| 1 | WAeUP portal authentication |
|---|
| 2 | *************************** |
|---|
| 3 | |
|---|
| 4 | :Test-Layer: functional |
|---|
| 5 | |
|---|
| 6 | We need to protect most pieces of our portals from unauthenticated |
|---|
| 7 | access. |
|---|
| 8 | |
|---|
| 9 | Therefore users have to login to access main functionality and they |
|---|
| 10 | are able to log out afterwards. |
|---|
| 11 | |
|---|
| 12 | Before we can check access we have to create an app: |
|---|
| 13 | |
|---|
| 14 | >>> from waeup.sirp.app import University |
|---|
| 15 | >>> root = getRootFolder() |
|---|
| 16 | >>> u = University() |
|---|
| 17 | >>> root['app'] = u |
|---|
| 18 | |
|---|
| 19 | To make sure, we can 'watch' pages, we first have to initialize our |
|---|
| 20 | test browser: |
|---|
| 21 | |
|---|
| 22 | >>> from zope.testbrowser.testing import Browser |
|---|
| 23 | >>> browser = Browser() |
|---|
| 24 | >>> browser.handleErrors = False |
|---|
| 25 | |
|---|
| 26 | Creating users (principals) |
|---|
| 27 | =========================== |
|---|
| 28 | |
|---|
| 29 | Before we can login, we have to provide a user (``principal`` in Zope |
|---|
| 30 | terms) with a password (and optional a title or description): |
|---|
| 31 | |
|---|
| 32 | >>> root['app']['users'].addUser('bob', 'bobsecret', |
|---|
| 33 | ... title='Bob', description='A sample user') |
|---|
| 34 | |
|---|
| 35 | We can also add complete `Account` objects. An `Account` stores the |
|---|
| 36 | user credentials and some metadata persistently: |
|---|
| 37 | |
|---|
| 38 | >>> from waeup.sirp.authentication import Account |
|---|
| 39 | >>> alice = Account('alice', 'alicesecret') |
|---|
| 40 | >>> root['app']['users'].addAccount(alice) |
|---|
| 41 | |
|---|
| 42 | See ``users.txt`` for details about the UserContainer we use here. |
|---|
| 43 | |
|---|
| 44 | |
|---|
| 45 | Logging in via side bar |
|---|
| 46 | ======================= |
|---|
| 47 | |
|---|
| 48 | We can access the front page without restrictions: |
|---|
| 49 | |
|---|
| 50 | >>> browser.open('http://localhost/app') |
|---|
| 51 | >>> print browser.headers['Status'] |
|---|
| 52 | 200 Ok |
|---|
| 53 | |
|---|
| 54 | We have to go to one of the login pages first: |
|---|
| 55 | |
|---|
| 56 | >>> browser.open('http://localhost/app/@@loginstaff') |
|---|
| 57 | >>> print browser.headers['Status'] |
|---|
| 58 | 200 Ok |
|---|
| 59 | |
|---|
| 60 | There is a login form on tis page: |
|---|
| 61 | |
|---|
| 62 | >>> 'form.login' in browser.contents |
|---|
| 63 | True |
|---|
| 64 | |
|---|
| 65 | >>> 'form.logout' in browser.contents |
|---|
| 66 | False |
|---|
| 67 | |
|---|
| 68 | We use this form: |
|---|
| 69 | |
|---|
| 70 | >>> browser.getControl(name='form.login').value = 'bob' |
|---|
| 71 | >>> browser.getControl(name='form.password').value = 'bobsecret' |
|---|
| 72 | >>> browser.getControl('Login').click() |
|---|
| 73 | |
|---|
| 74 | Now the login form is gone. Instead we have the opportunity to logout: |
|---|
| 75 | |
|---|
| 76 | >>> 'form.login' in browser.contents |
|---|
| 77 | False |
|---|
| 78 | |
|---|
| 79 | >>> logout = browser.getLink('Logout') |
|---|
| 80 | >>> logout |
|---|
| 81 | <Link text='Logout' url='http://localhost/app/@@logout'> |
|---|
| 82 | |
|---|
| 83 | The user title is also displayed in the sidebar: |
|---|
| 84 | |
|---|
| 85 | >>> 'Bob' in browser.contents |
|---|
| 86 | True |
|---|
| 87 | |
|---|
| 88 | We can also log out afterwards: |
|---|
| 89 | |
|---|
| 90 | >>> logout.click() |
|---|
| 91 | >>> print browser.contents |
|---|
| 92 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"... |
|---|
| 93 | ...Staff Login |
|---|
| 94 | ... |
|---|
| 95 | |
|---|
