Context navigation

test_authentication.py @ 16478

Last change on this file since 16478 was 14670, checked in by uli, 7 years ago

Add IKofaPluggable to update local PAU.

The new plugin enables updating of sites that have
yet no XMLRPC authentication enabled.

The plugin can be removed after updating all sites.

New sites (university-instances) do not need this
plugin at all.

Property svn:keywords set to Id

File size: 15.6 KB

Line
1	## $Id: test_authentication.py 14670 2017-04-06 12:20:41Z uli $
2	##
3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4	## This program is free software; you can redistribute it and/or modify
5	## it under the terms of the GNU General Public License as published by
6	## the Free Software Foundation; either version 2 of the License, or
7	## (at your option) any later version.
8	##
9	## This program is distributed in the hope that it will be useful,
10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	## GNU General Public License for more details.
13	##
14	## You should have received a copy of the GNU General Public License
15	## along with this program; if not, write to the Free Software
16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17	##
18	import grok
19	import logging
20	import time
21	import unittest
22	from cStringIO import StringIO
23	from zope.component import getGlobalSiteManager, queryUtility
24	from zope.component.hooks import setSite, clearSite
25	from zope.interface.verify import verifyClass, verifyObject
26	from zope.password.testing import setUpPasswordManagers
27	from zope.pluggableauth import PluggableAuthentication
28	from zope.pluggableauth.interfaces import (
29	IAuthenticatorPlugin, ICredentialsPlugin)
30	from zope.publisher.browser import TestRequest
31	from zope.securitypolicy.interfaces import IPrincipalRoleManager
32	from waeup.kofa.testing import FunctionalTestCase, FunctionalLayer
33	from waeup.kofa.app import University
34	from waeup.kofa.authentication import (
35	UserAuthenticatorPlugin, Account, KofaPrincipalInfo, FailedLoginInfo,
36	get_principal_role_manager, UsersPlugin, KofaXMLRPCCredentialsPlugin,
37	setup_authentication, UpdatePAUPlugin)
38	from waeup.kofa.interfaces import (
39	IAuthPluginUtility, IUserAccount, IFailedLoginInfo, IKofaPrincipalInfo,
40	IKofaPluggable)
41
42
43	class FakeSite(grok.Site, grok.Container):
44	#def getSiteManager(self):
45	# return None
46	# return getGlobalSiteManager()
47	pass
48
49
50	class FakeAuthPlugin(object):
51	def register(self, pau):
52	pau.credentialsPlugins += ('foo', )
53
54
55	class Test_setup_authentication(FunctionalTestCase):
56	# Tests for the `setup_authentication` function
57
58	layer = FunctionalLayer
59
60	def tearDown(self):
61	# clean up registry.
62	gsm = getGlobalSiteManager()
63	for iface, name in ((IAuthPluginUtility, 'myauth'), ):
64	to_delete = queryUtility(iface, name=name)
65	if to_delete is not None:
66	gsm.unregisterUtility(provided=iface, name=name)
67	super(Test_setup_authentication, self).tearDown()
68
69	def test_plugins_are_registered(self):
70	# We can populate a PAU with (hardcoded set of) plugins
71	pau = PluggableAuthentication()
72	setup_authentication(pau)
73	for name in (
74	'No Challenge if Authenticated',
75	'xmlrpc-credentials',
76	'credentials'):
77	assert name in pau.credentialsPlugins
78	for name in ('users', ):
79	assert name in pau.authenticatorPlugins
80
81	def test_external_plugins_are_registered(self):
82	# registered plugins are called as well
83	gsm = getGlobalSiteManager()
84	gsm.registerUtility(
85	FakeAuthPlugin(), IAuthPluginUtility, name='myauth')
86	pau = PluggableAuthentication()
87	setup_authentication(pau)
88	assert 'foo' in pau.credentialsPlugins
89
90
91	class KofaXMLRPCCredentialsPluginTests(FunctionalTestCase):
92	# Test for XMLRPC credentials plugin
93
94	layer = FunctionalLayer
95
96	def test_ifaces(self):
