Home Explore Help
Sign In
mirrors
/
Radicale
mirror of https://github.com/Kozea/Radicale
1
0
Fork 0
Files Issues 0 Wiki
Tree: 27185f7291
Branches Tags
Radicale
/
radicale
/
tests
/
test_rights.py

test_rights.py 8.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. # This file is part of Radicale Server - Calendar Server
    2. 

  2. # Copyright © 2017-2018 Unrud<unrud@outlook.com>
    3. 

  3. #
    4. 

  4. # This library is free software: you can redistribute it and/or modify
    5. 

  5. # it under the terms of the GNU General Public License as published by
    6. 

  6. # the Free Software Foundation, either version 3 of the License, or
    7. 

  7. # (at your option) any later version.
    8. 

  8. #
    9. 

  9. # This library is distributed in the hope that it will be useful,
    10. 

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. # GNU General Public License for more details.
    13. 

  13. #
    14. 

  14. # You should have received a copy of the GNU General Public License
    15. 

  15. # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. """
    18. 

  18. Radicale tests with simple requests and rights.
    19. 

  19. """
    20. 

  20. 

  21. import base64
    22. 

  22. import os
    23. 

  23. import shutil
    24. 

  24. import tempfile
    25. 

  25. 

  26. from radicale import Application, config
    27. 

  27. 

  28. from .helpers import get_file_content
    29. 

  29. from .test_base import BaseTest
    30. 

  30. 

  31. 

  32. class TestBaseRightsRequests(BaseTest):
    33. 

  33.     """Tests basic requests with rights."""
    34. 

  34. 

  35.     def setup(self):
    36. 

  36.         self.configuration = config.load()
    37. 

  37.         self.colpath = tempfile.mkdtemp()
    38. 

  38.         self.configuration["storage"]["filesystem_folder"] = self.colpath
    39. 

  39.         # Disable syncing to disk for better performance
    40. 

  40.         self.configuration["internal"]["filesystem_fsync"] = "False"
    41. 

  41. 

  42.     def teardown(self):
    43. 

  43.         shutil.rmtree(self.colpath)
    44. 

  44. 

  45.     def _test_rights(self, rights_type, user, path, mode, expected_status,
    46. 

  46.                      with_auth=True):
    47. 

  47.         assert mode in ("r", "w")
    48. 

  48.         assert user in ("", "tmp")
    49. 

  49.         htpasswd_file_path = os.path.join(self.colpath, ".htpasswd")
    50. 

  50.         with open(htpasswd_file_path, "w") as f:
    51. 

  51.             f.write("tmp:bepo\nother:bepo")
    52. 

  52.         self.configuration["rights"]["type"] = rights_type
    53. 

  53.         if with_auth:
    54. 

  54.             self.configuration["auth"]["type"] = "htpasswd"
    55. 

  55.         self.configuration["auth"]["htpasswd_filename"] = htpasswd_file_path
    56. 

  56.         self.configuration["auth"]["htpasswd_encryption"] = "plain"
    57. 

  57.         self.application = Application(self.configuration)
    58. 

  58.         for u in ("tmp", "other"):
    59. 

  59.             status, _, _ = self.request(
    60. 

  60.                 "PROPFIND", "/%s" % u, HTTP_AUTHORIZATION="Basic %s" %
    61. 

  61.                 base64.b64encode(("%s:bepo" % u).encode()).decode())
    62. 

  62.             assert status == 207
    63. 

  63.         status, _, _ = self.request(
    64. 

  64.             "PROPFIND" if mode == "r" else "PROPPATCH", path,
    65. 

  65.             HTTP_AUTHORIZATION="Basic %s" % base64.b64encode(
    66. 

  66.                 ("tmp:bepo").encode()).decode() if user else "")
    67. 

  67.         assert status == expected_status
    68. 

  68. 

  69.     def test_owner_only(self):
    70. 

  70.         self._test_rights("owner_only", "", "/", "r", 401)
    71. 

  71.         self._test_rights("owner_only", "", "/", "w", 401)
    72. 

  72.         self._test_rights("owner_only", "", "/tmp", "r", 401)
    73. 

  73.         self._test_rights("owner_only", "", "/tmp", "w", 401)
    74. 

  74.         self._test_rights("owner_only", "tmp", "/", "r", 207)
    75. 

  75.         self._test_rights("owner_only", "tmp", "/", "w", 403)
    76. 

  76.         self._test_rights("owner_only", "tmp", "/tmp", "r", 207)
    77. 

  77.         self._test_rights("owner_only", "tmp", "/tmp", "w", 207)
    78. 

  78.         self._test_rights("owner_only", "tmp", "/other", "r", 403)
    79. 

  79.         self._test_rights("owner_only", "tmp", "/other", "w", 403)
    80. 

  80. 

  81.     def test_owner_only_without_auth(self):
    82. 

  82.         self._test_rights("owner_only", "", "/", "r", 207, False)
    83. 

  83.         self._test_rights("owner_only", "", "/", "w", 401, False)
    84. 

  84.         self._test_rights("owner_only", "", "/tmp", "r", 207, False)
    85. 

  85.         self._test_rights("owner_only", "", "/tmp", "w", 207, False)
    86. 

  86. 

  87.     def test_owner_write(self):
    88. 

  88.         self._test_rights("owner_write", "", "/", "r", 401)
    89. 

  89.         self._test_rights("owner_write", "", "/", "w", 401)
    90. 

  90.         self._test_rights("owner_write", "", "/tmp", "r", 401)
    91. 

  91.         self._test_rights("owner_write", "", "/tmp", "w", 401)
    92. 

  92.         self._test_rights("owner_write", "tmp", "/", "r", 207)
    93. 

  93.         self._test_rights("owner_write", "tmp", "/", "w", 403)
    94. 

  94.         self._test_rights("owner_write", "tmp", "/tmp", "r", 207)
    95. 

  95.         self._test_rights("owner_write", "tmp", "/tmp", "w", 207)
    96. 

  96.         self._test_rights("owner_write", "tmp", "/other", "r", 207)
    97. 

  97.         self._test_rights("owner_write", "tmp", "/other", "w", 403)
    98. 

  98. 

  99.     def test_owner_write_without_auth(self):
    100. 

  100.         self._test_rights("owner_write", "", "/", "r", 207, False)
    101. 

  101.         self._test_rights("owner_write", "", "/", "w", 401, False)
    102. 

  102.         self._test_rights("owner_write", "", "/tmp", "r", 207, False)
    103. 

  103.         self._test_rights("owner_write", "", "/tmp", "w", 207, False)
    104. 

  104. 

  105.     def test_authenticated(self):
    106. 

  106.         self._test_rights("authenticated", "", "/", "r", 401)
    107. 

  107.         self._test_rights("authenticated", "", "/", "w", 401)
    108. 

  108.         self._test_rights("authenticated", "", "/tmp", "r", 401)
    109. 

  109.         self._test_rights("authenticated", "", "/tmp", "w", 401)
    110. 

  110.         self._test_rights("authenticated", "tmp", "/", "r", 207)
    111. 

  111.         self._test_rights("authenticated", "tmp", "/", "w", 207)
    112. 

  112.         self._test_rights("authenticated", "tmp", "/tmp", "r", 207)
    113. 

  113.         self._test_rights("authenticated", "tmp", "/tmp", "w", 207)
    114. 

  114.         self._test_rights("authenticated", "tmp", "/other", "r", 207)
    115. 

  115.         self._test_rights("authenticated", "tmp", "/other", "w", 207)
    116. 

  116. 

  117.     def test_authenticated_without_auth(self):
    118. 

  118.         self._test_rights("authenticated", "", "/", "r", 207, False)
    119. 

  119.         self._test_rights("authenticated", "", "/", "w", 207, False)
    120. 

  120.         self._test_rights("authenticated", "", "/tmp", "r", 207, False)
    121. 

  121.         self._test_rights("authenticated", "", "/tmp", "w", 207, False)
    122. 

  122. 

  123.     def test_from_file(self):
    124. 

  124.         rights_file_path = os.path.join(self.colpath, "rights")
    125. 

  125.         with open(rights_file_path, "w") as f:
    126. 

  126.             f.write("""\
    127. 

  127. [owner]
    128. 

  128. user: .+
    129. 

  129. collection: %(login)s(/.*)?
    130. 

  130. permissions: RrWw
    131. 

  131. [custom]
    132. 

  132. user: .*
    133. 

  133. collection: custom(/.*)?
    134. 

  134. permissions: Rr""")
    135. 

  135.         self.configuration["rights"]["file"] = rights_file_path
    136. 

  136.         self._test_rights("from_file", "", "/other", "r", 401)
    137. 

  137.         self._test_rights("from_file", "tmp", "/other", "r", 403)
    138. 

  138.         self._test_rights("from_file", "", "/custom/sub", "r", 404)
    139. 

  139.         self._test_rights("from_file", "tmp", "/custom/sub", "r", 404)
    140. 

  140.         self._test_rights("from_file", "", "/custom/sub", "w", 401)
    141. 

  141.         self._test_rights("from_file", "tmp", "/custom/sub", "w", 403)
    142. 

  142. 

  143.     def test_custom(self):
    144. 

  144.         """Custom rights management."""
    145. 

  145.         self._test_rights("tests.custom.rights", "", "/", "r", 401)
    146. 

  146.         self._test_rights("tests.custom.rights", "", "/tmp", "r", 207)
    147. 

  147. 

  148.     def test_collections_and_items(self):
    149. 

  149.         """Test rights for creation of collections, calendars and items.
    150. 

  150. 

  151.         Collections are allowed at "/" and "/.../".
    152. 

  152.         Calendars/Address books are allowed at "/.../.../".
    153. 

  153.         Items are allowed at "/.../.../...".
    154. 

  154. 

  155.         """
    156. 

  156.         self.application = Application(self.configuration)
    157. 

  157.         status, _, _ = self.request("MKCALENDAR", "/")
    158. 

  158.         assert status == 401
    159. 

  159.         status, _, _ = self.request("MKCALENDAR", "/user/")
    160. 

  160.         assert status == 401
    161. 

  161.         status, _, _ = self.request("MKCOL", "/user/")
    162. 

  162.         assert status == 201
    163. 

  163.         status, _, _ = self.request("MKCOL", "/user/calendar/")
    164. 

  164.         assert status == 401
    165. 

  165.         status, _, _ = self.request("MKCALENDAR", "/user/calendar/")
    166. 

  166.         assert status == 201
    167. 

  167.         status, _, _ = self.request("MKCOL", "/user/calendar/item")
    168. 

  168.         assert status == 401
    169. 

  169.         status, _, _ = self.request("MKCALENDAR", "/user/calendar/item")
    170. 

  170.         assert status == 401
    171. 

  171. 

  172.     def test_put_collections_and_items(self):
    173. 

  173.         """Test rights for creation of calendars and items with PUT."""
    174. 

  174.         self.application = Application(self.configuration)
    175. 

  175.         status, _, _ = self.request(
    176. 

  176.             "PUT", "/user/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")
    177. 

  177.         assert status == 401
    178. 

  178.         status, _, _ = self.request("MKCOL", "/user/")
    179. 

  179.         assert status == 201
    180. 

  180.         status, _, _ = self.request(
    181. 

  181.             "PUT", "/user/calendar/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")
    182. 

  182.         assert status == 201
    183. 

  183.         event1 = get_file_content("event1.ics")
    184. 

  184.         status, _, _ = self.request(
    185. 

  185.             "PUT", "/user/calendar/event1.ics", event1)
    186. 

  186.         assert status == 201
    187.