def test_ip_restriction_git(self, webserver):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = webserver.repo_url(GIT_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute(
'git clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True)
# The message apparently changed in Git 1.8.3, so match it loosely.
assert re.search(r'\b403\b', stderr)
finally:
#release IP restrictions
for ip in UserIpMap.query():
UserIpMap.delete(ip.ip_id)
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = webserver.repo_url(GIT_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute(
'git clone', clone_url, _get_tmp_dir())
assert 'Cloning into' in stdout + stderr
assert stderr == '' or stdout == ''
def test_ip_restriction_hg(self, webserver):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = webserver.repo_url(HG_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute('hg clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True)
assert 'abort: HTTP Error 403: Forbidden' in stderr
finally:
#release IP restrictions
for ip in UserIpMap.query():
UserIpMap.delete(ip.ip_id)
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = webserver.repo_url(HG_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute('hg clone', clone_url, _get_tmp_dir())
assert 'requesting all changes' in stdout
assert 'adding changesets' in stdout
assert 'adding manifests' in stdout
assert 'adding file changes' in stdout
assert stderr == ''
def test_ip_restriction_hg(self, webserver):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = webserver.repo_url(HG_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute(
'hg clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True)
assert 'abort: HTTP Error 403: Forbidden' in stderr
finally:
#release IP restrictions
for ip in UserIpMap.query():
UserIpMap.delete(ip.ip_id)
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = webserver.repo_url(HG_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute(
'hg clone', clone_url, _get_tmp_dir())
assert 'requesting all changes' in stdout
assert 'adding changesets' in stdout
assert 'adding manifests' in stdout
assert 'adding file changes' in stdout
assert stderr == ''
def add_ip(self, id):
"""POST /user_ips:Add an existing item"""
# url('user_ips', id=ID, method='put')
ip = request.POST.get('new_ip')
user_model = UserModel()
try:
user_model.add_extra_ip(id, ip)
Session().commit()
h.flash(_("Added ip %s to user whitelist") % ip, category='success')
except formencode.Invalid, error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
def add_ip(self, id):
"""POST /user_ips:Add an existing item"""
# url('user_ips', id=ID, method='put')
ip = request.POST.get('new_ip')
user_model = UserModel()
try:
user_model.add_extra_ip(id, ip)
Session().commit()
h.flash(_("Added ip %s to user whitelist") % ip,
category='success')
except formencode.Invalid, error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
def test_delete_ips(self, auto_clear_ip_permissions):
self.log_user()
default_user_id = User.get_default_user().user_id
## first add
new_ip = '127.0.0.0/24'
with test_context(self.app):
user_model = UserModel()
ip_obj = user_model.add_extra_ip(default_user_id, new_ip)
Session().commit()
## double check that add worked
# IP permissions are cached, need to invalidate this cache explicitly
invalidate_all_caches()
self.app.get(url('admin_permissions_ips'), status=302)
# REMOTE_ADDR must match 127.0.0.0/24
response = self.app.get(url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '127.0.0.1'})
response.mustcontain('127.0.0.0/24')
response.mustcontain('127.0.0.0 - 127.0.0.255')
## now delete
response = self.app.post(
url('edit_user_ips_delete', id=default_user_id),
params=dict(del_ip_id=ip_obj.ip_id,
_authentication_token=self.authentication_token()),
extra_environ={'REMOTE_ADDR': '127.0.0.1'})
# IP permissions are cached, need to invalidate this cache explicitly
invalidate_all_caches()
response = self.app.get(url('admin_permissions_ips'))
response.mustcontain('All IP addresses are allowed')
response.mustcontain(no=['127.0.0.0/24'])
response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
def test_delete_ips(self, auto_clear_ip_permissions):
self.log_user()
default_user_id = User.get_default_user().user_id
## first add
new_ip = '127.0.0.0/24'
with test_context(self.app):
user_model = UserModel()
ip_obj = user_model.add_extra_ip(default_user_id, new_ip)
Session().commit()
## double check that add worked
# IP permissions are cached, need to invalidate this cache explicitly
invalidate_all_caches()
self.app.get(url('admin_permissions_ips'), status=302)
# REMOTE_ADDR must match 127.0.0.0/24
response = self.app.get(url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '127.0.0.1'})
response.mustcontain('127.0.0.0/24')
response.mustcontain('127.0.0.0 - 127.0.0.255')
## now delete
response = self.app.post(url('edit_user_ips_delete', id=default_user_id),
params=dict(del_ip_id=ip_obj.ip_id,
_authentication_token=self.authentication_token()),
extra_environ={'REMOTE_ADDR': '127.0.0.1'})
# IP permissions are cached, need to invalidate this cache explicitly
invalidate_all_caches()
response = self.app.get(url('admin_permissions_ips'))
response.mustcontain('All IP addresses are allowed')
response.mustcontain(no=['127.0.0.0/24'])
response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
def test_ip_restriction(self, webserver, vt):
user_model = UserModel()
try:
# Add IP constraint that excludes the test context:
user_model.add_extra_ip(base.TEST_USER_ADMIN_LOGIN,
'10.10.10.10/32')
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = vt.repo_url_param(webserver, vt.repo_name)
stdout, stderr = Command(base.TESTS_TMP_PATH).execute(
vt.repo_type,
'clone',
clone_url,
_get_tmp_dir(),
ignoreReturnCode=True)
if vt.repo_type == 'git':
