source: main/waeup.ikoba/trunk/src/waeup/ikoba/authentication.txt @ 12057

Last change on this file since 12057 was 11954, checked in by Henrik Bettermann, 10 years ago

Remove tools.

rename institution company.

Remove some apis from docs.
File size: 4.4 KB
Line 
1Ikoba authentication
2*******************
3
4We need to protect most pieces of our portals from unauthenticated
5access.
6
7Therefore users have to login to access main functionality and they
8are able to log out afterwards.
9
10Before we can check access we have to create an app:
11
12  >>> from zope.component.hooks import setSite # only needed in tests
13  >>> from waeup.ikoba.app import Company
14  >>> root = getRootFolder()
15  >>> u = Company()
16  >>> root['app'] = u
17  >>> setSite(root['app'])                     # only needed in tests
18
19To make sure, we can 'watch' pages, we first have to initialize our
20test browser:
21
22  >>> from zope.testbrowser.testing import Browser
23  >>> browser = Browser()
24  >>> browser.handleErrors = False
25
26Creating users (principals)
27===========================
28
29Before we can login, we have to provide a user (``principal`` in Zope
30terms) with a password (and optional a title or description):
31
32  >>> root['app']['users'].addUser('bob', 'bobsecret',
33  ...                           title='Bob', description='A sample user')
34
35We can also add complete `Account` objects. An `Account` stores the
36user credentials and some metadata persistently:
37
38  >>> from waeup.ikoba.authentication import Account
39  >>> alice = Account('alice', 'alicesecret',roles=['waeup.ManageDataCenter'])
40  >>> root['app']['users'].addAccount(alice)
41
42See ``userscontainer.txt`` for details about the UsersContainer we use here.
43
44Users and local roles
45=====================
46
47Accounts also hold infos about local roles assigned to a user. In the
48beginning, users have the local owner role of their own account object:
49
50  >>> alice.getLocalRoles()
51  {'waeup.local.Owner': [<waeup.ikoba.authentication.Account object at 0x...>]}
52
53User  automatically get the global ProductsOfficer role:
54
55  >>> alice.getSiteRolesForPrincipal()
56  ['waeup.ManageDataCenter', 'waeup.ProductsOfficer']
57
58We can tell an account, that Alice got some role for another object:
59
60  >>> chalet = object()
61  >>> root['app']['chalet'] = chalet
62  >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=True)
63
64Now Alice is the Big Boss:
65
66  >>> alice.getLocalRoles()
67  {'BigBoss': [<object object at 0x...>]}
68
69When we do not want Alice to be the Big Boss we can tell that too:
70
71  >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=False)
72  >>> alice.getLocalRoles()
73  {'waeup.local.Owner': [<waeup.ikoba.authentication.Account object at 0x...>]}
74
75We can also use events to trigger such actions. This is recommended
76because we do not neccessarily know where Alice lives:
77
78  >>> from waeup.ikoba.authentication import LocalRoleSetEvent
79  >>> from zope.event import notify
80  >>> notify(LocalRoleSetEvent(chalet, 'BigBoss', 'alice',
81  ...                          granted=True))
82  >>> alice.getLocalRoles()
83  {'BigBoss': [<object object at 0x...>]}
84
85When objects are deleted, local roles are also deleted
86semi-magically. This happens through event subscribers listening to
87IObjectRemovedEvents. The latters are naturally only fired when ZODB
88stored objects are removed. Furthermore this subscriber reads the
89internal local roles table.
90
91
92Logging in via side bar
93=======================
94
95We can access the front page without restrictions:
96
97  >>> browser.open('http://localhost/app')
98  >>> print browser.headers['Status']
99  200 Ok
100
101We have to go to one of the login pages first:
102
103  >>> browser.open('http://localhost/app')
104  >>> browser.getLink('Login').click()
105  >>> print browser.headers['Status']
106  200 Ok
107
108There is a login form on tis page:
109
110  >>> 'form.login' in browser.contents
111  True
112
113  >>> 'form.logout' in browser.contents
114  False
115
116We use this form:
117
118  >>> browser.getControl(name='form.login').value = 'bob'
119  >>> browser.getControl(name='form.password').value = 'invalidpw'
120  >>> browser.getControl('Login').click()
121  >>> 'You entered invalid credentials' in browser.contents
122  True
123
124  >>> browser.getControl(name='form.login').value = 'bob'
125  >>> browser.getControl(name='form.password').value = 'bobsecret'
126  >>> browser.getControl('Login').click()
127
128Now the login form is gone. Instead we have the opportunity to logout:
129
130  >>> 'form.login' in browser.contents
131  False
132
133  >>> logout = browser.getLink('Logout')
134  >>> logout
135  <Link text='Logout' url='http://localhost/app/@@logout'>
136
137The user title is also displayed in the sidebar:
138
139  >>> 'Bob' in browser.contents
140  True
141
142We can also log out afterwards:
143
144  >>> logout.click()
145  >>> print browser.contents
146  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
147  ...Login
148  ...
149
Note: See TracBrowser for help on using the repository browser.