zulip/zerver/tests
Anders Kaseorg 751b2a03e5 CVE-2022-31168: Fix authorization check for changing bot roles.
Due to an incorrect authorization check in Zulip Server 5.4 and
earlier, a member of an organization could craft an API call that
grants organization administrator privileges to one of their bots.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-21 17:59:09 -07:00
..
fixtures images: Move /team images into landing-page directory. 2022-07-13 15:14:19 -07:00
images emoji: Support animated PNGs. 2022-03-15 12:47:21 -07:00
__init__.py
test_alert_words.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_attachments.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_audit_log.py realm_domains: Type QuerySet.values as RealmDomainDict. 2022-07-07 11:27:42 -07:00
test_auth_backends.py test_auth_backends: Replace handcrafted requests with HostRequestMock. 2022-07-15 14:00:56 -07:00
test_bots.py CVE-2022-31168: Fix authorization check for changing bot roles. 2022-07-21 17:59:09 -07:00
test_cache.py preview: Use cache only as a non-durable cache, not an IPC. 2022-04-15 14:48:12 -07:00
test_compatibility.py python: Reformat with Black 22 (stable). 2022-02-18 18:03:13 -08:00
test_create_video_call.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_custom_profile_data.py populate_db: Fix data for "Favorite editor" custom field. 2022-07-15 16:51:24 -07:00
test_data_types.py
test_decorators.py decorator: Explicitly require req_secret in internal_notify_view. 2022-07-15 09:20:37 -07:00
test_digest.py testing: 100% coverage for zerver/tests/test_digest.py. 2022-06-01 16:09:13 -07:00
test_docs.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_drafts.py streams: Capitalize "ID" in invalid stream errors in API. 2022-05-27 17:06:03 -07:00
test_email_change.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_email_log.py tests: Remove `FORWARD_ADDRESS_CONFIG_FILE` created in test. 2022-07-21 15:25:11 -07:00
test_email_mirror.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_email_notifications.py tests: Add type narrowing for EmailMultiAlternatives. 2022-07-15 14:00:56 -07:00
test_embedded_bot_system.py tests: Ensure stream senders get a UserMessage row. 2021-12-10 09:40:04 -08:00
test_event_queue.py test_helpers: Remove default tornado_handler from HostRequestMock. 2022-06-25 08:42:23 -07:00
test_event_system.py decorator: Move tornado notify `data` parameter to `REQ` framework. 2022-07-20 14:23:05 -07:00
test_events.py Revert "message_flags: Filter msgs having (or not) the flag before updating." 2022-07-21 14:29:54 -07:00
test_example.py email_backends: Fix concurrent backend testing for generate_emails. 2022-05-03 08:45:51 -07:00
test_external.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_github.py downloads: Serve desktop downloads from desktop-download.zulip.com. 2021-08-28 23:08:45 -07:00
test_gitter_importer.py tests: Consistently use assert_length helper. 2021-05-19 11:55:56 -07:00
test_home.py requirements: Upgrade to Django 4.0. 2022-07-13 16:07:17 -07:00
test_hotspots.py actions: Split out zerver.actions.create_user. 2022-04-14 17:14:35 -07:00
test_i18n.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_import_export.py typing: Add assertions before accessing settings. 2022-07-15 14:00:56 -07:00
test_integrations.py tests: Add a test for fixtures for non-webhook integrations. 2021-04-28 08:16:51 -07:00
test_integrations_dev_panel.py middleware: Pass unhandled API exceptions through to the test suite. 2022-06-23 19:23:08 -07:00
test_internet.py
test_legacy_subject.py tests: Remove `client` parameter if test can use default `User-Agent`. 2022-02-24 12:57:18 -08:00
test_link_embed.py typing: Add assertions for Optional values. 2022-07-15 14:00:56 -07:00
test_logging_handlers.py python: Simplify unnecessary getattr calls. 2022-06-26 17:38:22 -07:00
test_management_commands.py actions: Split out zerver.actions.reactions. 2022-04-14 17:14:35 -07:00
test_markdown.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_mattermost_importer.py tests: Verify emoji codes. 2021-12-06 13:22:47 -08:00
test_message_dict.py typing: Add none-checks for Recipient objects. 2022-05-31 09:43:55 -07:00
test_message_edit.py message_edit: Avoid retyping variables. 2022-07-15 14:00:56 -07:00
test_message_edit_notifications.py push_notifications: Ensure notifications are on for the remove codepath. 2022-03-09 16:33:51 -08:00
test_message_fetch.py test_message_fetch: Verify the value of WWW-Authenticate. 2022-07-18 18:01:42 -07:00
test_message_flags.py typing: Fix wrong type annotations for mute_stream. 2022-06-23 19:25:48 -07:00
test_message_send.py realm: Removed WILDCARD_MENTION_POLICY_STREAM_ADMINS option. 2022-07-13 17:07:44 -07:00
test_message_topics.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_messages.py actions: Split out zerver.actions.message_send. 2022-04-14 17:14:34 -07:00
test_middleware.py test_middleware: Narrow the type of open_graph_description. 2022-06-23 22:09:05 -07:00
test_migrations.py tests: Mark test_migrations tests to be automatically skipped. 2022-03-07 15:33:29 -08:00
test_mirror_users.py actions: Split out zerver.actions.message_send. 2022-04-14 17:14:34 -07:00
