source: main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_authentication.py @ 8983

Last change on this file since 8983 was 8983, checked in by Henrik Bettermann, 12 years ago

Add boolean field 'suspended' to IStudent and IApplicant and extend authentication (checkPassword) slightly. Test will follow
  • Property svn:keywords set to Id
File size: 7.0 KB
Line 
1## $Id: test_authentication.py 8983 2012-07-12 11:43:12Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import unittest
19from zope.authentication.interfaces import IAuthentication
20from zope.component import provideUtility, queryUtility, getGlobalSiteManager
21from zope.interface.verify import verifyClass, verifyObject
22from zope.password.password import SSHAPasswordManager
23from zope.password.interfaces import IPasswordManager
24from zope.pluggableauth import PluggableAuthentication
25from zope.security.interfaces import Unauthorized
26from zope.securitypolicy.role import Role
27from zope.securitypolicy.interfaces import IRole, Allow
28from waeup.kofa.authentication import get_principal_role_manager
29from waeup.kofa.interfaces import IAuthPluginUtility, IUserAccount
30from waeup.kofa.students.authentication import (
31    StudentsAuthenticatorSetup, StudentAccount)
32from waeup.kofa.students.tests.test_browser import StudentsFullSetup
33from waeup.kofa.testing import FunctionalLayer
34
35class StudentsAuthenticatorSetupTests(unittest.TestCase):
36
37    def test_iface(self):
38        obj = StudentsAuthenticatorSetup()
39        verifyClass(IAuthPluginUtility, StudentsAuthenticatorSetup)
40        verifyObject(IAuthPluginUtility, obj)
41        return
42
43    def test_register(self):
44        # Make sure registration works.
45        setup = StudentsAuthenticatorSetup()
46        pau = PluggableAuthentication()
47        setup.register(pau)
48        self.assertTrue('students' in pau.authenticatorPlugins)
49        return
50
51    def test_unregister(self):
52        # Make sure deregistration works.
53        setup = StudentsAuthenticatorSetup()
54        pau = PluggableAuthentication()
55        pau.authenticatorPlugins = ('students')
56        setup.unregister(pau)
57        self.assertTrue('students' not in pau.authenticatorPlugins)
58        return
59
60
61class FakeStudent(object):
62    student_id = 'test_stud'
63    display_fullname = 'Test User'
64    password = None
65    email = None
66    phone = None
67    suspended = False
68
69
70class MinimalPAU(PluggableAuthentication):
71    def getPrincipal(self, id):
72        return 'faked principal'
73
74class StudentAccountTests(unittest.TestCase):
75
76    def setUp(self):
77        self.fake_stud = FakeStudent()
78        self.account = StudentAccount(self.fake_stud)
79
80        # We provide a minimal PAU
81        pau = MinimalPAU()
82        provideUtility(pau, IAuthentication)
83
84        # We register a role
85        test_role = Role('waeup.test.Role', 'Testing Role')
86        provideUtility(test_role, IRole, name='waeup.test.Role')
87
88        # We have to setup a password manager utility manually as we
89        # have no functional test. In functional tests this would
90        # happen automatically, but it would take a lot more time to
91        # run the tests.
92        provideUtility(
93            SSHAPasswordManager(), IPasswordManager, 'SSHA')
94        return
95
96    def tearDown(self):
97        self.account.roles = [] # make sure roles are reset
98        gsm = getGlobalSiteManager()
99        to_clean = []
100        # Clear up utilities registered in setUp
101        to_clean.append(
102            (IPasswordManager, queryUtility(
103                    IPasswordManager, name='SSHA', default=None)))
104        to_clean.append(
105            (IAuthentication, queryUtility(IAuthentication, default=None)))
106        to_clean.append(
107            (IRole, queryUtility(IRole, name='test.Role', default=None)))
108        for iface, elem in to_clean:
109            if elem is not None:
110                gsm.unregisterUtility(elem, iface)
111        return
112
113    def test_iface(self):
114        verifyClass(IUserAccount, StudentAccount)
115        verifyObject(IUserAccount, self.account)
116        return
117
118    def test_set_password(self):
119        # make sure we can set a password.
120        self.account.setPassword('secret')
121        self.assertTrue(self.fake_stud.password is not None)
122        # we do not store plaintext passwords
123        self.assertTrue(self.fake_stud.password != 'secret')
124        # passwords are stored as bytestreams
125        self.assertTrue(isinstance(self.fake_stud.password, basestring))
126        self.assertFalse(isinstance(self.fake_stud.password, unicode))
127        return
128
129    def test_check_password(self):
130        # make sure we can check a password.
131        self.account.setPassword('secret')
132        result1 = self.account.checkPassword(None)
133        result2 = self.account.checkPassword('nonsense')
134        result3 = self.account.checkPassword('secret')
135        self.assertEqual(result1, False)
136        self.assertEqual(result2, False)
137        self.assertEqual(result3, True)
138        return
139
140    def test_check_unset_password(self):
141        # empty and unset passwords do not match anything
142        self.fake_stud.password = None
143        result1 = self.account.checkPassword('')
144        self.fake_stud.password = ''
145        result2 = self.account.checkPassword('')
146        self.assertEqual(result1, False)
147        self.assertEqual(result2, False)
148        return
149
150    def test_check_password_no_string(self):
151        # if passed in password is not a string, we gain no access
152        self.fake_stud.password = 'secret'
153        result1 = self.account.checkPassword(None)
154        result2 = self.account.checkPassword(object())
155        self.assertEqual(result1, False)
156        self.assertEqual(result2, False)
157        return
158
159    def test_role_set(self):
160        # make sure we can set roles for principals denoted by account
161        prm = get_principal_role_manager()
162        self.assertEqual(prm.getPrincipalsAndRoles(), [])
163        self.account.roles = ['waeup.test.Role']
164        self.assertEqual(
165            prm.getPrincipalsAndRoles(),
166            [('waeup.test.Role', 'test_stud', Allow)])
167        return
168
169    def test_role_get(self):
170        # make sure we can get roles set for an account
171        self.assertEqual(self.account.roles, [])
172        self.account.roles = ['waeup.test.Role',] # set a role
173        self.assertEqual(self.account.roles, ['waeup.test.Role'])
174        return
175
176
177
178class FunctionalStudentAuthTests(StudentsFullSetup):
179
180    layer = FunctionalLayer
181
182    def setUp(self):
183        super(FunctionalStudentAuthTests, self).setUp()
184        return
185
186    def tearDown(self):
187        super(FunctionalStudentAuthTests, self).tearDown()
188        return
189
190    def test_reset_protected_anonymous(self):
191        # anonymous users cannot reset others passwords
192        self.assertRaises(
193            Unauthorized,
194            self.browser.open, self.student_path + '/change_password')
195        return
Note: See TracBrowser for help on using the repository browser.