source: main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_authentication.py @ 7232

Last change on this file since 7232 was 7221, checked in by Henrik Bettermann, 13 years ago

Now we have a configuration object and can provide ContactAdminForm? with proper credentials for a smtp server.

Add Email address to IAccount objects so that 'From' fields in emails, sent by users, can be automatically filled.
  • Property svn:keywords set to Id
File size: 6.9 KB
Line 
1## $Id: test_authentication.py 7221 2011-11-27 06:50:43Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import unittest
19from zope.authentication.interfaces import IAuthentication
20from zope.component import provideUtility, queryUtility, getGlobalSiteManager
21from zope.interface.verify import verifyClass, verifyObject
22from zope.password.password import SSHAPasswordManager
23from zope.password.interfaces import IPasswordManager
24from zope.pluggableauth import PluggableAuthentication
25from zope.security.interfaces import Unauthorized
26from zope.securitypolicy.role import Role
27from zope.securitypolicy.interfaces import IRole, Allow
28from waeup.sirp.authentication import get_principal_role_manager
29from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
30from waeup.sirp.students.authentication import (
31    StudentsAuthenticatorSetup, StudentAccount)
32from waeup.sirp.students.tests.test_browser import StudentsFullSetup
33from waeup.sirp.testing import FunctionalLayer
34
35class StudentsAuthenticatorSetupTests(unittest.TestCase):
36
37    def test_iface(self):
38        obj = StudentsAuthenticatorSetup()
39        verifyClass(IAuthPluginUtility, StudentsAuthenticatorSetup)
40        verifyObject(IAuthPluginUtility, obj)
41        return
42
43    def test_register(self):
44        # Make sure registration works.
45        setup = StudentsAuthenticatorSetup()
46        pau = PluggableAuthentication()
47        setup.register(pau)
48        self.assertTrue('students' in pau.authenticatorPlugins)
49        return
50
51    def test_unregister(self):
52        # Make sure deregistration works.
53        setup = StudentsAuthenticatorSetup()
54        pau = PluggableAuthentication()
55        pau.authenticatorPlugins = ('students')
56        setup.unregister(pau)
57        self.assertTrue('students' not in pau.authenticatorPlugins)
58        return
59
60
61class FakeStudent(object):
62    student_id = 'test_stud'
63    fullname = 'Test User'
64    password = None
65    email = None
66
67
68class MinimalPAU(PluggableAuthentication):
69    def getPrincipal(self, id):
70        return 'faked principal'
71
72class StudentAccountTests(unittest.TestCase):
73
74    def setUp(self):
75        self.fake_stud = FakeStudent()
76        self.account = StudentAccount(self.fake_stud)
77
78        # We provide a minimal PAU
79        pau = MinimalPAU()
80        provideUtility(pau, IAuthentication)
81
82        # We register a role
83        test_role = Role('waeup.test.Role', 'Testing Role')
84        provideUtility(test_role, IRole, name='waeup.test.Role')
85
86        # We have to setup a password manager utility manually as we
87        # have no functional test. In functional tests this would
88        # happen automatically, but it would take a lot more time to
89        # run the tests.
90        provideUtility(
91            SSHAPasswordManager(), IPasswordManager, 'SSHA')
92        return
93
94    def tearDown(self):
95        self.account.roles = [] # make sure roles are reset
96        gsm = getGlobalSiteManager()
97        to_clean = []
98        # Clear up utilities registered in setUp
99        to_clean.append(
100            (IPasswordManager, queryUtility(
101                    IPasswordManager, name='SSHA', default=None)))
102        to_clean.append(
103            (IAuthentication, queryUtility(IAuthentication, default=None)))
104        to_clean.append(
105            (IRole, queryUtility(IRole, name='test.Role', default=None)))
106        for iface, elem in to_clean:
107            if elem is not None:
108                gsm.unregisterUtility(elem, iface)
109        return
110
111    def test_iface(self):
112        verifyClass(IUserAccount, StudentAccount)
113        verifyObject(IUserAccount, self.account)
114        return
115
116    def test_set_password(self):
117        # make sure we can set a password.
118        self.account.setPassword('secret')
119        self.assertTrue(self.fake_stud.password is not None)
120        # we do not store plaintext passwords
121        self.assertTrue(self.fake_stud.password != 'secret')
122        # passwords are stored as unicode
123        self.assertTrue(isinstance(self.fake_stud.password, unicode))
124        return
125
126    def test_check_password(self):
127        # make sure we can check a password.
128        self.account.setPassword('secret')
129        result1 = self.account.checkPassword(None)
130        result2 = self.account.checkPassword('nonsense')
131        result3 = self.account.checkPassword('secret')
132        self.assertEqual(result1, False)
133        self.assertEqual(result2, False)
134        self.assertEqual(result3, True)
135        return
136
137    def test_check_unset_password(self):
138        # empty and unset passwords do not match anything
139        self.fake_stud.password = None
140        result1 = self.account.checkPassword('')
141        self.fake_stud.password = ''
142        result2 = self.account.checkPassword('')
143        self.assertEqual(result1, False)
144        self.assertEqual(result2, False)
145        return
146
147    def test_check_password_no_string(self):
148        # if passed in password is not a string, we gain no access
149        self.fake_stud.password = 'secret'
150        result1 = self.account.checkPassword(None)
151        result2 = self.account.checkPassword(object())
152        self.assertEqual(result1, False)
153        self.assertEqual(result2, False)
154        return
155
156    def test_role_set(self):
157        # make sure we can set roles for principals denoted by account
158        prm = get_principal_role_manager()
159        self.assertEqual(prm.getPrincipalsAndRoles(), [])
160        self.account.roles = ['waeup.test.Role']
161        self.assertEqual(
162            prm.getPrincipalsAndRoles(),
163            [('waeup.test.Role', 'test_stud', Allow)])
164        return
165
166    def test_role_get(self):
167        # make sure we can get roles set for an account
168        self.assertEqual(self.account.roles, [])
169        self.account.roles = ['waeup.test.Role',] # set a role
170        self.assertEqual(self.account.roles, ['waeup.test.Role'])
171        return
172
173
174
175class FunctionalStudentAuthTests(StudentsFullSetup):
176
177    layer = FunctionalLayer
178
179    def setUp(self):
180        super(FunctionalStudentAuthTests, self).setUp()
181        return
182
183    def tearDown(self):
184        super(FunctionalStudentAuthTests, self).tearDown()
185        return
186
187    def test_reset_protected_anonymous(self):
188        # anonymous users cannot reset others passwords
189        self.assertRaises(
190            Unauthorized,
191            self.browser.open, self.student_path + '/change_password')
192        return
Note: See TracBrowser for help on using the repository browser.