📄 authz_tests.py
字号:
fp.write("[authz_checkout_and_update_test:/]\n" + "* = r\n") else: fp.write("[/]\n" + "* = r\n") fp.close() # update the working copy, should download /A/B because we now have read # access expected_output = svntest.wc.State(local_dir, { 'A/B' : Item(status='A '), 'A/B/lambda' : Item(status='A '), 'A/B/E' : Item(status='A '), 'A/B/E/alpha' : Item(status='A '), 'A/B/E/beta' : Item(status='A '), 'A/B/F' : Item(status='A '), }) expected_wc = svntest.main.greek_state expected_status = svntest.actions.get_virginal_state(local_dir, 1) svntest.actions.run_and_verify_update(local_dir, expected_output, expected_wc, expected_status, None, None, None, None, None, 1) def authz_partial_export_test(sbox): "test authz for export with unreadable subfolder" skip_test_when_no_authz_available() sbox.build("authz_partial_export_test", create_wc = False) local_dir = sbox.wc_dir # cleanup remains of a previous test run. svntest.main.safe_rmtree(local_dir) write_restrictive_svnserve_conf(svntest.main.current_repo_dir) # 1st part: disable read access on folder A/B, export should not # download this folder # write an authz file with *= on /A/B fp = open(sbox.authz_file, 'w') if sbox.repo_url.startswith('http'): fp.write("[authz_partial_export_test:/]\n" + "* = r\n" + "[authz_partial_export_test:/A/B]\n" + "* =\n") else: fp.write("[/]\n" + "* = r\n" + "[/A/B]\n" + "* =\n") fp.close() # export a working copy, should not dl /A/B expected_output = svntest.main.greek_state.copy() expected_output.wc_dir = local_dir expected_output.desc[''] = Item() expected_output.tweak(status='A ', contents=None) expected_output.remove('A/B', 'A/B/lambda', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', 'A/B/F') expected_wc = svntest.main.greek_state.copy() expected_wc.remove('A/B', 'A/B/lambda', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', 'A/B/F') svntest.actions.run_and_verify_export(sbox.repo_url, local_dir, expected_output, expected_wc)#----------------------------------------------------------------------def authz_log_and_tracing_test(sbox): "test authz for log and tracing path changes" skip_test_when_no_authz_available() sbox.build("authz_log_test") wc_dir = sbox.wc_dir write_restrictive_svnserve_conf(svntest.main.current_repo_dir) # write an authz file with *=rw on / fp = open(sbox.authz_file, 'w') if sbox.repo_url.startswith('http'): fp.write("[authz_log_test:/]\n" + "* = rw\n") expected_err = ".*403 Forbidden.*" else: fp.write("[/]\n" + "* = rw\n") expected_err = ".*svn: Authorization failed.*" fp.close() root_url = svntest.main.current_repo_url D_url = root_url + '/A/D' G_url = D_url + '/G' # check if log doesn't spill any info on which you don't have read access rho_path = os.path.join(wc_dir, 'A', 'D', 'G', 'rho') svntest.main.file_append (rho_path, 'new appended text for rho') svntest.actions.run_and_verify_svn(None, None, [], 'ci', '-m', 'add file rho', sbox.wc_dir) svntest.main.file_append (rho_path, 'extra change in rho') svntest.actions.run_and_verify_svn(None, None, [], 'ci', '-m', 'changed file rho', sbox.wc_dir) # copy a remote file svntest.actions.run_and_verify_svn("", None, [], 'cp', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, rho_path, D_url, '-m', 'copy rho to readable area') # now disable read access on the first version of rho, keep the copy in # /A/D readable. fp = open(sbox.authz_file, 'w') if sbox.repo_url.startswith('http'): fp.write("[authz_log_test:/]\n" + "* = rw\n" + "[authz_log_test:/A/D/G]\n" + "* =\n") expected_err = ".*403 Forbidden.*" else: fp.write("[/]\n" + "* = rw\n" + "[/A/D/G]\n" + "* =\n") expected_err = ".*svn: Authorization failed.*" fp.close() ## log # changed file in this rev. is not readable anymore, so author and date # should be hidden, like this: # r2 | (no author) | (no date) | 1 line svntest.actions.run_and_verify_svn("", ".*(no author).*(no date).*", [], 'log', '-r', '2', '--limit', '1', wc_dir) if sbox.repo_url.startswith('http'): expected_err2 = expected_err else: expected_err2 = ".*svn: Item is not readable.*" # if we do the same thing directly on the unreadable file, we get: # svn: Item is not readable svntest.actions.run_and_verify_svn("", None, expected_err2, 'log', rho_path) # while the HEAD rev of the copy is readable in /A/D, its parent in # /A/D/G is not, so don't spill any info there either. svntest.actions.run_and_verify_svn("", ".*(no author).*(no date).*", [], 'log', '-r', '2', '--limit', '1', D_url) ## cat # now see if we can look at the older version of rho svntest.actions.run_and_verify_svn("", None, expected_err, 'cat', '-r', '2', D_url+'/rho') if sbox.repo_url.startswith('http'): expected_err2 = expected_err else: expected_err2 = ".*svn: Unreadable path encountered; access denied.*" svntest.actions.run_and_verify_svn("", None, expected_err2, 'cat', '-r', '2', G_url+'/rho') ## diff # we shouldn't see the diff of a file in an unreadable path svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', 'HEAD', G_url+'/rho') svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', '2', D_url+'/rho') svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', '2:4', D_url+'/rho') def authz_validate(sbox): "test the authz validation rules" skip_test_when_no_authz_available() sbox.build(create_wc = False) write_restrictive_svnserve_conf(sbox.repo_dir) A_url = sbox.repo_url + '/A' # If any of the validate rules fail, the authz isn't loaded so there's no # access at all to the repository. # Test 1: Undefined group write_authz_file(sbox, { "/" : "* = r", "/A/B" : "@undefined_group = rw" }) if sbox.repo_url.startswith("http"): expected_err = ".*403 Forbidden.*" else: expected_err = ".*@undefined_group.*" # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", None, expected_err, 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url) # Test 2: Circular dependency write_authz_file(sbox, { "/" : "* = r" }, { "groups" : """admins = admin1, admin2, @devsdevs1 = @admins, dev1devs2 = @admins, dev2devs = @devs1, dev3, dev4""" }) if sbox.repo_url.startswith("http"): expected_err = ".*403 Forbidden.*" else: expected_err = ".*Circular dependency.*" # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", None, expected_err, 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url) # Test 3: Group including other group 2 times (issue 2684) write_authz_file(sbox, { "/" : "* = r" }, { "groups" : """admins = admin1, admin2devs1 = @admins, dev1devs2 = @admins, dev2users = @devs1, @devs2, user1, user2""" }) # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", ['B/\n', 'C/\n', 'D/\n', 'mu\n'], [], 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url)######################################################################### Run the testsdef is_this_dav(): return svntest.main.test_area_url.startswith('http')# list all tests here, starting with None:test_list = [ None, authz_open_root, XFail(authz_open_directory, is_this_dav), broken_authz_file, authz_read_access, authz_write_access, authz_checkout_test, authz_log_and_tracing_test, authz_checkout_and_update_test, authz_partial_export_test, authz_validate, ]if __name__ == '__main__': svntest.main.run_tests(test_list) # NOTREACHED### End of file.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -