source: main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt @ 5902

Last change on this file since 5902 was 5404, checked in by Henrik Bettermann, 14 years ago

Display login links on every page if logged out. Change the test accordingly.

File size: 2.4 KB
RevLine 
[4085]1WAeUP portal authentication
2***************************
3
4:Test-Layer: functional
5
6We need to protect most pieces of our portals from unauthenticated
7access.
8
9Therefore users have to login to access main functionality and they
10are able to log out afterwards.
11
12Before we can check access we have to create an app:
13
[4921]14  >>> from waeup.sirp.app import University
[4085]15  >>> root = getRootFolder()
16  >>> u = University()
17  >>> root['app'] = u
18
19To make sure, we can 'watch' pages, we first have to initialize our
20test browser:
21
22  >>> from zope.testbrowser.testing import Browser
23  >>> browser = Browser()
24  >>> browser.handleErrors = False
25
[4092]26Creating users (principals)
27===========================
[4085]28
[4092]29Before we can login, we have to provide a user (``principal`` in Zope
[4093]30terms) with a password (and optional a title or description):
[4092]31
[4744]32  >>> root['app']['users'].addUser('bob', 'bobsecret',
[4093]33  ...                           title='Bob', description='A sample user')
[4092]34
35We can also add complete `Account` objects. An `Account` stores the
36user credentials and some metadata persistently:
37
[4921]38  >>> from waeup.sirp.authentication import Account
[4092]39  >>> alice = Account('alice', 'alicesecret')
[4744]40  >>> root['app']['users'].addAccount(alice)
[4092]41
[4093]42See ``users.txt`` for details about the UserContainer we use here.
[4092]43
[4093]44
[4092]45Logging in via side bar
46=======================
47
[4085]48We can access the front page without restrictions:
49
50  >>> browser.open('http://localhost/app')
51  >>> print browser.headers['Status']
52  200 Ok
53
[5404]54We have to go to one of the login pages first:
[4086]55
[5404]56  >>> browser.open('http://localhost/app/@@loginstaff')
57  >>> print browser.headers['Status']
58  200 Ok
59
60There is a login form on tis page:
61
[4086]62  >>> 'form.login' in browser.contents
63  True
64
[4093]65  >>> 'form.logout' in browser.contents
66  False
67
[4086]68We use this form:
69
[4093]70  >>> browser.getControl(name='form.login').value = 'bob'
71  >>> browser.getControl(name='form.password').value = 'bobsecret'
[4086]72  >>> browser.getControl('Login').click()
[4092]73
[4093]74Now the login form is gone. Instead we have the opportunity to logout:
75
76  >>> 'form.login' in browser.contents
77  False
78
[4617]79  >>> logout = browser.getLink('Logout')
80  >>> logout
81  <Link text='Logout' url='http://localhost/app/@@logout'>
[4093]82
[4613]83The user title is also displayed in the sidebar:
[4093]84
[4613]85  >>> 'Bob' in browser.contents
[4094]86  True
[4093]87
[4094]88We can also log out afterwards:
89
[4617]90  >>> logout.click()
[5404]91  >>> print browser.contents
92  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
93  ...Staff Login
94  ...
[4094]95
Note: See TracBrowser for help on using the repository browser.