|
| 1 | +"""Web DB-failure handling. |
| 2 | +
|
| 3 | +A database selected in the navbar (stored in the ``rcdb_database`` cookie) may |
| 4 | +be unreachable or access-denied server-side (e.g. the MariaDB ``rcdb`` user has |
| 5 | +no GRANT on ``xem2``/``pionct`` -> pymysql ``(1044, "Access denied ...")``). |
| 6 | +
|
| 7 | +These tests pin the required behaviour: |
| 8 | +
|
| 9 | +* such a failure renders a graceful page (top menu + DB selector + a red |
| 10 | + "DB connection failure" strip), never a raw 500; |
| 11 | +* no sensitive detail (connection string, host, user, error code/text) leaks |
| 12 | + into the page, while the full exception is written to the application log; |
| 13 | +* the failure is not sticky -- reloading after the DB recovers, or switching to |
| 14 | + a working DB, renders normally with no poisoned cookie or cached engine. |
| 15 | +""" |
| 16 | + |
| 17 | +import unittest |
| 18 | + |
| 19 | +from sqlalchemy.exc import OperationalError |
| 20 | + |
| 21 | +import rcdb |
| 22 | +import rcdb.provider |
| 23 | +import rcdb.web |
| 24 | + |
| 25 | + |
| 26 | +class TestWebDbFailure(unittest.TestCase): |
| 27 | + def setUp(self): |
| 28 | + self.app = rcdb.web.app |
| 29 | + self.app.testing = True |
| 30 | + |
| 31 | + # Save config we mutate so other tests see the app untouched. |
| 32 | + self._saved = {k: self.app.config.get(k) for k in |
| 33 | + ("AVAILABLE_DATABASES", "DEFAULT_DATABASE")} |
| 34 | + self.app.config["AVAILABLE_DATABASES"] = { |
| 35 | + "good": "sqlite:///good", |
| 36 | + "bad": "sqlite:///bad", |
| 37 | + } |
| 38 | + self.app.config["DEFAULT_DATABASE"] = "sqlite:///good" |
| 39 | + |
| 40 | + self.client = self.app.test_client() |
| 41 | + |
| 42 | + # Replace connect(): raise an access-denied-style OperationalError for the |
| 43 | + # "bad" DB (while it is "down"); connect a fresh in-memory schema for the |
| 44 | + # "good" one. ``bad_down`` flips to False to simulate recovery. |
| 45 | + self.bad_down = True |
| 46 | + self._orig_connect = rcdb.ConfigurationProvider.connect |
| 47 | + test = self |
| 48 | + |
| 49 | + def fake_connect(provider, connection_string="", check_version=True): |
| 50 | + if "bad" in connection_string and test.bad_down: |
| 51 | + raise OperationalError( |
| 52 | + "SELECT 1", {}, |
| 53 | + Exception("(1044, \"Access denied for user 'rcdb'@'%' " |
| 54 | + "to database 'bad'\")")) |
| 55 | + test._orig_connect(provider, "sqlite://", check_version=False) |
| 56 | + rcdb.provider.destroy_all_create_schema(provider) |
| 57 | + |
| 58 | + rcdb.ConfigurationProvider.connect = fake_connect |
| 59 | + |
| 60 | + def tearDown(self): |
| 61 | + rcdb.ConfigurationProvider.connect = self._orig_connect |
| 62 | + for k, v in self._saved.items(): |
| 63 | + if v is None: |
| 64 | + self.app.config.pop(k, None) |
| 65 | + else: |
| 66 | + self.app.config[k] = v |
| 67 | + |
| 68 | + def _get(self, path="/", db=None): |
| 69 | + # Fresh client per call so the cookie jar carries only what we set here |
| 70 | + # (the Werkzeug test client ignores a raw Cookie header, hence set_cookie). |
| 71 | + client = self.app.test_client() |
| 72 | + if db: |
| 73 | + client.set_cookie("rcdb_database", db) |
| 74 | + return client.get(path) |
| 75 | + |
| 76 | + def test_failure_renders_graceful_page_not_500(self): |
| 77 | + with self.assertLogs("rcdb.web", level="ERROR") as cm: |
| 78 | + resp = self._get("/", db="bad") |
| 79 | + |
| 80 | + # Graceful, retryable status -- never a raw 500. |
| 81 | + self.assertEqual(resp.status_code, 503) |
| 82 | + self.assertNotEqual(resp.status_code, 500) |
| 83 | + |
| 84 | + body = resp.get_data(as_text=True) |
| 85 | + # Red strip + intact top menu incl. the DB selector to switch away. |
| 86 | + self.assertIn("DB connection failure", body) |
| 87 | + self.assertIn('id="dbSelector"', body) |
| 88 | + self.assertIn(">bad<", body) |
| 89 | + self.assertIn(">good<", body) |
| 90 | + |
| 91 | + # No sensitive detail leaks into the page ... |
| 92 | + for secret in ("1044", "Access denied", "sqlite:///bad", "rcdb@", |
| 93 | + "OperationalError", "Traceback"): |
| 94 | + self.assertNotIn(secret, body) |
| 95 | + |
| 96 | + # ... but the log has the full picture (db name + underlying error). |
| 97 | + logtext = "\n".join(cm.output) |
| 98 | + self.assertIn("bad", logtext) |
| 99 | + self.assertIn("1044", logtext) |
| 100 | + |
| 101 | + def test_reload_recovers_after_db_comes_back(self): |
| 102 | + # Same cookie, DB down -> graceful 503. |
| 103 | + self.assertEqual(self._get("/", db="bad").status_code, 503) |
| 104 | + |
| 105 | + # DB recovers; a plain reload (identical cookie) must render normally. |
| 106 | + self.bad_down = False |
| 107 | + resp = self._get("/", db="bad") |
| 108 | + self.assertEqual(resp.status_code, 200) |
| 109 | + self.assertNotIn("DB connection failure", resp.get_data(as_text=True)) |
| 110 | + |
| 111 | + def test_switching_to_working_db_recovers(self): |
| 112 | + self.assertEqual(self._get("/", db="bad").status_code, 503) |
| 113 | + resp = self._get("/", db="good") |
| 114 | + self.assertEqual(resp.status_code, 200) |
| 115 | + self.assertNotIn("DB connection failure", resp.get_data(as_text=True)) |
| 116 | + |
| 117 | + |
| 118 | +if __name__ == "__main__": |
| 119 | + unittest.main() |
0 commit comments