97	# we meet interface requirements
98	plugin = KofaXMLRPCCredentialsPlugin()
99	self.assertTrue(
100	verifyClass(ICredentialsPlugin, KofaXMLRPCCredentialsPlugin))
101
102	def test_util_is_registered(self):
103	# we can query this named utility
104	util = queryUtility(ICredentialsPlugin, name='xmlrpc-credentials')
105	assert util is not None
106
107	def test_can_extract_creds(self):
108	# we can extract credentials from appropriate requests
109	req = TestRequest(
110	environ={'HTTP_AUTHORIZATION': u'Basic bWdyOm1ncnB3'})
111	plugin = KofaXMLRPCCredentialsPlugin()
112	assert plugin.extractCredentials(req) == {
113	'login': 'mgr', 'password': 'mgrpw'}
114
115	def test_challenge_disabled(self):
116	# we will not challenge people
117	plugin = KofaXMLRPCCredentialsPlugin()
118	assert plugin.challenge(TestRequest()) is False
119
120	def test_logout_disabled(self):
121	# we do not support logging out. HTTP basic auth cannot do this.
122	plugin = KofaXMLRPCCredentialsPlugin()
123	assert plugin.logout(TestRequest()) is False
124
125
126	class UserAuthenticatorPluginTests(FunctionalTestCase):
127	# Must be functional because of various utility lookups and the like
128
129	layer = FunctionalLayer
130
131	def setUp(self):
132	super(UserAuthenticatorPluginTests, self).setUp()
133	self.getRootFolder()['app'] = FakeSite()
134	self.site = self.getRootFolder()['app']
135	self.site['users'] = {'bob': Account('bob', 'secret')}
136	setSite(self.site)
137	return
138
139	def tearDown(self):
140	super(UserAuthenticatorPluginTests, self).tearDown()
141	clearSite()
142	return
143
144	def test_ifaces(self):
145	# make sure, interfaces requirements are met
146	plugin = UserAuthenticatorPlugin()
147	plugin.__parent__ = None # This attribute is required by iface
148	self.assertTrue(
149	verifyClass(IAuthenticatorPlugin, UserAuthenticatorPlugin))
150	self.assertTrue(verifyObject(IAuthenticatorPlugin, plugin))
151	return
152
153	def test_authenticate_credentials(self):
154	# make sure authentication works as expected
155	plugin = UserAuthenticatorPlugin()
156	result1 = plugin.authenticateCredentials(
157	dict(login='bob', password='secret'))
158	result2 = plugin.authenticateCredentials(
159	dict(login='bob', password='nonsense'))
160	self.assertTrue(isinstance(result1, KofaPrincipalInfo))
161	self.assertTrue(result2 is None)
162	return
163
164	def test_principal_info(self):
165	# make sure we can get a principal info
166	plugin = UserAuthenticatorPlugin()
167	result1 = plugin.principalInfo('bob')
168	result2 = plugin.principalInfo('manfred')
169	self.assertTrue(isinstance(result1, KofaPrincipalInfo))
170	self.assertTrue(result2 is None)
171	return
172
173	def test_get_principal_role_manager(self):
174	# make sure we get different role managers for different situations
175	prm1 = get_principal_role_manager()
176	clearSite(None)
177	prm2 = get_principal_role_manager()
178	self.assertTrue(IPrincipalRoleManager.providedBy(prm1))
179	self.assertTrue(IPrincipalRoleManager.providedBy(prm2))
180	self.assertTrue(prm1._context is self.site)
181	self.assertTrue(hasattr(prm2, '_context') is False)
182	return
183
184	def make_failed_logins(self, num):
185	# do `num` failed logins and a valid one afterwards
186	del self.site['users']
187	self.site['users'] = {'bob': Account('bob', 'secret')}
188	plugin = UserAuthenticatorPlugin()
189	resultlist = []
190	# reset accounts
191	for x in range(num):
192	resultlist.append(plugin.authenticateCredentials(
193	dict(login='bob', password='wrongsecret')))
194	resultlist.append(plugin.authenticateCredentials(
195	dict(login='bob', password='secret')))
196	return resultlist
197
198	def DISABLED_test_failed_logins(self):
199	# after three failed logins, an account is blocked
200	# XXX: this tests authenticator with time penalty (currently
201	# disabled)
202	results = []
203	succ_principal = KofaPrincipalInfo(
204	id='bob',
205	title='bob',