# The message apparently changed in Git 1.8.3, so match it loosely.
assert re.search(
r'\b403\b', stderr
) or 'abort: User test_admin from 127.0.0.127 cannot be authorized' in stderr
elif vt.repo_type == 'hg':
assert 'abort: HTTP Error 403: Forbidden' in stderr or 'remote: abort: User test_admin from 127.0.0.127 cannot be authorized' in stdout
finally:
# release IP restrictions
for ip in UserIpMap.query():
UserIpMap.delete(ip.ip_id)
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = vt.repo_url_param(webserver, vt.repo_name)
stdout, stderr = Command(base.TESTS_TMP_PATH).execute(
vt.repo_type, 'clone', clone_url, _get_tmp_dir())
if vt.repo_type == 'git':
assert 'Cloning into' in stdout + stderr
assert stderr == '' or stdout == ''
elif vt.repo_type == 'hg':
assert 'requesting all changes' in stdout
assert 'adding changesets' in stdout
assert 'adding manifests' in stdout
assert 'adding file changes' in stdout
assert stderr == ''
def add_ip(self, id):
ip = request.POST.get('new_ip')
user_model = UserModel()
try:
user_model.add_extra_ip(id, ip)
Session().commit()
h.flash(_("Added IP address %s to user whitelist") % ip, category='success')
except formencode.Invalid as error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred while adding IP address'),
category='error')
if 'default_user' in request.POST:
raise HTTPFound(location=url('admin_permissions_ips'))
raise HTTPFound(location=url('edit_user_ips', id=id))
def test_ip_restriction_git(self):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
msg = ("""The requested URL returned error: 403""")
assert msg in stderr
finally:
#release IP restrictions
for ip in UserIpMap.getAll():
UserIpMap.delete(ip.ip_id)
Session().commit()
time.sleep(2)
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
assert 'Cloning into' in stdout + stderr
assert stderr == '' or stdout == ''
def test_ip_restriction_git(self):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
msg = ("""The requested URL returned error: 403""")
assert msg in stderr
finally:
#release IP restrictions
for ip in UserIpMap.getAll():
UserIpMap.delete(ip.ip_id)
Session().commit()
time.sleep(2)
clone_url = _construct_url(GIT_REPO)
stdout, stderr = Command('/tmp').execute('git clone', clone_url)
assert 'Cloning into' in stdout
assert stderr == ''
def test_ip_restriction_git(self, webserver):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = webserver.repo_url(GIT_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute('git clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True)
# The message apparently changed in Git 1.8.3, so match it loosely.
assert re.search(r'\b403\b', stderr)
finally:
#release IP restrictions
for ip in UserIpMap.query():
UserIpMap.delete(ip.ip_id)
Session().commit()
# IP permissions are cached, need to wait for the cache in the server process to expire
time.sleep(1.5)
clone_url = webserver.repo_url(GIT_REPO)
stdout, stderr = Command(TESTS_TMP_PATH).execute('git clone', clone_url, _get_tmp_dir())
assert 'Cloning into' in stdout + stderr
assert stderr == '' or stdout == ''
def test_ip_restriction_hg(self):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = _construct_url(HG_REPO)
stdout, stderr = Command('/tmp').execute('hg clone', clone_url)
assert 'abort: HTTP Error 403: Forbidden' in stderr
finally:
#release IP restrictions
for ip in UserIpMap.getAll():
UserIpMap.delete(ip.ip_id)
Session().commit()
time.sleep(2)
clone_url = _construct_url(HG_REPO)
stdout, stderr = Command('/tmp').execute('hg clone', clone_url)
assert 'requesting all changes' in stdout
assert 'adding changesets' in stdout
assert 'adding manifests' in stdout
assert 'adding file changes' in stdout
assert stderr == ''
def test_ip_restriction_hg(self):
user_model = UserModel()
try:
user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')
Session().commit()
clone_url = _construct_url(HG_REPO)
stdout, stderr = Command('/tmp').execute('hg clone', clone_url)
assert 'abort: HTTP Error 403: Forbidden' in stderr
finally:
#release IP restrictions
for ip in UserIpMap.getAll():
UserIpMap.delete(ip.ip_id)
Session().commit()
time.sleep(2)
clone_url = _construct_url(HG_REPO)
stdout, stderr = Command('/tmp').execute('hg clone', clone_url)
assert 'requesting all changes' in stdout
assert 'adding changesets' in stdout
assert 'adding manifests' in stdout
assert 'adding file changes' in stdout
assert stderr == ''
