Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt @ 6609

Last change on this file since 6609 was 6609, checked in by Henrik Bettermann, 13 years ago
Increase test coverage.
File size: 6.0 KB

Rev	Line
[4085]	1	WAeUP portal authentication
	2	***************************
	3
	4	:Test-Layer: functional
	5
	6	We need to protect most pieces of our portals from unauthenticated
	7	access.
	8
	9	Therefore users have to login to access main functionality and they
	10	are able to log out afterwards.
	11
	12	Before we can check access we have to create an app:
	13
[6180]	14	>>> from zope.component.hooks import setSite # only needed in tests
[4921]	15	>>> from waeup.sirp.app import University
[4085]	16	>>> root = getRootFolder()
	17	>>> u = University()
	18	>>> root['app'] = u
[6180]	19	>>> setSite(root['app']) # only needed in tests
[4085]	20
	21	To make sure, we can 'watch' pages, we first have to initialize our
	22	test browser:
	23
	24	>>> from zope.testbrowser.testing import Browser
	25	>>> browser = Browser()
	26	>>> browser.handleErrors = False
	27
[4092]	28	Creating users (principals)
	29	===========================
[4085]	30
[4092]	31	Before we can login, we have to provide a user (``principal`` in Zope
[4093]	32	terms) with a password (and optional a title or description):
[4092]	33
[4744]	34	>>> root['app']['users'].addUser('bob', 'bobsecret',
[4093]	35	... title='Bob', description='A sample user')
[4092]	36
	37	We can also add complete `Account` objects. An `Account` stores the
	38	user credentials and some metadata persistently:
	39
[4921]	40	>>> from waeup.sirp.authentication import Account
[4092]	41	>>> alice = Account('alice', 'alicesecret')
[4744]	42	>>> root['app']['users'].addAccount(alice)
[4092]	43
[4093]	44	See ``users.txt`` for details about the UserContainer we use here.
[4092]	45
[6180]	46	Users and local roles
	47	=====================
[4093]	48
[6180]	49	Accounts also hold infos about local roles assigned to a user. In the
	50	beginning, users have no local roles at all:
	51
	52	>>> alice.getLocalRoles()
	53	{}
	54
	55	But we can tell an account, that Alice got some role for a certain
	56	object:
	57
	58	>>> chalet = object()
	59	>>> root['app']['chalet'] = chalet
	60	>>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=True)
	61
	62	Now Alice is the Big Boss:
	63
	64	>>> alice.getLocalRoles()
	65	{'BigBoss': [<object object at 0x...>]}
	66
	67	When we do not want Alice to be the Big Boss we can tell that too:
	68
	69	>>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=False)
	70	>>> alice.getLocalRoles()
	71	{}
	72
	73	We can also use events to trigger such actions. This is recommended
	74	because we do not neccessarily know where Alice lives:
	75
	76	>>> from waeup.sirp.users import LocalRoleSetEvent
	77	>>> from zope.event import notify
	78	>>> notify(LocalRoleSetEvent(chalet, 'BigBoss', 'alice',
	79	... granted=True))
	80	>>> alice.getLocalRoles()
	81	{'BigBoss': [<object object at 0x...>]}
	82
	83	When objects are deleted, local roles are also deleted
	84	semi-magically. This happens through event subscribers listening to
	85	IObjectRemovedEvents. The latters are naturally only fired when ZODB
	86	stored objects are removed. Furthermore this subscriber reads the
	87	internal local roles table.
	88
	89	We create a faculty and grant Bob a local role:
	90
	91	>>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
	92	>>> from waeup.sirp.university.faculty import Faculty
	93	>>> faculty = Faculty()
	94	>>> root['app']['bobs_fac'] = faculty
	95	>>> role_manager = IPrincipalRoleManager(faculty)