206	description=None,
207	email=None,
208	phone=None,
209	public_name=None,
210	user_type=u'user')
211	for x in range(4):
212	results.append(self.make_failed_logins(x))
213	self.assertEqual(results[2], [None, None, succ_principal])
214	# last login was blocked although correctly entered due to
215	# time penalty
216	self.assertEqual(results[3], [None, None, None, None])
217	return
218
219	class KofaPrincipalInfoTests(unittest.TestCase):
220
221	def create_info(self):
222	return KofaPrincipalInfo(
223	id='bob',
224	title='bob',
225	description=None,
226	email=None,
227	phone=None,
228	public_name=None,
229	user_type=u'user')
230
231	def test_iface(self):
232	# make sure we implement the promised interfaces
233	info = self.create_info()
234	verifyClass(IKofaPrincipalInfo, KofaPrincipalInfo)
235	verifyObject(IKofaPrincipalInfo, info)
236	return
237
238	def test_equality(self):
239	# we can test two infos for equality
240	info1 = self.create_info()
241	info2 = self.create_info()
242	self.assertEqual(info1, info2)
243	self.assertTrue(info1 == info2)
244	info1.id = 'blah'
245	self.assertTrue(info1 != info2)
246	self.assertTrue((info1 == info2) is False)
247	info1.id = 'bob'
248	info2.id = 'blah'
249	self.assertTrue(info1 != info2)
250	self.assertTrue((info1 == info2) is False)
251	return
252
253	class FailedLoginInfoTests(unittest.TestCase):
254
255	def test_iface(self):
256	# make sure we fullfill the promised interfaces
257	info1 = FailedLoginInfo()
258	info2 = FailedLoginInfo(num=1, last=time.time())
259	self.assertTrue(
260	verifyClass(IFailedLoginInfo, FailedLoginInfo))
261	self.assertTrue(verifyObject(IFailedLoginInfo, info1))
262	# make sure the stored values have correct type if not None
263	self.assertTrue(verifyObject(IFailedLoginInfo, info2))
264	return
265
266	def test_default_values(self):
267	# By default we get 0, None
268	info = FailedLoginInfo()
269	self.assertEqual(info.num, 0)
270	self.assertEqual(info.last, None)
271	return
272
273	def test_set_values_by_attribute(self):
274	# we can set values by attribute
275	ts = time.gmtime(0)
276	info = FailedLoginInfo()
277	info.num = 5
278	info.last = ts
279	self.assertEqual(info.num, 5)
280	self.assertEqual(info.last, ts)
281	return
282
283	def test_set_values_by_constructor(self):
284	# we can set values by constructor args
285	ts = time.gmtime(0)
286	info = FailedLoginInfo(5, ts)
287	self.assertEqual(info.num, 5)
288	self.assertEqual(info.last, ts)
289	return
290
291	def test_set_values_by_keywords(self):
292	# we can set values by constructor keywords
293	ts = time.gmtime(0)
294	info = FailedLoginInfo(last=ts, num=3)
295	self.assertEqual(info.num, 3)
296	self.assertEqual(info.last, ts)
297	return
298
299	def test_as_tuple(self):
300	# we can get the info values as tuple
301	ts = time.gmtime(0)
302	info = FailedLoginInfo(last=ts, num=3)
303	self.assertEqual(info.as_tuple(), (3, ts))
304	return
305
306	def test_set_values(self):
307	# we can set the values of a an info instance
308	ts = time.time()
309	info = FailedLoginInfo()
310	info.set_values(num=3, last=ts)
311	self.assertEqual(info.num, 3)
312	self.assertEqual(info.last, ts)
313	return
314
315	def test_increase(self):
316	# we can increase the number of failed logins
317	ts1 = time.time()
318	info = FailedLoginInfo()
319	info.increase()
320	self.assertEqual(info.num, 1)
321	self.assertTrue(info.last > ts1)
322	ts2 = info.last
323	info.increase()
324	self.assertEqual(info.num, 2)
325	self.assertTrue(info.last > ts2)
326	return
327
328	def test_reset(self):
329	# we can reset failed login infos.
330	info = FailedLoginInfo()
331	info.increase()
332	info.reset()
333	self.assertEqual(info.num, 0)
334	self.assertEqual(info.last, None)
335	return
336
337	class AccountTests(unittest.TestCase):
338
339	def setUp(self):
340	setUpPasswordManagers()
341	return
342
343	def test_iface(self):
