source: main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_authentication.py @ 7188

Last change on this file since 7188 was 7138, checked in by uli, 13 years ago

Add regression tests to ensure that password checking also works when
a student password is None or empty string.
  • Property svn:keywords set to Id
File size: 7.0 KB
Line 
1##
2## test_authentication.py
3## Login : <uli@pu.smp.net>
4## Started on  Fri Sep  2 15:25:56 2011 Uli Fouquet
5## $Id: test_authentication.py 7138 2011-11-19 13:08:05Z uli $
6##
7## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
8## This program is free software; you can redistribute it and/or modify
9## it under the terms of the GNU General Public License as published by
10## the Free Software Foundation; either version 2 of the License, or
11## (at your option) any later version.
12##
13## This program is distributed in the hope that it will be useful,
14## but WITHOUT ANY WARRANTY; without even the implied warranty of
15## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16## GNU General Public License for more details.
17##
18## You should have received a copy of the GNU General Public License
19## along with this program; if not, write to the Free Software
20## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21##
22import unittest
23from zope.authentication.interfaces import IAuthentication
24from zope.component import provideUtility, queryUtility, getGlobalSiteManager
25from zope.interface.verify import verifyClass, verifyObject
26from zope.password.password import SSHAPasswordManager
27from zope.password.interfaces import IPasswordManager
28from zope.pluggableauth import PluggableAuthentication
29from zope.security.interfaces import Unauthorized
30from zope.securitypolicy.role import Role
31from zope.securitypolicy.interfaces import IRole, Allow
32from waeup.sirp.authentication import get_principal_role_manager
33from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
34from waeup.sirp.students.authentication import (
35    StudentsAuthenticatorSetup, StudentAccount)
36from waeup.sirp.students.tests.test_browser import StudentsFullSetup
37from waeup.sirp.testing import FunctionalLayer
38
39class StudentsAuthenticatorSetupTests(unittest.TestCase):
40
41    def test_iface(self):
42        obj = StudentsAuthenticatorSetup()
43        verifyClass(IAuthPluginUtility, StudentsAuthenticatorSetup)
44        verifyObject(IAuthPluginUtility, obj)
45        return
46
47    def test_register(self):
48        # Make sure registration works.
49        setup = StudentsAuthenticatorSetup()
50        pau = PluggableAuthentication()
51        setup.register(pau)
52        self.assertTrue('students' in pau.authenticatorPlugins)
53        return
54
55    def test_unregister(self):
56        # Make sure deregistration works.
57        setup = StudentsAuthenticatorSetup()
58        pau = PluggableAuthentication()
59        pau.authenticatorPlugins = ('students')
60        setup.unregister(pau)
61        self.assertTrue('students' not in pau.authenticatorPlugins)
62        return
63
64
65class FakeStudent(object):
66    student_id = 'test_stud'
67    fullname = 'Test User'
68    password = None
69
70
71class MinimalPAU(PluggableAuthentication):
72    def getPrincipal(self, id):
73        return 'faked principal'
74
75class StudentAccountTests(unittest.TestCase):
76
77    def setUp(self):
78        self.fake_stud = FakeStudent()
79        self.account = StudentAccount(self.fake_stud)
80
81        # We provide a minimal PAU
82        pau = MinimalPAU()
83        provideUtility(pau, IAuthentication)
84
85        # We register a role
86        test_role = Role('waeup.test.Role', 'Testing Role')
87        provideUtility(test_role, IRole, name='waeup.test.Role')
88
89        # We have to setup a password manager utility manually as we
90        # have no functional test. In functional tests this would
91        # happen automatically, but it would take a lot more time to
92        # run the tests.
93        provideUtility(
94            SSHAPasswordManager(), IPasswordManager, 'SSHA')
95        return
96
97    def tearDown(self):
98        self.account.roles = [] # make sure roles are reset
99        gsm = getGlobalSiteManager()
100        to_clean = []
101        # Clear up utilities registered in setUp
102        to_clean.append(
103            (IPasswordManager, queryUtility(
104                    IPasswordManager, name='SSHA', default=None)))
105        to_clean.append(
106            (IAuthentication, queryUtility(IAuthentication, default=None)))
107        to_clean.append(
108            (IRole, queryUtility(IRole, name='test.Role', default=None)))
109        for iface, elem in to_clean:
110            if elem is not None:
111                gsm.unregisterUtility(elem, iface)
112        return
113
114    def test_iface(self):
115        verifyClass(IUserAccount, StudentAccount)
116        verifyObject(IUserAccount, self.account)
117        return
118
119    def test_set_password(self):
120        # make sure we can set a password.
121        self.account.setPassword('secret')
122        self.assertTrue(self.fake_stud.password is not None)
123        # we do not store plaintext passwords
124        self.assertTrue(self.fake_stud.password != 'secret')
125        # passwords are stored as unicode
126        self.assertTrue(isinstance(self.fake_stud.password, unicode))
127        return
128
129    def test_check_password(self):
130        # make sure we can check a password.
131        self.account.setPassword('secret')
132        result1 = self.account.checkPassword(None)
133        result2 = self.account.checkPassword('nonsense')
134        result3 = self.account.checkPassword('secret')
135        self.assertEqual(result1, False)
136        self.assertEqual(result2, False)
137        self.assertEqual(result3, True)
138        return
139
140    def test_check_unset_password(self):
141        # empty and unset passwords do not match anything
142        self.fake_stud.password = None
143        result1 = self.account.checkPassword('')
144        self.fake_stud.password = ''
145        result2 = self.account.checkPassword('')
146        self.assertEqual(result1, False)
147        self.assertEqual(result2, False)
148        return
149
150    def test_check_password_no_string(self):
151        # if passed in password is not a string, we gain no access
152        self.fake_stud.password = 'secret'
153        result1 = self.account.checkPassword(None)
154        result2 = self.account.checkPassword(object())
155        self.assertEqual(result1, False)
156        self.assertEqual(result2, False)
157        return
158
159    def test_role_set(self):
160        # make sure we can set roles for principals denoted by account
161        prm = get_principal_role_manager()
162        self.assertEqual(prm.getPrincipalsAndRoles(), [])
163        self.account.roles = ['waeup.test.Role']
164        self.assertEqual(
165            prm.getPrincipalsAndRoles(),
166            [('waeup.test.Role', 'test_stud', Allow)])
167        return
168
169    def test_role_get(self):
170        # make sure we can get roles set for an account
171        self.assertEqual(self.account.roles, [])
172        self.account.roles = ['waeup.test.Role',] # set a role
173        self.assertEqual(self.account.roles, ['waeup.test.Role'])
174        return
175
176
177
178class FunctionalStudentAuthTests(StudentsFullSetup):
179
180    layer = FunctionalLayer
181
182    def setUp(self):
183        super(FunctionalStudentAuthTests, self).setUp()
184        return
185
186    def tearDown(self):
187        super(FunctionalStudentAuthTests, self).tearDown()
188        return
189
190    def test_reset_protected_anonymous(self):
191        # anonymous users cannot reset others passwords
192        self.assertRaises(
193            Unauthorized,
194            self.browser.open, self.student_path + '/change_password')
195        return
Note: See TracBrowser for help on using the repository browser.