	96	>>> role_manager.assignRoleToPrincipal(
	97	... 'waeup.PortalManager', 'bob')
	98
	99	We notify the machinery about that fact:
	100
	101	>>> notify(LocalRoleSetEvent(faculty, 'waeup.PortalManager', 'bob',
	102	... granted=True))
	103	>>> bob = root['app']['users']['bob']
	104	>>> bob.getLocalRoles()
	105	{'waeup.PortalManager': [<waeup.sirp...Faculty object at 0x...>]}
	106
	107	When we delete the faculty from ZODB, also Bobs roles are modified:
	108
	109	>>> del root['app']['bobs_fac']
	110	>>> bob.getLocalRoles()
	111	{}
	112
[6202]	113	If one notifies the machinery of a local role removal for an object
	114	that cannot have local roles, this will cause no trouble:
	115
	116	>>> mycontext = None #object()
	117	>>> notify(LocalRoleSetEvent(
	118	... mycontext, 'waeup.PortalManager', 'bob', granted=False
	119	... )) is None
	120	True
	121
[6203]	122	When an account get deleted, also the local roles of the owner get
	123	removed. Let's setup a local role for `alice`:
	124
	125	>>> faculty = Faculty()
	126	>>> root['app']['alice_fac'] = faculty
	127	>>> role_manager = IPrincipalRoleManager(faculty)
	128	>>> role_manager.assignRoleToPrincipal(
	129	... 'waeup.PortalManager', 'alice')
	130	>>> notify(LocalRoleSetEvent(faculty, 'waeup.PortalManager', 'alice',
	131	... granted=True))
	132
	133	The local role is set now:
	134
	135	>>> from zope.securitypolicy.interfaces import IPrincipalRoleMap
	136	>>> IPrincipalRoleMap(faculty).getPrincipalsAndRoles()
	137	[('waeup.PortalManager', 'alice', PermissionSetting: Allow)]
	138
	139	But when we delete Alices account from ZODB:
	140
	141	>>> del root['app']['users']['alice']
	142	>>> IPrincipalRoleMap(faculty).getPrincipalsAndRoles()
	143	[]
	144
	145	the local role has gone.
	146
	147
[4092]	148	Logging in via side bar
	149	=======================
	150
[4085]	151	We can access the front page without restrictions:
	152
	153	>>> browser.open('http://localhost/app')
	154	>>> print browser.headers['Status']
	155	200 Ok
	156
[5404]	157	We have to go to one of the login pages first:
[4086]	158
[6609]	159	>>> browser.open('http://localhost/app')
	160	>>> browser.getLink('Staff Login').click()
[5404]	161	>>> print browser.headers['Status']
	162	200 Ok
	163
	164	There is a login form on tis page:
	165
[4086]	166	>>> 'form.login' in browser.contents
	167	True
	168
[4093]	169	>>> 'form.logout' in browser.contents
	170	False
	171
[4086]	172	We use this form:
	173
[4093]	174	>>> browser.getControl(name='form.login').value = 'bob'
[6609]	175	>>> browser.getControl(name='form.password').value = 'invalidpw'
	176	>>> browser.getControl('Login').click()
	177	>>> 'You entered wrong credentials' in browser.contents
	178	True
	179
	180	>>> browser.getControl(name='form.login').value = 'bob'
[4093]	181	>>> browser.getControl(name='form.password').value = 'bobsecret'
[4086]	182	>>> browser.getControl('Login').click()
[4092]	183
[4093]	184	Now the login form is gone. Instead we have the opportunity to logout:
	185
	186	>>> 'form.login' in browser.contents
	187	False
	188
[4617]	189	>>> logout = browser.getLink('Logout')
	190	>>> logout
	191	<Link text='Logout' url='http://localhost/app/@@logout'>
[4093]	192
[4613]	193	The user title is also displayed in the sidebar:
[4093]	194
[4613]	195	>>> 'Bob' in browser.contents
[4094]	196	True
[4093]	197
[4094]	198	We can also log out afterwards:
	199
[4617]	200	>>> logout.click()
[5404]	201	>>> print browser.contents
	202	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
	203	...Staff Login
	204	...
[4094]	205

Note: See TracBrowser for help on using the repository browser.

Download in other formats: