From 308be6a0250691b915d41bbf3286970ebf638026 Mon Sep 17 00:00:00 2001
From: Jeffrey Forman <jforman@malbec.home.jeffreyforman.net>
Date: Sun, 9 Dec 2012 21:22:47 -0500
Subject: [PATCH] Add integration test for denied zone transfer

---
 binder/models.py                 |  2 +-
 binder/testdata/db.10.254.3      | 10 ++++++++++
 binder/testdata/db.domain3.local | 10 ++++++++++
 binder/tests/integration.py      | 11 +++++++++++
 4 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 binder/testdata/db.10.254.3
 create mode 100644 binder/testdata/db.domain3.local

diff --git a/binder/models.py b/binder/models.py
index d1944e6..2169c2d 100644
--- a/binder/models.py
+++ b/binder/models.py
@@ -122,7 +122,7 @@ class BindServer(models.Model):
         except dns.exception.FormError:
             # When the DNS message is malformed.
             # * Can happen if a TSIG key is required but a default_transfer_key is not specified.
-            raise exceptions.TransferException("There was an error attempting to list zone records. Did you forget to specify a default transfer key?")
+            raise exceptions.TransferException("Unable to perform AXFR to list zone records. Did you forget to specify a default transfer key?")
 
         names = zone.nodes.keys()
         names.sort()
diff --git a/binder/testdata/db.10.254.3 b/binder/testdata/db.10.254.3
new file mode 100644
index 0000000..85dd61c
--- /dev/null
+++ b/binder/testdata/db.10.254.3
@@ -0,0 +1,10 @@
+$TTL 86400	; 1 day
+@	IN SOA	ns1.example.com. mymail.example.com. (
+				2          ; serial
+				10800      ; refresh (3 hours)
+				15         ; retry (15 seconds)
+				604800     ; expire (1 week)
+				10800      ; minimum (3 hours)
+				)
+			NS	localhost.
+$ORIGIN 3.254.10.in-addr.arpa.
diff --git a/binder/testdata/db.domain3.local b/binder/testdata/db.domain3.local
new file mode 100644
index 0000000..6953e18
--- /dev/null
+++ b/binder/testdata/db.domain3.local
@@ -0,0 +1,10 @@
+$TTL 86400	; 1 day
+@		IN SOA	ns1.example.com. mymail.example.com. (
+				24         ; serial
+				10800      ; refresh (3 hours)
+				15         ; retry (15 seconds)
+				604800     ; expire (1 week)
+				10800      ; minimum (3 hours)
+				)
+			NS	localhost.
+$ORIGIN domain3.local.
diff --git a/binder/tests/integration.py b/binder/tests/integration.py
index 812385b..3aca613 100644
--- a/binder/tests/integration.py
+++ b/binder/tests/integration.py
@@ -90,3 +90,14 @@ class Integration_Tests(TestCase):
         self.assertEqual(response.context["errors"], "Unable to list server zones. Error: <urlopen error [Errno 111] Connection refused>")
         dns_server.statistics_port = original_statistics_port
         dns_server.save()
+
+    def test_Integration_ZoneList_MissingTransferKey(self):
+        """Attempt to list a zone's records with missing TSIG key.
+        domain3.local should be configured to require a TSIG key
+        for transfers."""
+        dns_server = models.BindServer.objects.get(hostname="testserver1")
+        response = self.client.get("/info/testserver1/domain3.local/")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context["zone_name"], "domain3.local")
+        self.assertEqual(response.context["dns_server"], "testserver1")
+        self.assertRegexpMatches(str(response.context["errors"]), "Unable to perform AXFR to list zone records. Did you forget to specify a default transfer key?")