class TestDetector(unittest.TestCase): """ Class tests the subscribers. You can see them in *.zcml. """ layer = COLLECTIVE_ERROR_DETECTOR_FUNCTIONAL def setUp(self): self.portal_url = self.layer['portal'].absolute_url() self.browser = Browser(self.layer['app']) self.logger = Process(target=logger) self.logger.start() Sender.conn = setupClient() def tearDown(self): self.logger.terminate() Sender.conn.close() def test_successfulRequests(self): """ Method sends successfull requests and checks logs """ self.browser.open(self.portal_url) request = readline() self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS))) def test_failedRequests(self): """ Method sends the failed requests and checks logs """ try: self.browser.open(self.portal_url + '/Hi') except HTTPError: #XXX: wait for logger time.sleep(TIMEOUT) request = readline() self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS))) self.assertTrue("'status': '404'" in request) def test_formFilter(self): """ Method sends the request (post) and checks logs """ # try to post data self.browser.post(self.portal_url, 'x=1&y=2') # check storage request = readline() self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS))) self.assertTrue("{'y': '2', 'x': '1'}" in request) def test_isRequestSuitable(self): """ Method sends unsuitable requests """ # don't log this request url = '/portal_css/Sunburst Theme/member.css' self.browser.open(self.portal_url + url) self.assertEqual(readline(), '') # don't log this one too url = '/portal_css/Sunburst Theme/plone.kss' self.browser.open(self.portal_url + url) self.assertEqual(readline(), '')
def test_view_browser(self): browser = Browser(self.layer['app']) browser.handleErrors = False browser.addHeader( 'Authorization', 'Basic %s:%s' % ( TEST_USER_NAME, TEST_USER_PASSWORD, )) browser.open(self.portal.absolute_url() + '/statusmap') self.assertIn('<a href="http://nohost/plone/folder1/document3"', browser.contents) self.assertIn('<a href="http://nohost/plone/document2"', browser.contents) self.assertIn('<a href="http://nohost/plone/folder1"', browser.contents) self.assertIn( '<label class="transitionLabel" for="publish">' 'Publish (Private => Published)</label>', browser.contents) self.assertIn( '<label class="transitionLabel" for="submit">' 'Submit for publication (Private => Pending review)</label>', browser.contents) browser.post('statusmap', data="form.submitted=1&uids:list=445i85-556986-55969") self.assertIn('Please select a Transition', browser.contents) browser.post('statusmap', data="form.submitted=1&transition=publish") self.assertIn('Please select at least one Item', browser.contents) browser.post('statusmap', data="form.submitted=1") self.assertIn('Please select at least one Item', browser.contents) self.assertIn('Please select a Transition', browser.contents) data = "form.submitted=1&uids:list=%s&transition=publish" % ( self.doc2.UID()) browser.post('statusmap', data=data) self.assertIn('Transition executed successfully.', browser.contents) browser.open(self.portal.absolute_url() + '/statusmap') browser.getControl(name='abort').click() self.assertEqual(browser.url.strip('/'), self.portal.absolute_url())
def test_view_browser(self): browser = Browser(self.layer['app']) browser.handleErrors = False browser.addHeader('Authorization', 'Basic %s:%s' % ( TEST_USER_NAME, TEST_USER_PASSWORD,)) browser.open(self.portal.absolute_url() + '/statusmap') self.assertIn('<a href="http://nohost/plone/folder1/document3"', browser.contents) self.assertIn('<a href="http://nohost/plone/document2"', browser.contents) self.assertIn('<a href="http://nohost/plone/folder1"', browser.contents) self.assertIn( '<label class="transitionLabel" for="publish">' 'Publish (Private => Published)</label>', browser.contents) self.assertIn( '<label class="transitionLabel" for="submit">' 'Submit for publication (Private => Pending review)</label>', browser.contents) browser.post( 'statusmap', data="form.submitted=1&uids:list=445i85-556986-55969") self.assertIn('Please select a Transition', browser.contents) browser.post('statusmap', data="form.submitted=1&transition=publish") self.assertIn('Please