344	acct = Account('bob', 'mypasswd')
345	self.assertTrue(
346	verifyClass(IUserAccount, Account))
347	self.assertTrue(
348	verifyObject(IUserAccount, acct))
349	return
350
351	def test_failed_logins(self):
352	# we can retrieve infos about failed logins
353	ts = time.time()
354	acct = Account('bob', 'mypasswd')
355	self.assertTrue(hasattr(acct, 'failed_logins'))
356	acct.failed_logins.set_values(num=3, last=ts)
357	self.assertEqual(acct.failed_logins.last, ts)
358	self.assertEqual(acct.failed_logins.num, 3)
359	return
360
361	def test_failed_logins_per_inst(self):
362	# we get a different counter for each Account instance
363	acct1 = Account('bob', 'secret')
364	acct2 = Account('alice', 'alsosecret')
365	self.assertTrue(acct1.failed_logins is not acct2.failed_logins)
366	return
367
368	class FakeUserAccount(object):
369	pass
370
371
372	def get_logger():
373	logger = logging.getLogger('waeup.test')
374	stream = StringIO()
375	handler = logging.StreamHandler(stream)
376	logger.setLevel(logging.DEBUG)
377	logger.propagate = False
378	logger.addHandler(handler)
379	return logger, stream
380
381
382	class UsersPluginTests(unittest.TestCase):
383
384	def setUp(self):
385	setUpPasswordManagers()
386	self.site = FakeSite()
387	self.site['users'] = grok.Container()
388	return
389
390	def test_ifaces(self):
391	# make sure we implement the promised interfaces
392	plugin = UsersPlugin()
393	verifyClass(IKofaPluggable, UsersPlugin)
394	verifyObject(IKofaPluggable, plugin)
395	return
396
397	def test_update(self):
398	# make sure user accounts are updated properly.
399	plugin = UsersPlugin()
400	logger, stream = get_logger()
401	plugin.update(self.site, 'app', logger)
402	stream.seek(0)
403	self.assertEqual(stream.read(), '')
404	self.site['users']['bob'] = FakeUserAccount()
405	logger, stream = get_logger()
406	plugin.update(self.site, 'app', logger)
407	stream.seek(0)
408	log_content = stream.read()
409	self.assertTrue(hasattr(self.site['users']['bob'], 'description'))
410	self.assertTrue(hasattr(self.site['users']['bob'], 'failed_logins'))
411	self.assertTrue(
412	isinstance(self.site['users']['bob'].failed_logins,
413	FailedLoginInfo))
414	self.assertTrue('attribute description added' in log_content)
415	self.assertTrue('attribute failed_logins added' in log_content)
416	return
417
418
419	class TestUpdatePAUPlugin(FunctionalTestCase):
420
421	layer = FunctionalLayer
422
423	def setUp(self):
424	super(TestUpdatePAUPlugin, self).setUp()
425	self.getRootFolder()['app'] = University()
426	self.site = self.getRootFolder()['app']
427
428	def tearDown(self):
429	clearSite()
430	super(TestUpdatePAUPlugin, self).tearDown()
431
432	def get_pau(self):
433	# the PAU is registered as a local utility in local site manager.
434	# the name is derived from class name.
435	pau = self.site.getSiteManager()['PluggableAuthentication']
436	assert pau is not None
437	return pau
438
439	def test_update_outdated(self):
440	# we can update outdated sites.
441	plugin = UpdatePAUPlugin()
442	logger, stream = get_logger()
443	pau = self.get_pau()
444	pau.credentialsPlugins = ('foo', 'credentials', 'bar')
445	plugin.update(self.site, 'xmlrpc-credentials', logger)
446	assert 'xmlrpc-credentials' in pau.credentialsPlugins
447	assert pau.credentialsPlugins.index('xmlrpc-credentials') == 1
448
449	def test_update_uptodate(self):
450	# we cope with already updated sites.
451	plugin = UpdatePAUPlugin()
452	logger, stream = get_logger()
453	pau = self.get_pau()
454	pau.credentialsPlugins = ('foo', 'xmlrpc-credentials', 'bar')
455	plugin.update(self.site, 'xmlrpc-credentials', logger)
456	assert pau.credentialsPlugins.count('xmlrpc-credentials') == 1

Note: See TracBrowser for help on using the repository browser.

Context navigation

source: main/waeup.kofa/branches/henrik-transcript-workflow/src/waeup/kofa/tests/test_authentication.py @ 16478

Download in other formats: