source: main/waeup.kofa/branches/uli-zc-async/src/waeup/kofa/students/tests/test_authentication.py @ 10009

Last change on this file since 10009 was 9211, checked in by uli, 12 years ago

Rollback r9209. Looks like multiple merges from trunk confuse svn when merging back into trunk.

  • Property svn:keywords set to Id
File size: 7.0 KB
Line 
1## $Id: test_authentication.py 9211 2012-09-21 08:19:35Z uli $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import unittest
19from zope.authentication.interfaces import IAuthentication
20from zope.component import provideUtility, queryUtility, getGlobalSiteManager
21from zope.interface.verify import verifyClass, verifyObject
22from zope.password.password import SSHAPasswordManager
23from zope.password.interfaces import IPasswordManager
24from zope.pluggableauth import PluggableAuthentication
25from zope.security.interfaces import Unauthorized
26from zope.securitypolicy.role import Role
27from zope.securitypolicy.interfaces import IRole, Allow
28from waeup.kofa.authentication import get_principal_role_manager
29from waeup.kofa.interfaces import IAuthPluginUtility, IUserAccount
30from waeup.kofa.students.authentication import (
31    StudentsAuthenticatorSetup, StudentAccount)
32from waeup.kofa.students.tests.test_browser import StudentsFullSetup
33from waeup.kofa.testing import FunctionalLayer
34
35class StudentsAuthenticatorSetupTests(unittest.TestCase):
36
37    def test_iface(self):
38        obj = StudentsAuthenticatorSetup()
39        verifyClass(IAuthPluginUtility, StudentsAuthenticatorSetup)
40        verifyObject(IAuthPluginUtility, obj)
41        return
42
43    def test_register(self):
44        # Make sure registration works.
45        setup = StudentsAuthenticatorSetup()
46        pau = PluggableAuthentication()
47        setup.register(pau)
48        self.assertTrue('students' in pau.authenticatorPlugins)
49        return
50
51    def test_unregister(self):
52        # Make sure deregistration works.
53        setup = StudentsAuthenticatorSetup()
54        pau = PluggableAuthentication()
55        pau.authenticatorPlugins = ('students')
56        setup.unregister(pau)
57        self.assertTrue('students' not in pau.authenticatorPlugins)
58        return
59
60
61class FakeStudent(object):
62    student_id = 'test_stud'
63    display_fullname = 'Test User'
64    password = None
65    email = None
66    phone = None
67
68
69class MinimalPAU(PluggableAuthentication):
70    def getPrincipal(self, id):
71        return 'faked principal'
72
73class StudentAccountTests(unittest.TestCase):
74
75    def setUp(self):
76        self.fake_stud = FakeStudent()
77        self.account = StudentAccount(self.fake_stud)
78
79        # We provide a minimal PAU
80        pau = MinimalPAU()
81        provideUtility(pau, IAuthentication)
82
83        # We register a role
84        test_role = Role('waeup.test.Role', 'Testing Role')
85        provideUtility(test_role, IRole, name='waeup.test.Role')
86
87        # We have to setup a password manager utility manually as we
88        # have no functional test. In functional tests this would
89        # happen automatically, but it would take a lot more time to
90        # run the tests.
91        provideUtility(
92            SSHAPasswordManager(), IPasswordManager, 'SSHA')
93        return
94
95    def tearDown(self):
96        self.account.roles = [] # make sure roles are reset
97        gsm = getGlobalSiteManager()
98        to_clean = []
99        # Clear up utilities registered in setUp
100        to_clean.append(
101            (IPasswordManager, queryUtility(
102                    IPasswordManager, name='SSHA', default=None)))
103        to_clean.append(
104            (IAuthentication, queryUtility(IAuthentication, default=None)))
105        to_clean.append(
106            (IRole, queryUtility(IRole, name='test.Role', default=None)))
107        for iface, elem in to_clean:
108            if elem is not None:
109                gsm.unregisterUtility(elem, iface)
110        return
111
112    def test_iface(self):
113        verifyClass(IUserAccount, StudentAccount)
114        verifyObject(IUserAccount, self.account)
115        return
116
117    def test_set_password(self):
118        # make sure we can set a password.
119        self.account.setPassword('secret')
120        self.assertTrue(self.fake_stud.password is not None)
121        # we do not store plaintext passwords
122        self.assertTrue(self.fake_stud.password != 'secret')
123        # passwords are stored as bytestreams
124        self.assertTrue(isinstance(self.fake_stud.password, basestring))
125        self.assertFalse(isinstance(self.fake_stud.password, unicode))
126        return
127
128    def test_check_password(self):
129        # make sure we can check a password.
130        self.account.setPassword('secret')
131        result1 = self.account.checkPassword(None)
132        result2 = self.account.checkPassword('nonsense')
133        result3 = self.account.checkPassword('secret')
134        self.assertEqual(result1, False)
135        self.assertEqual(result2, False)
136        self.assertEqual(result3, True)
137        return
138
139    def test_check_unset_password(self):
140        # empty and unset passwords do not match anything
141        self.fake_stud.password = None
142        result1 = self.account.checkPassword('')
143        self.fake_stud.password = ''
144        result2 = self.account.checkPassword('')
145        self.assertEqual(result1, False)
146        self.assertEqual(result2, False)
147        return
148
149    def test_check_password_no_string(self):
150        # if passed in password is not a string, we gain no access
151        self.fake_stud.password = 'secret'
152        result1 = self.account.checkPassword(None)
153        result2 = self.account.checkPassword(object())
154        self.assertEqual(result1, False)
155        self.assertEqual(result2, False)
156        return
157
158    def test_role_set(self):
159        # make sure we can set roles for principals denoted by account
160        prm = get_principal_role_manager()
161        self.assertEqual(prm.getPrincipalsAndRoles(), [])
162        self.account.roles = ['waeup.test.Role']
163        self.assertEqual(
164            prm.getPrincipalsAndRoles(),
165            [('waeup.test.Role', 'test_stud', Allow)])
166        return
167
168    def test_role_get(self):
169        # make sure we can get roles set for an account
170        self.assertEqual(self.account.roles, [])
171        self.account.roles = ['waeup.test.Role',] # set a role
172        self.assertEqual(self.account.roles, ['waeup.test.Role'])
173        return
174
175
176
177class FunctionalStudentAuthTests(StudentsFullSetup):
178
179    layer = FunctionalLayer
180
181    def setUp(self):
182        super(FunctionalStudentAuthTests, self).setUp()
183        return
184
185    def tearDown(self):
186        super(FunctionalStudentAuthTests, self).tearDown()
187        return
188
189    def test_reset_protected_anonymous(self):
190        # anonymous users cannot reset others passwords
191        self.assertRaises(
192            Unauthorized,
193            self.browser.open, self.student_path + '/change_password')
194        return
Note: See TracBrowser for help on using the repository browser.