select at least one Item', browser.contents) browser.post('statusmap', data="form.submitted=1") self.assertIn('Please select at least one Item', browser.contents) self.assertIn('Please select a Transition', browser.contents) data = "form.submitted=1&uids:list=%s&transition=publish" % ( self.doc2.UID()) browser.post('statusmap', data=data) self.assertIn('Transition executed successfully.', browser.contents) browser.open(self.portal.absolute_url() + '/statusmap') browser.getControl(name='abort').click() self.assertEqual(browser.url.strip('/'), self.portal.absolute_url())
class TestControlPanel(unittest.TestCase): layer = THEMING_FUNCTIONAL_TESTING def setUp(self): portal = self.layer['portal'] setRoles(portal, TEST_USER_ID, ['Manager']) import transaction transaction.commit() self.portal = portal self.browser = Browser(self.layer['app']) handleErrors = self.browser.handleErrors try: self.browser.handleErrors = False self.browser.open(portal.absolute_url() + '/login_form') self.browser.getControl(name='__ac_name').value = TEST_USER_NAME self.browser.getControl( name='__ac_password' ).value = TEST_USER_PASSWORD self.browser.getControl('Log in').click() finally: self.browser.handleErrors = handleErrors def goto_controlpanel(self): self.browser.open( self.portal.absolute_url() + '/@@theming-controlpanel' ) def test_create_theme(self): pass # self.goto_controlpanel() # self.browser.getControl(name='title').value = 'Foobar' # self.browser.getControl(name='description').value = 'foobar desc' # self.browser.getControl(name='baseOn').value = ['template'] # self.browser.getControl( # name='enableImmediately:boolean:default').value = '' # self.browser.getControl(name='form.button.CreateTheme').click() # self.assertTrue('foobar' in [t.__name__ for t in getZODBThemes()]) # self.assertTrue(getTheme('foobar') is not None) def test_upload_theme_file_nodata(self): self.browser.addHeader('Accept', 'application/json') self.browser.post( self.portal.absolute_url() + '/portal_resources/themeFileUpload', '', ) self.assertIn('Status: 200', str(self.browser.headers)) self.assertIn( '{"failure": "error"}', str(self.browser.contents) ) def test_upload_theme_file_withdata(self): self.browser.addHeader('Accept', 'application/json') self.browser.post( self.portal.absolute_url() + '/portal_resources/themeFileUpload', """ ---blah--- Content-Disposition: form-data; name="file"; filename="Screen Shot 2018-02-16 at 3.08.15 pm.png" Content-Type: image/png ---blah--- """, # Bug in testbrowser prevents this working # content_type='multipart/form-data; boundary=---blah---' ) self.assertIn('Status: 200', str(self.browser.headers)) self.assertIn( '{"failure": "error"}', # TODO: Should be {'success':'create'} str(self.browser.contents) )
class TestRedirectToFunctional(unittest.TestCase): layer = CMFFORMCONTROLLER_FUNCTIONAL_TESTING def setUp(self): self.portal = self.layer['portal'] self.portal_url = self.portal.absolute_url() self.request = self.layer['request'] setRoles(self.portal, TEST_USER_ID, ['Manager']) self.portal.portal_workflow.setChainForPortalTypes( ('Document',), ('simple_publication_workflow',)) # Create two pages. self.portal.invokeFactory( id='page', title='Page 1', type_name='Document' ) self.portal.invokeFactory( id='front-page', title='Frontpage', type_name='Document' ) self.page = self.portal.page transaction.commit() self.browser = Browser(self.layer['app']) self.browser.handleErrors = False self.browser.addHeader( 'Authorization', 'Basic {0}:{1}'.format( TEST_USER_NAME, TEST_USER_PASSWORD)) def tearDown(self): # still have to delete the created pages manually # because of test isolation problems del self.portal['page'] del self.portal['front-page'] transaction.commit() super(TestRedirectToFunctional, self).tearDown() def test_regression(self): csrf_token = createToken() target = 'front-page' path = '/'.join(self.page.getPhysicalPath()) data = 'workflow_action=publish&paths=%s&orig_template=%s&_authenticator=%s' # noqa: E501 data = data % (path, target, csrf_token) self.browser.post(self.portal_url + '/folder_publish', data) # redirect to frontpage http://attacker.com self.assertEqual( self.browser.url, self.portal.absolute_url() + '/front-page') def test_attacker_redirect(self): csrf_token = createToken() target = 'http://attacker.com' path = '/'.join(self.page.getPhysicalPath()) data = 'workflow_action=publish&paths=%s&orig_template=%s&_authenticator=%s' # noqa: E501 data = data % (path, target, csrf_token) self.browser.post(self.portal_url + '/folder_publish', data) # no redirect to http://attacker.com, instead to the portal self.assertEqual(self.browser.url, self.portal.absolute_url()) # The same without the testbrowser self.assertIsNone(self.request.response.headers.get('location')) self.request.REQUEST_METHOD = 'POST' self.request.form['workflow_action'] = 'publish' self.request.form['paths'] = path self.request.form['orig_template'] = target self.request.form['_authenticator'] = csrf_token view = self.portal.restrictedTraverse('folder_publish') view() # no redirect to http://attacker.com, instead to the portal self.assertEqual( self.request.response.headers.get('location'), self.portal.absolute_url())
class TestControlPanel(unittest.TestCase): layer = THEMING_FUNCTIONAL_TESTING def setUp(self): portal = self.layer['portal'] setRoles(portal, TEST_USER_ID, ['Manager']) import transaction transaction.commit() self.portal = portal self.browser = Browser(self.layer['app']) handleErrors = self.browser.handleErrors try: self.browser.handleErrors = False self.browser.open(portal.absolute_url() + '/login_form') self.browser.getControl(name='__ac_name').value = TEST_USER_NAME self.browser.getControl( name='__ac_password' ).value = TEST_USER_PASSWORD self.browser.getControl('Log in').click() finally: self.browser.handleErrors = handleErrors def goto_controlpanel(self): self.browser.open( self.portal.absolute_url() + '/@@theming-controlpanel' ) def test_save_advanced(self): # Simply saving the advanced panel without changes could already give a WrongType error. # See for example https://github.com/plone/plone.app.theming/issues/179 # but there are more. self.browser.handleErrors = False self.goto_controlpanel() button = self.browser.getControl(name="form.button.AdvancedSave") button.click() def test_create_theme(self): pass # self.goto_controlpanel() # self.browser.getControl(name='title').value = 'Foobar' # self.browser.getControl(name='description').value = 'foobar desc' # self.browser.getControl(name='baseOn').value = ['template'] # self.browser.getControl( # name='enableImmediately:boolean:default').value = '' # self.browser.getControl(name='form.button.CreateTheme').click() # self.assertTrue('foobar' in [t.__name__ for t in getZODBThemes()]) # self.assertTrue(getTheme('foobar') is not None) def test_upload_theme_file_nodata(self): self.browser.addHeader('Accept', 'application/json') self.browser.post( self.portal.absolute_url() + '/portal_resources/themeFileUpload', '', ) self.assertIn('Status: 200', str(self.browser.headers)) self.assertIn( '{"failure": "error"}', str(self.browser.contents) ) def test_upload_theme_file_withdata(self): self.browser.addHeader('Accept', 'application/json') self.browser.post( self.portal.absolute_url() + '/portal_resources/themeFileUpload', """ ---blah--- Content-Disposition: form-data; name="file"; filename="Screen Shot 2018-02-16 at 3.08.15 pm.png" Content-Type: image/png ---blah--- """, # Bug in testbrowser prevents this working # content_type='multipart/form-data; boundary=---blah---' ) self.assertIn('Status: 200', str(self.browser.headers)) self.assertIn( '{"failure": "error"}', # TODO: Should be {'success':'create'} str(self.browser.contents) )
class TestCase(unittest.TestCase): layer = RAPIDO_PLONE_FUNCTIONAL_TESTING def setUp(self): # Enable debug mode always to ensure cache is disabled by default Globals.DevelopmentMode = True self.settings = getUtility(IRegistry).forInterface(IThemeSettings) self.settings.enabled = True theme = getTheme('rapido.extensions.tests') applyTheme(theme) import transaction transaction.commit() self.portal = self.layer['portal'] setRoles(self.portal, TEST_USER_ID, ['Manager']) self.browser = Browser(self.layer['app']) self.browser.handleErrors = False self.browser.raiseHttpErrors = False self.browser.addHeader('Accept', 'application/json') def tearDown(self): Globals.DevelopmentMode = False def test_refresh_no_token(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( SITE_OWNER_NAME, SITE_OWNER_PASSWORD, )) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '500 Internal Server Error') self.assertEquals(self.browser.contents, '{"error": "Form authenticator is invalid."}') def test_refresh_not_manager(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( TEST_USER_ID, TEST_USER_PASSWORD, )) self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '401 Unauthorized') def test_refresh(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( SITE_OWNER_NAME, SITE_OWNER_PASSWORD, )) self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '200 Ok') self.assertEquals(self.browser.contents, '{"success": "refresh", "indexes": ["id"]}') def test_403(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( SITE_OWNER_NAME, SITE_OWNER_PASSWORD, )) self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/wrong', '') self.assertEquals(self.browser.headers["status"], '403 Forbidden') def test_404(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( SITE_OWNER_NAME, SITE_OWNER_PASSWORD, )) self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/record/unknown', '') self.assertEquals(self.browser.headers["status"], '404 Not Found') def test_401(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % ( TEST_USER_ID, TEST_USER_PASSWORD, )) self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '401 Unauthorized')
class TestCase(unittest.TestCase): layer = RAPIDO_PLONE_FUNCTIONAL_TESTING def setUp(self): # Enable debug mode always to ensure cache is disabled by default Globals.DevelopmentMode = True self.settings = getUtility(IRegistry).forInterface(IThemeSettings) self.settings.enabled = True theme = getTheme('rapido.plone.tests') applyTheme(theme) import transaction transaction.commit() self.portal = self.layer['portal'] setRoles(self.portal, TEST_USER_ID, ['Manager']) self.browser = Browser(self.layer['app']) self.browser.handleErrors = False self.browser.raiseHttpErrors = False self.browser.addHeader('Accept', 'application/json') def tearDown(self): Globals.DevelopmentMode = False def test_refresh_no_token(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,) ) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '500 Internal Server Error') self.assertEquals(self.browser.contents, '{"error": "Form authenticator is invalid."}') def test_refresh_not_manager(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (TEST_USER_ID, TEST_USER_PASSWORD,) ) self.browser.open( self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '401 Unauthorized') def test_refresh(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,) ) self.browser.open( self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '200 Ok') self.assertEquals(self.browser.contents, '{"success": "refresh", "indexes": ["id"]}') def test_403(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,) ) self.browser.open( self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/wrong', '') self.assertEquals(self.browser.headers["status"], '403 Forbidden') def test_404(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,) ) self.browser.open( self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/record/unknown', '') self.assertEquals(self.browser.headers["status"], '404 Not Found') def test_401(self): self.browser.addHeader( 'Authorization', 'Basic %s:%s' % (TEST_USER_ID, TEST_USER_PASSWORD,) ) self.browser.open( self.portal.absolute_url() + '/@@rapido/testapp') self.assertTrue('x-csrf-token' in self.browser.headers) token = self.browser.headers['x-csrf-token'] self.browser.addHeader('x-csrf-token', token) self.browser.post( self.portal.absolute_url() + '/@@rapido/testapp/refresh', '') self.assertEquals(self.browser.headers["status"], '401 Unauthorized')