Mercurial > gemma

diff schema/manage_users_tests.sql @ 478:3af7ca761f6a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Purge password reset role The risk of SQL-injections and thus privilege escalation via the metamorphic user was estimated not high enough to justify the extra role. Thus, bring database back in line with rev. ffdb507d5b42 and re-enable password reset.
author Tom Gottfried <tom@intevation.de>
date Thu, 23 Aug 2018 16:41:44 +0200
parents 5611cf72cc92
children 6590208e3ee1
line wrap: on
line diff
--- a/schema/manage_users_tests.sql	Thu Aug 23 16:18:07 2018 +0200
+++ b/schema/manage_users_tests.sql	Thu Aug 23 16:41:44 2018 +0200
@@ -314,38 +314,3 @@
     $$,
     55006, NULL,
     'Current user cannot be deleted');
-
-
---
--- Password reset
---
-
--- Workaround broken relocatability of pgtap (otherwise we could
--- put pgtap in its own schema and GRANT USAGE to PUBLIC on it)
-RESET SESSION AUTHORIZATION;
-GRANT USAGE ON SCHEMA public TO pw_reset;
-
-SET SESSION AUTHORIZATION test_pw_reset;
-
-SELECT isnt_empty($$
-    SELECT username, email_address FROM pw_reset.list_users
-    $$,
-    'Special role can see users with their email addresses');
-
-SELECT results_eq($$
-    UPDATE pw_reset.list_users
-        SET pw = 'user_at2!' WHERE username = 'test_user_at'
-        RETURNING email_address
-    $$,
-    $$
-    SELECT email_address FROM pw_reset.list_users
-        WHERE username = 'test_user_at'
-    $$,
-    'Special role can update password');
-
-SELECT throws_ok($$
-    UPDATE pw_reset.list_users
-        SET username = 'test_rename', email_address = 'test'
-    $$,
-    42501, NULL,
-    'Special role cannot update arbitrary user attributes');