test_muting_topics.py typing: Add none-checks for Recipient objects. 2022-05-31 09:43:55 -07:00
test_muting_users.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_new_users.py requirements: Upgrade to Django 4.0. 2022-07-13 16:07:17 -07:00
test_notification_data.py notifications: Don't enqueue notifications for bots. 2022-01-03 09:55:06 -08:00
test_onboarding.py
test_openapi.py test_openapi: Use Python 3.8 typing.{get_origin,get_args}. 2022-04-27 12:57:49 -07:00
test_outgoing_http.py requirements: Upgrade Python requirements. 2022-06-01 16:01:54 -07:00
test_outgoing_webhook_interfaces.py outgoing webhooks: Fix inconsistencies with Slack's API. 2021-09-23 11:19:20 -07:00
test_outgoing_webhook_system.py testing: 100% code coverage for zerver/lib/outgoing_webhook.py. 2022-05-17 13:51:00 -07:00
test_populate_db.py populate_db: Add support for creating messages older than 5 days ago. 2022-04-25 16:16:15 -07:00
test_presence.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_push_notifications.py test_push_notifications: Simplify with Python 3.8 AsyncMock. 2022-06-25 08:43:20 -07:00
test_queue.py test_queue_error_json: Acknowledge the received message. 2022-01-21 13:38:13 -08:00
test_queue_worker.py invites: Use expiration time in minutes instead of days. 2022-04-20 13:31:37 -07:00
test_rate_limiter.py tests: Avoid use of Python internal __unittest_skip__ flag. 2022-03-07 16:26:37 -08:00
test_reactions.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_realm.py merge_streams: Move logic to zerver/actions/streams.py. 2022-07-13 16:12:36 -07:00
test_realm_domains.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_realm_emoji.py emoji: Use path converter for emoji name in URL. 2022-07-14 14:29:40 -07:00
test_realm_export.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_realm_linkifiers.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_realm_playgrounds.py actions: Split out zerver.actions.realm_playgrounds. 2022-04-14 17:14:30 -07:00
test_redis_utils.py typing: Fix missing attribtute of RedisUtilsTest. 2022-06-23 22:05:12 -07:00
test_report.py docs: Fix many spelling mistakes. 2022-02-07 18:51:06 -08:00
test_retention.py test_retention: Add type annotation for expected_result 2022-07-15 14:00:56 -07:00
test_rocketchat_importer.py tests: Verify emoji codes. 2021-12-06 13:22:47 -08:00
test_scim.py test: Use list comprehension for dictionary values. 2022-07-15 14:00:56 -07:00
test_send_email.py test_send_email: Fix the to_email argument to pass str. 2022-07-15 14:00:56 -07:00
test_service_bot_system.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_sessions.py home: For web public realms, skip login for spectators. 2022-04-28 12:34:29 -07:00
test_settings.py requirements: Upgrade to Django 4.0. 2022-07-13 16:07:17 -07:00
test_signup.py get_object_from_key: Make mark_object_used an obligatory kwarg. 2022-07-21 15:18:15 -07:00
test_slack_importer.py import_utils: Fix history_public_to_subscribers being set incorrectly. 2022-04-27 12:08:01 -07:00
test_slack_message_conversion.py tests: Consistently use assert_length helper. 2021-05-19 11:55:56 -07:00
test_soft_deactivation.py actions: Split out zerver.actions.alert_words. 2022-04-14 17:14:31 -07:00
test_subdomains.py subdomains: Extend "static" to include resources hosted on S3. 2021-06-08 15:28:10 -07:00
test_submessage.py actions: Split out zerver.actions.submessage. 2022-04-14 17:14:30 -07:00
test_subs.py python: Apply changes from pyupgrade. 2022-07-20 22:33:28 -07:00
test_templates.py markdown: Rewrite include plugin without markdown-include. 2022-06-26 17:36:31 -07:00
test_thumbnail.py typing: Access url via key "Location" instead of attribute "url". 2022-05-30 11:59:47 -07:00
test_timeout.py timeout: Add test coverage. 2022-04-07 17:26:01 -07:00
test_timestamp.py docs: Add missing space in “time zone”. 2022-02-24 14:05:12 -08:00
test_timezone.py requirements: Upgrade to Django 4.0. 2022-07-13 16:07:17 -07:00
test_tornado.py test_tornado: Avoid deprecated AsyncHTTPTestCase. 2022-07-05 17:54:17 -07:00
test_transfer.py mypy: Enable truthy-bool errors. 2022-06-23 19:22:12 -07:00
test_tutorial.py actions: Split out zerver.actions.message_send. 2022-04-14 17:14:34 -07:00
test_type_debug.py
test_typing.py streams: Capitalize "ID" in invalid stream errors in API. 2022-05-27 17:06:03 -07:00
test_upload.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_urls.py home: For web public realms, skip login for spectators. 2022-04-28 12:34:29 -07:00
test_user_groups.py typing: Avoid redefinition of variables with different types. 2022-06-23 19:25:48 -07:00
test_user_status.py user_status: Add backend changes to support status emoji. 2021-07-27 17:57:15 -07:00
test_users.py populate_db: Fix data for "Favorite editor" custom field. 2022-07-15 16:51:24 -07:00
test_webhooks_common.py django: Use HttpRequest.headers. 2022-05-13 20:42:20 -07:00
test_widgets.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00
test_zcommand.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_zephyr.py tests: Replace `HttpResponse` with `TestHttpResponse.` 2022-06-08 11:25:03 -07:00