.get(url('admin_permissions_ips'), status=302) # REMOTE_ADDR must match 127.0.0.0/24 response = self.app.get(url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '127.0.0.1'}) response.mustcontain('127.0.0.0/24') response.mustcontain('127.0.0.0 - 127.0.0.255') ## now delete response = self.app.post(url('edit_user_ips_delete', id=default_user_id), params=dict(del_ip_id=ip_obj.ip_id, _authentication_token=self.authentication_token()), extra_environ={'REMOTE_ADDR': '127.0.0.1'}) # IP permissions are cached, need to invalidate this cache explicitly invalidate_all_caches() response = self.app.get(url('admin_permissions_ips')) response.mustcontain('All IP addresses are allowed') response.mustcontain(no=['127.0.0.0/24']) response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
def test_ip_restriction(self, webserver, vt): user_model = UserModel() try: # Add IP constraint that excludes the test context: user_model.add_extra_ip(base.TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = vt.repo_url_param(webserver, vt.repo_name) stdout, stderr = Command(base.TESTS_TMP_PATH).execute( vt.repo_type, 'clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True) if vt.repo_type == 'git': # The message apparently changed in Git 1.8.3, so match it loosely. assert re.search( r'\b403\b', stderr ) or 'abort: User test_admin from 127.0.0.127 cannot be authorized' in stderr elif vt.repo_type == 'hg': assert 'abort: HTTP Error 403: Forbidden' in stderr or 'remote: abort: User test_admin from 127.0.0.127 cannot be authorized' in stdout finally: # release IP restrictions for ip in UserIpMap.query(): UserIpMap.delete(ip.ip_id) Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = vt.repo_url_param(webserver, vt.repo_name) stdout, stderr = Command(base.TESTS_TMP_PATH).execute( vt.repo_type, 'clone', clone_url, _get_tmp_dir()) if vt.repo_type == 'git': assert 'Cloning into' in stdout + stderr assert stderr == '' or stdout == '' elif vt.repo_type == 'hg': assert 'requesting all changes' in stdout assert 'adding changesets' in stdout assert 'adding manifests' in stdout assert 'adding file changes' in stdout assert stderr == ''
def add_ip(self, id): ip = request.POST.get('new_ip') user_model = UserModel() try: user_model.add_extra_ip(id, ip) Session().commit() h.flash(_("Added IP address %s to user whitelist") % ip, category='success') except formencode.Invalid as error: msg = error.error_dict['ip'] h.flash(msg, category='error') except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred while adding IP address'), category='error') if 'default_user' in request.POST: raise HTTPFound(location=url('admin_permissions_ips')) raise HTTPFound(location=url('edit_user_ips', id=id))
def test_ip_restriction_git(self): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) msg = ("""The requested URL returned error: 403""") assert msg in stderr finally: #release IP restrictions for ip in UserIpMap.getAll(): UserIpMap.delete(ip.ip_id) Session().commit() time.sleep(2) clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) assert 'Cloning into' in stdout + stderr assert stderr == '' or stdout == ''
def test_ip_restriction_git(self): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) msg = ("""The requested URL returned error: 403""") assert msg in stderr finally: #release IP restrictions for ip in UserIpMap.getAll(): UserIpMap.delete(ip.ip_id) Session().commit() time.sleep(2) clone_url = _construct_url(GIT_REPO) stdout, stderr = Command('/tmp').execute('git clone', clone_url) assert 'Cloning into' in stdout assert stderr == ''
def test_ip_restriction_git(self, webserver): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = webserver.repo_url(GIT_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute('git clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True) # The message apparently changed in Git 1.8.3, so match it loosely. assert re.search(r'\b403\b', stderr) finally: #release IP restrictions for ip in UserIpMap.query(): UserIpMap.delete(ip.ip_id) Session().commit() # IP permissions are cached, need to wait for the cache in the server process to expire time.sleep(1.5) clone_url = webserver.repo_url(GIT_REPO) stdout, stderr = Command(TESTS_TMP_PATH).execute('git clone', clone_url, _get_tmp_dir()) assert 'Cloning into' in stdout + stderr assert stderr == '' or stdout == ''
def test_ip_restriction_hg(self): user_model = UserModel() try: user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32') Session().commit() clone_url = _construct_url(HG_REPO) stdout, stderr = Command('/tmp').execute('hg clone', clone_url) assert 'abort: HTTP Error 403: Forbidden' in stderr finally: #release IP restrictions for ip in UserIpMap.getAll(): UserIpMap.delete(ip.ip_id) Session().commit() time.sleep(2) clone_url = _construct_url(HG_REPO) stdout, stderr = Command('/tmp').execute('hg clone', clone_url) assert 'requesting all changes' in stdout assert 'adding changesets' in stdout assert 'adding manifests' in stdout assert 'adding file changes' in stdout assert stderr == ''