source: main/waeup.sirp/branches/ulif-paster/src/waeup/sirp/authentication.txt @ 10809

Last change on this file since 10809 was 5404, checked in by Henrik Bettermann, 14 years ago

Display login links on every page if logged out. Change the test accordingly.

File size: 2.4 KB
Line 
1WAeUP portal authentication
2***************************
3
4:Test-Layer: functional
5
6We need to protect most pieces of our portals from unauthenticated
7access.
8
9Therefore users have to login to access main functionality and they
10are able to log out afterwards.
11
12Before we can check access we have to create an app:
13
14  >>> from waeup.sirp.app import University
15  >>> root = getRootFolder()
16  >>> u = University()
17  >>> root['app'] = u
18
19To make sure, we can 'watch' pages, we first have to initialize our
20test browser:
21
22  >>> from zope.testbrowser.testing import Browser
23  >>> browser = Browser()
24  >>> browser.handleErrors = False
25
26Creating users (principals)
27===========================
28
29Before we can login, we have to provide a user (``principal`` in Zope
30terms) with a password (and optional a title or description):
31
32  >>> root['app']['users'].addUser('bob', 'bobsecret',
33  ...                           title='Bob', description='A sample user')
34
35We can also add complete `Account` objects. An `Account` stores the
36user credentials and some metadata persistently:
37
38  >>> from waeup.sirp.authentication import Account
39  >>> alice = Account('alice', 'alicesecret')
40  >>> root['app']['users'].addAccount(alice)
41
42See ``users.txt`` for details about the UserContainer we use here.
43
44
45Logging in via side bar
46=======================
47
48We can access the front page without restrictions:
49
50  >>> browser.open('http://localhost/app')
51  >>> print browser.headers['Status']
52  200 Ok
53
54We have to go to one of the login pages first:
55
56  >>> browser.open('http://localhost/app/@@loginstaff')
57  >>> print browser.headers['Status']
58  200 Ok
59
60There is a login form on tis page:
61
62  >>> 'form.login' in browser.contents
63  True
64
65  >>> 'form.logout' in browser.contents
66  False
67
68We use this form:
69
70  >>> browser.getControl(name='form.login').value = 'bob'
71  >>> browser.getControl(name='form.password').value = 'bobsecret'
72  >>> browser.getControl('Login').click()
73
74Now the login form is gone. Instead we have the opportunity to logout:
75
76  >>> 'form.login' in browser.contents
77  False
78
79  >>> logout = browser.getLink('Logout')
80  >>> logout
81  <Link text='Logout' url='http://localhost/app/@@logout'>
82
83The user title is also displayed in the sidebar:
84
85  >>> 'Bob' in browser.contents
86  True
87
88We can also log out afterwards:
89
90  >>> logout.click()
91  >>> print browser.contents
92  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
93  ...Staff Login
94  ...
95
Note: See TracBrowser for help on using the repository browser.