source: main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_authentication.py @ 7206

Last change on this file since 7206 was 7193, checked in by Henrik Bettermann, 13 years ago

More copyright adjustments.
  • Property svn:keywords set to Id
File size: 6.9 KB
Line 
1## $Id: test_authentication.py 7193 2011-11-25 07:21:29Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import unittest
19from zope.authentication.interfaces import IAuthentication
20from zope.component import provideUtility, queryUtility, getGlobalSiteManager
21from zope.interface.verify import verifyClass, verifyObject
22from zope.password.password import SSHAPasswordManager
23from zope.password.interfaces import IPasswordManager
24from zope.pluggableauth import PluggableAuthentication
25from zope.security.interfaces import Unauthorized
26from zope.securitypolicy.role import Role
27from zope.securitypolicy.interfaces import IRole, Allow
28from waeup.sirp.authentication import get_principal_role_manager
29from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
30from waeup.sirp.students.authentication import (
31    StudentsAuthenticatorSetup, StudentAccount)
32from waeup.sirp.students.tests.test_browser import StudentsFullSetup
33from waeup.sirp.testing import FunctionalLayer
34
35class StudentsAuthenticatorSetupTests(unittest.TestCase):
36
37    def test_iface(self):
38        obj = StudentsAuthenticatorSetup()
39        verifyClass(IAuthPluginUtility, StudentsAuthenticatorSetup)
40        verifyObject(IAuthPluginUtility, obj)
41        return
42
43    def test_register(self):
44        # Make sure registration works.
45        setup = StudentsAuthenticatorSetup()
46        pau = PluggableAuthentication()
47        setup.register(pau)
48        self.assertTrue('students' in pau.authenticatorPlugins)
49        return
50
51    def test_unregister(self):
52        # Make sure deregistration works.
53        setup = StudentsAuthenticatorSetup()
54        pau = PluggableAuthentication()
55        pau.authenticatorPlugins = ('students')
56        setup.unregister(pau)
57        self.assertTrue('students' not in pau.authenticatorPlugins)
58        return
59
60
61class FakeStudent(object):
62    student_id = 'test_stud'
63    fullname = 'Test User'
64    password = None
65
66
67class MinimalPAU(PluggableAuthentication):
68    def getPrincipal(self, id):
69        return 'faked principal'
70
71class StudentAccountTests(unittest.TestCase):
72
73    def setUp(self):
74        self.fake_stud = FakeStudent()
75        self.account = StudentAccount(self.fake_stud)
76
77        # We provide a minimal PAU
78        pau = MinimalPAU()
79        provideUtility(pau, IAuthentication)
80
81        # We register a role
82        test_role = Role('waeup.test.Role', 'Testing Role')
83        provideUtility(test_role, IRole, name='waeup.test.Role')
84
85        # We have to setup a password manager utility manually as we
86        # have no functional test. In functional tests this would
87        # happen automatically, but it would take a lot more time to
88        # run the tests.
89        provideUtility(
90            SSHAPasswordManager(), IPasswordManager, 'SSHA')
91        return
92
93    def tearDown(self):
94        self.account.roles = [] # make sure roles are reset
95        gsm = getGlobalSiteManager()
96        to_clean = []
97        # Clear up utilities registered in setUp
98        to_clean.append(
99            (IPasswordManager, queryUtility(
100                    IPasswordManager, name='SSHA', default=None)))
101        to_clean.append(
102            (IAuthentication, queryUtility(IAuthentication, default=None)))
103        to_clean.append(
104            (IRole, queryUtility(IRole, name='test.Role', default=None)))
105        for iface, elem in to_clean:
106            if elem is not None:
107                gsm.unregisterUtility(elem, iface)
108        return
109
110    def test_iface(self):
111        verifyClass(IUserAccount, StudentAccount)
112        verifyObject(IUserAccount, self.account)
113        return
114
115    def test_set_password(self):
116        # make sure we can set a password.
117        self.account.setPassword('secret')
118        self.assertTrue(self.fake_stud.password is not None)
119        # we do not store plaintext passwords
120        self.assertTrue(self.fake_stud.password != 'secret')
121        # passwords are stored as unicode
122        self.assertTrue(isinstance(self.fake_stud.password, unicode))
123        return
124
125    def test_check_password(self):
126        # make sure we can check a password.
127        self.account.setPassword('secret')
128        result1 = self.account.checkPassword(None)
129        result2 = self.account.checkPassword('nonsense')
130        result3 = self.account.checkPassword('secret')
131        self.assertEqual(result1, False)
132        self.assertEqual(result2, False)
133        self.assertEqual(result3, True)
134        return
135
136    def test_check_unset_password(self):
137        # empty and unset passwords do not match anything
138        self.fake_stud.password = None
139        result1 = self.account.checkPassword('')
140        self.fake_stud.password = ''
141        result2 = self.account.checkPassword('')
142        self.assertEqual(result1, False)
143        self.assertEqual(result2, False)
144        return
145
146    def test_check_password_no_string(self):
147        # if passed in password is not a string, we gain no access
148        self.fake_stud.password = 'secret'
149        result1 = self.account.checkPassword(None)
150        result2 = self.account.checkPassword(object())
151        self.assertEqual(result1, False)
152        self.assertEqual(result2, False)
153        return
154
155    def test_role_set(self):
156        # make sure we can set roles for principals denoted by account
157        prm = get_principal_role_manager()
158        self.assertEqual(prm.getPrincipalsAndRoles(), [])
159        self.account.roles = ['waeup.test.Role']
160        self.assertEqual(
161            prm.getPrincipalsAndRoles(),
162            [('waeup.test.Role', 'test_stud', Allow)])
163        return
164
165    def test_role_get(self):
166        # make sure we can get roles set for an account
167        self.assertEqual(self.account.roles, [])
168        self.account.roles = ['waeup.test.Role',] # set a role
169        self.assertEqual(self.account.roles, ['waeup.test.Role'])
170        return
171
172
173
174class FunctionalStudentAuthTests(StudentsFullSetup):
175
176    layer = FunctionalLayer
177
178    def setUp(self):
179        super(FunctionalStudentAuthTests, self).setUp()
180        return
181
182    def tearDown(self):
183        super(FunctionalStudentAuthTests, self).tearDown()
184        return
185
186    def test_reset_protected_anonymous(self):
187        # anonymous users cannot reset others passwords
188        self.assertRaises(
189            Unauthorized,
190            self.browser.open, self.student_path + '/change_password')
191        return
Note: See TracBrowser for help on using the repository browser.