class TestDetector(unittest.TestCase):
""" Class tests the subscribers. You can see them in *.zcml. """
layer = COLLECTIVE_ERROR_DETECTOR_FUNCTIONAL
def setUp(self):
self.portal_url = self.layer['portal'].absolute_url()
self.browser = Browser(self.layer['app'])
self.logger = Process(target=logger)
self.logger.start()
Sender.conn = setupClient()
def tearDown(self):
self.logger.terminate()
Sender.conn.close()
def test_successfulRequests(self):
""" Method sends successfull requests and checks logs """
self.browser.open(self.portal_url)
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
def test_failedRequests(self):
""" Method sends the failed requests and checks logs """
try:
self.browser.open(self.portal_url + '/Hi')
except HTTPError:
#XXX: wait for logger
time.sleep(TIMEOUT)
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
self.assertTrue("'status': '404'" in request)
def test_formFilter(self):
""" Method sends the request (post) and checks logs """
# try to post data
self.browser.post(self.portal_url, 'x=1&y=2')
# check storage
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
self.assertTrue("{'y': '2', 'x': '1'}" in request)
def test_isRequestSuitable(self):
""" Method sends unsuitable requests """
# don't log this request
url = '/portal_css/Sunburst Theme/member.css'
self.browser.open(self.portal_url + url)
self.assertEqual(readline(), '')
# don't log this one too
url = '/portal_css/Sunburst Theme/plone.kss'
self.browser.open(self.portal_url + url)
self.assertEqual(readline(), '')
class TestDetector(unittest.TestCase):
""" Class tests the subscribers. You can see them in *.zcml. """
layer = COLLECTIVE_ERROR_DETECTOR_FUNCTIONAL
def setUp(self):
self.portal_url = self.layer['portal'].absolute_url()
self.browser = Browser(self.layer['app'])
self.logger = Process(target=logger)
self.logger.start()
Sender.conn = setupClient()
def tearDown(self):
self.logger.terminate()
Sender.conn.close()
def test_successfulRequests(self):
""" Method sends successfull requests and checks logs """
self.browser.open(self.portal_url)
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
def test_failedRequests(self):
""" Method sends the failed requests and checks logs """
try:
self.browser.open(self.portal_url + '/Hi')
except HTTPError:
#XXX: wait for logger
time.sleep(TIMEOUT)
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
self.assertTrue("'status': '404'" in request)
def test_formFilter(self):
""" Method sends the request (post) and checks logs """
# try to post data
self.browser.post(self.portal_url, 'x=1&y=2')
# check storage
request = readline()
self.assertTrue(all(imap(lambda x: x in request, REQUEST_FIELDS)))
self.assertTrue("{'y': '2', 'x': '1'}" in request)
def test_isRequestSuitable(self):
""" Method sends unsuitable requests """
# don't log this request
url = '/portal_css/Sunburst Theme/member.css'
self.browser.open(self.portal_url + url)
self.assertEqual(readline(), '')
# don't log this one too
url = '/portal_css/Sunburst Theme/plone.kss'
self.browser.open(self.portal_url + url)
self.assertEqual(readline(), '')
def test_view_browser(self):
browser = Browser(self.layer['app'])
browser.handleErrors = False
browser.addHeader(
'Authorization', 'Basic %s:%s' % (
TEST_USER_NAME,
TEST_USER_PASSWORD,
))
browser.open(self.portal.absolute_url() + '/statusmap')
self.assertIn('<a href="http://nohost/plone/folder1/document3"',
browser.contents)
self.assertIn('<a href="http://nohost/plone/document2"',
browser.contents)
self.assertIn('<a href="http://nohost/plone/folder1"',
browser.contents)
self.assertIn(
'<label class="transitionLabel" for="publish">'
'Publish (Private => Published)</label>', browser.contents)
self.assertIn(
'<label class="transitionLabel" for="submit">'
'Submit for publication (Private => Pending review)</label>',
browser.contents)
browser.post('statusmap',
data="form.submitted=1&uids:list=445i85-556986-55969")
self.assertIn('Please select a Transition', browser.contents)
browser.post('statusmap', data="form.submitted=1&transition=publish")
self.assertIn('Please select at least one Item', browser.contents)
browser.post('statusmap', data="form.submitted=1")
self.assertIn('Please select at least one Item', browser.contents)
self.assertIn('Please select a Transition', browser.contents)
data = "form.submitted=1&uids:list=%s&transition=publish" % (
self.doc2.UID())
browser.post('statusmap', data=data)
self.assertIn('Transition executed successfully.', browser.contents)
browser.open(self.portal.absolute_url() + '/statusmap')
browser.getControl(name='abort').click()
self.assertEqual(browser.url.strip('/'), self.portal.absolute_url())
def test_view_browser(self):
browser = Browser(self.layer['app'])
browser.handleErrors = False
browser.addHeader('Authorization', 'Basic %s:%s' % (
TEST_USER_NAME, TEST_USER_PASSWORD,))
browser.open(self.portal.absolute_url() + '/statusmap')
self.assertIn('<a href="http://nohost/plone/folder1/document3"',
browser.contents)
self.assertIn('<a href="http://nohost/plone/document2"',
browser.contents)
self.assertIn('<a href="http://nohost/plone/folder1"',
browser.contents)
self.assertIn(
'<label class="transitionLabel" for="publish">'
'Publish (Private => Published)</label>',
browser.contents)
self.assertIn(
'<label class="transitionLabel" for="submit">'
'Submit for publication (Private => Pending review)</label>',
browser.contents)
browser.post(
'statusmap', data="form.submitted=1&uids:list=445i85-556986-55969")
self.assertIn('Please select a Transition', browser.contents)
browser.post('statusmap', data="form.submitted=1&transition=publish")
self.assertIn('Please select at least one Item', browser.contents)
browser.post('statusmap', data="form.submitted=1")
self.assertIn('Please select at least one Item', browser.contents)
self.assertIn('Please select a Transition', browser.contents)
data = "form.submitted=1&uids:list=%s&transition=publish" % (
self.doc2.UID())
browser.post('statusmap', data=data)
self.assertIn('Transition executed successfully.', browser.contents)
browser.open(self.portal.absolute_url() + '/statusmap')
browser.getControl(name='abort').click()
self.assertEqual(browser.url.strip('/'), self.portal.absolute_url())
class TestControlPanel(unittest.TestCase):
layer = THEMING_FUNCTIONAL_TESTING
def setUp(self):
portal = self.layer['portal']
setRoles(portal, TEST_USER_ID, ['Manager'])
import transaction
transaction.commit()
self.portal = portal
self.browser = Browser(self.layer['app'])
handleErrors = self.browser.handleErrors
try:
self.browser.handleErrors = False
self.browser.open(portal.absolute_url() + '/login_form')
self.browser.getControl(name='__ac_name').value = TEST_USER_NAME
self.browser.getControl(
name='__ac_password'
).value = TEST_USER_PASSWORD
self.browser.getControl('Log in').click()
finally:
self.browser.handleErrors = handleErrors
def goto_controlpanel(self):
self.browser.open(
self.portal.absolute_url() + '/@@theming-controlpanel'
)
def test_create_theme(self):
pass
# self.goto_controlpanel()
# self.browser.getControl(name='title').value = 'Foobar'
# self.browser.getControl(name='description').value = 'foobar desc'
# self.browser.getControl(name='baseOn').value = ['template']
# self.browser.getControl(
# name='enableImmediately:boolean:default').value = ''
# self.browser.getControl(name='form.button.CreateTheme').click()
# self.assertTrue('foobar' in [t.__name__ for t in getZODBThemes()])
# self.assertTrue(getTheme('foobar') is not None)
def test_upload_theme_file_nodata(self):
self.browser.addHeader('Accept', 'application/json')
self.browser.post(
self.portal.absolute_url() + '/portal_resources/themeFileUpload',
'',
)
self.assertIn('Status: 200', str(self.browser.headers))
self.assertIn(
'{"failure": "error"}',
str(self.browser.contents)
)
def test_upload_theme_file_withdata(self):
self.browser.addHeader('Accept', 'application/json')
self.browser.post(
self.portal.absolute_url() + '/portal_resources/themeFileUpload',
"""
---blah---
Content-Disposition: form-data; name="file"; filename="Screen Shot 2018-02-16 at 3.08.15 pm.png"
Content-Type: image/png
---blah---
""",
# Bug in testbrowser prevents this working
# content_type='multipart/form-data; boundary=---blah---'
)
self.assertIn('Status: 200', str(self.browser.headers))
self.assertIn(
'{"failure": "error"}', # TODO: Should be {'success':'create'}
str(self.browser.contents)
)
class TestRedirectToFunctional(unittest.TestCase):
layer = CMFFORMCONTROLLER_FUNCTIONAL_TESTING
def setUp(self):
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.request = self.layer['request']
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.portal.portal_workflow.setChainForPortalTypes(
('Document',),
('simple_publication_workflow',))
# Create two pages.
self.portal.invokeFactory(
id='page',
title='Page 1',
type_name='Document'
)
self.portal.invokeFactory(
id='front-page',
title='Frontpage',
type_name='Document'
)
self.page = self.portal.page
transaction.commit()
self.browser = Browser(self.layer['app'])
self.browser.handleErrors = False
self.browser.addHeader(
'Authorization', 'Basic {0}:{1}'.format(
TEST_USER_NAME, TEST_USER_PASSWORD))
def tearDown(self):
# still have to delete the created pages manually
# because of test isolation problems
del self.portal['page']
del self.portal['front-page']
transaction.commit()
super(TestRedirectToFunctional, self).tearDown()
def test_regression(self):
csrf_token = createToken()
target = 'front-page'
path = '/'.join(self.page.getPhysicalPath())
data = 'workflow_action=publish&paths=%s&orig_template=%s&_authenticator=%s' # noqa: E501
data = data % (path, target, csrf_token)
self.browser.post(self.portal_url + '/folder_publish', data)
# redirect to frontpage http://attacker.com
self.assertEqual(
self.browser.url, self.portal.absolute_url() + '/front-page')
def test_attacker_redirect(self):
csrf_token = createToken()
target = 'http://attacker.com'
path = '/'.join(self.page.getPhysicalPath())
data = 'workflow_action=publish&paths=%s&orig_template=%s&_authenticator=%s' # noqa: E501
data = data % (path, target, csrf_token)
self.browser.post(self.portal_url + '/folder_publish', data)
# no redirect to http://attacker.com, instead to the portal
self.assertEqual(self.browser.url, self.portal.absolute_url())
# The same without the testbrowser
self.assertIsNone(self.request.response.headers.get('location'))
self.request.REQUEST_METHOD = 'POST'
self.request.form['workflow_action'] = 'publish'
self.request.form['paths'] = path
self.request.form['orig_template'] = target
self.request.form['_authenticator'] = csrf_token
view = self.portal.restrictedTraverse('folder_publish')
view()
# no redirect to http://attacker.com, instead to the portal
self.assertEqual(
self.request.response.headers.get('location'),
self.portal.absolute_url())
class TestControlPanel(unittest.TestCase):
layer = THEMING_FUNCTIONAL_TESTING
def setUp(self):
portal = self.layer['portal']
setRoles(portal, TEST_USER_ID, ['Manager'])
import transaction
transaction.commit()
self.portal = portal
self.browser = Browser(self.layer['app'])
handleErrors = self.browser.handleErrors
try:
self.browser.handleErrors = False
self.browser.open(portal.absolute_url() + '/login_form')
self.browser.getControl(name='__ac_name').value = TEST_USER_NAME
self.browser.getControl(
name='__ac_password'
).value = TEST_USER_PASSWORD
self.browser.getControl('Log in').click()
finally:
self.browser.handleErrors = handleErrors
def goto_controlpanel(self):
self.browser.open(
self.portal.absolute_url() + '/@@theming-controlpanel'
)
def test_save_advanced(self):
# Simply saving the advanced panel without changes could already give a WrongType error.
# See for example https://github.com/plone/plone.app.theming/issues/179
# but there are more.
self.browser.handleErrors = False
self.goto_controlpanel()
button = self.browser.getControl(name="form.button.AdvancedSave")
button.click()
def test_create_theme(self):
pass
# self.goto_controlpanel()
# self.browser.getControl(name='title').value = 'Foobar'
# self.browser.getControl(name='description').value = 'foobar desc'
# self.browser.getControl(name='baseOn').value = ['template']
# self.browser.getControl(
# name='enableImmediately:boolean:default').value = ''
# self.browser.getControl(name='form.button.CreateTheme').click()
# self.assertTrue('foobar' in [t.__name__ for t in getZODBThemes()])
# self.assertTrue(getTheme('foobar') is not None)
def test_upload_theme_file_nodata(self):
self.browser.addHeader('Accept', 'application/json')
self.browser.post(
self.portal.absolute_url() + '/portal_resources/themeFileUpload',
'',
)
self.assertIn('Status: 200', str(self.browser.headers))
self.assertIn(
'{"failure": "error"}',
str(self.browser.contents)
)
def test_upload_theme_file_withdata(self):
self.browser.addHeader('Accept', 'application/json')
self.browser.post(
self.portal.absolute_url() + '/portal_resources/themeFileUpload',
"""
---blah---
Content-Disposition: form-data; name="file"; filename="Screen Shot 2018-02-16 at 3.08.15 pm.png"
Content-Type: image/png
---blah---
""",
# Bug in testbrowser prevents this working
# content_type='multipart/form-data; boundary=---blah---'
)
self.assertIn('Status: 200', str(self.browser.headers))
self.assertIn(
'{"failure": "error"}', # TODO: Should be {'success':'create'}
str(self.browser.contents)
)
class TestCase(unittest.TestCase):
layer = RAPIDO_PLONE_FUNCTIONAL_TESTING
def setUp(self):
# Enable debug mode always to ensure cache is disabled by default
Globals.DevelopmentMode = True
self.settings = getUtility(IRegistry).forInterface(IThemeSettings)
self.settings.enabled = True
theme = getTheme('rapido.extensions.tests')
applyTheme(theme)
import transaction
transaction.commit()
self.portal = self.layer['portal']
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.browser = Browser(self.layer['app'])
self.browser.handleErrors = False
self.browser.raiseHttpErrors = False
self.browser.addHeader('Accept', 'application/json')
def tearDown(self):
Globals.DevelopmentMode = False
def test_refresh_no_token(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
SITE_OWNER_NAME,
SITE_OWNER_PASSWORD,
))
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"],
'500 Internal Server Error')
self.assertEquals(self.browser.contents,
'{"error": "Form authenticator is invalid."}')
def test_refresh_not_manager(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
TEST_USER_ID,
TEST_USER_PASSWORD,
))
self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"], '401 Unauthorized')
def test_refresh(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
SITE_OWNER_NAME,
SITE_OWNER_PASSWORD,
))
self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"], '200 Ok')
self.assertEquals(self.browser.contents,
'{"success": "refresh", "indexes": ["id"]}')
def test_403(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
SITE_OWNER_NAME,
SITE_OWNER_PASSWORD,
))
self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/wrong', '')
self.assertEquals(self.browser.headers["status"], '403 Forbidden')
def test_404(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
SITE_OWNER_NAME,
SITE_OWNER_PASSWORD,
))
self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/record/unknown',
'')
self.assertEquals(self.browser.headers["status"], '404 Not Found')
def test_401(self):
self.browser.addHeader(
'Authorization', 'Basic %s:%s' % (
TEST_USER_ID,
TEST_USER_PASSWORD,
))
self.browser.open(self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"], '401 Unauthorized')
class TestCase(unittest.TestCase):
layer = RAPIDO_PLONE_FUNCTIONAL_TESTING
def setUp(self):
# Enable debug mode always to ensure cache is disabled by default
Globals.DevelopmentMode = True
self.settings = getUtility(IRegistry).forInterface(IThemeSettings)
self.settings.enabled = True
theme = getTheme('rapido.plone.tests')
applyTheme(theme)
import transaction
transaction.commit()
self.portal = self.layer['portal']
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.browser = Browser(self.layer['app'])
self.browser.handleErrors = False
self.browser.raiseHttpErrors = False
self.browser.addHeader('Accept', 'application/json')
def tearDown(self):
Globals.DevelopmentMode = False
def test_refresh_no_token(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"],
'500 Internal Server Error')
self.assertEquals(self.browser.contents,
'{"error": "Form authenticator is invalid."}')
def test_refresh_not_manager(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (TEST_USER_ID, TEST_USER_PASSWORD,)
)
self.browser.open(
self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"],
'401 Unauthorized')
def test_refresh(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
self.browser.open(
self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh', '')
self.assertEquals(self.browser.headers["status"],
'200 Ok')
self.assertEquals(self.browser.contents,
'{"success": "refresh", "indexes": ["id"]}')
def test_403(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
self.browser.open(
self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/wrong', '')
self.assertEquals(self.browser.headers["status"],
'403 Forbidden')
def test_404(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
self.browser.open(
self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/record/unknown',
'')
self.assertEquals(self.browser.headers["status"],
'404 Not Found')
def test_401(self):
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (TEST_USER_ID, TEST_USER_PASSWORD,)
)
self.browser.open(
self.portal.absolute_url() + '/@@rapido/testapp')
self.assertTrue('x-csrf-token' in self.browser.headers)
token = self.browser.headers['x-csrf-token']
self.browser.addHeader('x-csrf-token', token)
self.browser.post(
self.portal.absolute_url() + '/@@rapido/testapp/refresh',
'')
self.assertEquals(self.browser.headers["status"],
'401 Unauthorized')
