def test_auth(self): # Based on Testing.ZopeTestCase.testFunctional basic_auth = '%s:%s' % (user_name, user_password) self.folder.addDTMLDocument('secret_html', file='secret') self.folder.secret_html.manage_permission(view, ['Owner']) path = '/' + self.folder.absolute_url(1) + '/secret_html' # Test direct publishing response = self.publish(path + '/secret_html') self.assertEqual(response.getStatus(), 401) response = self.publish(path + '/secret_html', basic_auth) self.assertEqual(response.getStatus(), 200) self.assertEqual(response.getBody(), b'secret') # Test browser url = 'http://localhost' + path browser = Browser() browser.raiseHttpErrors = False browser.open(url) self.assertTrue(browser.headers['status'].startswith('401')) browser.login(user_name, user_password) browser.open(url) self.assertTrue(browser.headers['status'].startswith('200')) self.assertEqual(browser.contents, 'secret')
class ZPTBrowserTests(FunctionalTestCase): """Browser testing ZopePageTemplate""" def setUp(self): from Products.PageTemplates.ZopePageTemplate import \ manage_addPageTemplate super(ZPTBrowserTests, self).setUp() Zope2.App.zcml.load_site(force=True) uf = self.app.acl_users uf.userFolderAddUser('manager', 'manager_pass', ['Manager'], []) manage_addPageTemplate(self.app, 'page_template') self.browser = Browser() self.browser.login('manager', 'manager_pass') self.browser.open('http://localhost/page_template/manage_main') def test_pt_upload__no_file(self): """It renders an error message if no file is uploaded.""" self.browser.getControl('Upload File').click() self.assertIn('No file specified', self.browser.contents)
class TestPublishTraverse(Testing.ZopeTestCase.FunctionalTestCase): def setUp(self): super(TestPublishTraverse, self).setUp() zcml.load_config("configure.zcml", Products.Five) zcml.load_config('pages.zcml', package=Products.Five.browser.tests) uf = self.app.acl_users uf.userFolderAddUser('manager', 'manager_pass', ['Manager'], []) manage_addSimpleContent(self.folder, 'testoid', 'x') self.browser = Browser() self.browser.login('manager', 'manager_pass') def tearDown(self): zope.component.testing.tearDown() super(TestPublishTraverse, self).tearDown() def test_publishTraverse_to_allowed_name(self): # The ``eagle.method`` view has a method ``eagle`` that is registered # with ``allowed_attributes`` in pages.zcml. This attribute should be # reachable through ``publishTraverse`` on the view. folder = self.folder view = folder.unrestrictedTraverse('testoid/eagle.method') # Publishing traversal with the default adapter should work: from ZPublisher.BaseRequest import DefaultPublishTraverse request = folder.REQUEST adapter = DefaultPublishTraverse(view, request) result = adapter.publishTraverse(request, 'eagle')() self.assertIn('The eagle has landed', result) # Publishing via browser works, too: self.browser.open( 'http://localhost/test_folder_1_/testoid/eagle.method/eagle') self.assertEqual('The eagle has landed', self.browser.contents) def test_publishTraverse_to_not_allowed_name(self): # The ``eagle.method`` view has a method ``mouse`` but it is not # registered with ``allowed_attributes`` in pages.zcml. This attribute # should be not be accessible. It leads to a HTTP-404, so we do not # tell the world about our internal methods: with self.assertRaises(HTTPError) as err: self.browser.open( 'http://localhost/test_folder_1_/testoid/eagle.method/mouse') self.assertEqual('HTTP Error 404: Not Found', str(err.exception)) def test_publishTraverse_to_allowed_interface(self): # The ``cheeseburger`` view has a method ``meat`` that is # registered via ``allowed_interface`` in pages.zcml. This attribute # should be reachable through ``publishTraverse`` on the view. folder = self.folder view = folder.unrestrictedTraverse('testoid/cheeseburger') # Publishing traversal with the default adapter should work: from ZPublisher.BaseRequest import DefaultPublishTraverse request = folder.REQUEST adapter = DefaultPublishTraverse(view, request) result = adapter.publishTraverse(request, 'meat')() self.assertIn('yummi', result) # Publishing via browser works, too: self.browser.open( 'http://localhost/test_folder_1_/testoid/cheeseburger/meat') self.assertEqual('yummi', self.browser.contents) def test_publishTraverse_to_not_allowed_interface(self): # The ``cheeseburger`` view has a method ``cheese`` but it is not # registered via ``allowed_interface`` in pages.zcml. This attribute # should be not be accessible. It leads to a HTTP-404, so we do not # tell the world about our internal methods: with self.assertRaises(HTTPError) as err: self.browser.open( 'http://localhost/test_folder_1_/testoid/cheeseburger/cheese') self.assertEqual('HTTP Error 404: Not Found', str(err.exception))
class PythonScriptBrowserTests(FunctionalTestCase): """Browser testing Python Scripts""" def setUp(self): from Products.PythonScripts.PythonScript import manage_addPythonScript super(PythonScriptBrowserTests, self).setUp() Zope2.App.zcml.load_site(force=True) uf = self.app.acl_users uf.userFolderAddUser('manager', 'manager_pass', ['Manager'], []) manage_addPythonScript(self.app, 'py_script') self.browser = Browser() self.browser.addHeader( 'Authorization', 'basic {}'.format( codecs.encode( # noqa: P101 b'manager:manager_pass', 'base64').decode())) self.browser.open('http://localhost/py_script/manage_main') def test_ZPythonScriptHTML_upload__no_file(self): """It renders an error message if no file is uploaded.""" self.browser.getControl('Upload File').click() self.assertIn('No file specified', self.browser.contents) def test_ZPythonScriptHTML_upload__with_file(self): file_contents = b'print("hello")' self.browser.getControl('file').add_file(file_contents, 'text/plain', 'script.py') self.browser.getControl('Upload File').click() assert 'Saved changes.' in self.browser.contents def test_PythonScript_proxyroles_manager(self): test_role = 'Test Role' self.app._addRole(test_role) # Test the original state self.assertFalse(self.app.py_script.manage_haveProxy(test_role)) # Go to the "Proxy" ZMI tab, grab the Proxy Roles select box, # select the new role and submit self.browser.open('http://localhost/py_script/manage_proxyForm') roles_selector = self.browser.getControl(name='roles:list') testrole_option = roles_selector.getControl(test_role) self.assertFalse(testrole_option.selected) testrole_option.selected = True self.browser.getControl('Save Changes').click() # The Python Script should now have a proxy role set self.assertTrue(self.app.py_script.manage_haveProxy(test_role)) def test_PythonScript_proxyroles_nonmanager(self): # This test checks an unusual configuration where roles other than # Manager are allowed to change proxy roles. proxy_form_url = 'http://localhost/py_script/manage_proxyForm' test_role = 'Test Role' self.app._addRole(test_role) test_role_2 = 'Unprivileged Role' self.app._addRole(test_role_2) self.app.manage_permission(change_proxy_roles, ['Manager', test_role]) # Add some test users uf = self.app.acl_users uf.userFolderAddUser('privileged', 'priv', [test_role], []) uf.userFolderAddUser('peon', 'unpriv', [test_role_2], []) # Test the original state self.assertFalse(self.app.py_script.manage_haveProxy(test_role)) self.assertFalse(self.app.py_script.manage_haveProxy(test_role_2)) # Attempt as unprivileged user will fail both in the browser and # from trusted code self.browser.login('peon', 'unpriv') with self.assertRaises(HTTPError): self.browser.open(proxy_form_url) newSecurityManager(None, uf.getUser('peon')) with self.assertRaises(zExceptions.Forbidden): self.app.py_script.manage_proxy(roles=(test_role, )) self.assertFalse(self.app.py_script.manage_haveProxy(test_role)) # Now log in as privileged user and try to set a proxy role # the privileged user does not have. This must fail. self.browser.login('privileged', 'priv') self.browser.open(proxy_form_url) roles_selector = self.browser.getControl(name='roles:list') bad_option = roles_selector.getControl(test_role_2) self.assertFalse(bad_option.selected) bad_option.selected = True with self.assertRaises(HTTPError): self.browser.getControl('Save Changes').click() self.assertFalse(self.app.py_script.manage_haveProxy(test_role_2)) newSecurityManager(None, uf.getUser('privileged')) with self.assertRaises(zExceptions.Forbidden): self.app.py_script.manage_proxy(roles=(test_role_2, )) self.assertFalse(self.app.py_script.manage_haveProxy(test_role_2)) # Trying again as privileged user with a proxy role the user has self.browser.open(proxy_form_url) roles_selector = self.browser.getControl(name='roles:list') testrole_option = roles_selector.getControl(test_role) self.assertFalse(testrole_option.selected) testrole_option.selected = True self.browser.getControl('Save Changes').click() # The Python Script should now have a proxy role set self.assertTrue(self.app.py_script.manage_haveProxy(test_role)) # Cleanup noSecurityManager()