Changeset 14667
- Timestamp:
- 5 Apr 2017, 13:06:02 (8 years ago)
- Location:
- main/waeup.kofa/trunk/src/waeup/kofa
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/src/waeup/kofa/authentication.py
r13394 r14667 29 29 from zope.pluggableauth.factories import Principal 30 30 from zope.pluggableauth.plugins.session import SessionCredentialsPlugin 31 from zope.pluggableauth.plugins.httpplugins import ( 32 HTTPBasicAuthCredentialsPlugin) 31 33 from zope.pluggableauth.interfaces import ( 32 34 ICredentialsPlugin, IAuthenticatorPlugin, … … 50 52 Then looks for any external utilities that want to modify the PAU. 51 53 """ 52 pau.credentialsPlugins = ('No Challenge if Authenticated', 'credentials') 54 pau.credentialsPlugins = ( 55 'No Challenge if Authenticated', 56 'xmlrpc-credentials', 57 'credentials') 53 58 pau.authenticatorPlugins = ('users',) 54 59 … … 71 76 class KofaSessionCredentialsPlugin(grok.GlobalUtility, 72 77 SessionCredentialsPlugin): 78 """Session plugin that picks usernames/passwords from fields in webforms. 79 """ 73 80 grok.provides(ICredentialsPlugin) 74 81 grok.name('credentials') … … 77 84 loginfield = 'form.login' 78 85 passwordfield = 'form.password' 86 87 88 class KofaXMLRPCCredentialsPlugin( 89 grok.GlobalUtility, HTTPBasicAuthCredentialsPlugin): 90 """Plugin that picks useranams/passwords from basic-auth headers. 91 92 As XMLRPC requests send/post their authentication credentials in HTTP 93 basic-auth headers, we need a plugin that can handle this. 94 95 This plugin, however, does no challenging. If a user does not provide 96 basic-auth infos, we will not ask for some. This is correct as we plan to 97 communicate with machines. 98 99 This plugin is planned to be used in "PluggableAuthenitications" registered 100 with `University` instances. 101 """ 102 grok.provides(ICredentialsPlugin) 103 grok.name('xmlrpc-credentials') 104 105 def challenge(self, request): 106 """XMLRPC is for machines. No need to challenge. 107 """ 108 return False 109 110 def logout(self, request): 111 """Basic auth does not provide any logout possibility. 112 """ 113 return False 114 79 115 80 116 class KofaPrincipalInfo(object): -
main/waeup.kofa/trunk/src/waeup/kofa/tests/test_authentication.py
r10055 r14667 21 21 import unittest 22 22 from cStringIO import StringIO 23 from zope.component import getGlobalSiteManager 23 from zope.component import getGlobalSiteManager, queryUtility 24 24 from zope.component.hooks import setSite, clearSite 25 25 from zope.interface.verify import verifyClass, verifyObject 26 26 from zope.password.testing import setUpPasswordManagers 27 from zope.pluggableauth.interfaces import IAuthenticatorPlugin 27 from zope.pluggableauth import PluggableAuthentication 28 from zope.pluggableauth.interfaces import ( 29 IAuthenticatorPlugin, ICredentialsPlugin) 30 from zope.publisher.browser import TestRequest 28 31 from zope.securitypolicy.interfaces import IPrincipalRoleManager 29 32 from waeup.kofa.testing import FunctionalTestCase, FunctionalLayer 30 33 from waeup.kofa.authentication import ( 31 34 UserAuthenticatorPlugin, Account, KofaPrincipalInfo, FailedLoginInfo, 32 get_principal_role_manager, UsersPlugin,) 35 get_principal_role_manager, UsersPlugin, KofaXMLRPCCredentialsPlugin, 36 setup_authentication) 33 37 from waeup.kofa.interfaces import ( 34 IUserAccount, IFailedLoginInfo, IKofaPrincipalInfo, IKofaPluggable) 38 IAuthPluginUtility, IUserAccount, IFailedLoginInfo, IKofaPrincipalInfo, 39 IKofaPluggable) 40 35 41 36 42 class FakeSite(grok.Site, grok.Container): … … 39 45 # return getGlobalSiteManager() 40 46 pass 47 48 49 class FakeAuthPlugin(object): 50 def register(self, pau): 51 pau.credentialsPlugins += ('foo', ) 52 53 54 class Test_setup_authentication(FunctionalTestCase): 55 # Tests for the `setup_authentication` function 56 57 layer = FunctionalLayer 58 59 def tearDown(self): 60 # clean up registry. 61 gsm = getGlobalSiteManager() 62 for iface, name in ((IAuthPluginUtility, 'myauth'), ): 63 to_delete = queryUtility(iface, name=name) 64 if to_delete is not None: 65 gsm.unregisterUtility(provided=iface, name=name) 66 super(Test_setup_authentication, self).tearDown() 67 68 def test_plugins_are_registered(self): 69 # We can populate a PAU with (hardcoded set of) plugins 70 pau = PluggableAuthentication() 71 setup_authentication(pau) 72 for name in ( 73 'No Challenge if Authenticated', 74 'xmlrpc-credentials', 75 'credentials'): 76 assert name in pau.credentialsPlugins 77 for name in ('users', ): 78 assert name in pau.authenticatorPlugins 79 80 def test_external_plugins_are_registered(self): 81 # registered plugins are called as well 82 gsm = getGlobalSiteManager() 83 gsm.registerUtility( 84 MyFakeAuthPlugin(), IAuthPluginUtility, name='myauth') 85 pau = PluggableAuthentication() 86 setup_authentication(pau) 87 assert 'foo' in pau.credentialsPlugins 88 89 90 class KofaXMLRPCCredentialsPluginTests(FunctionalTestCase): 91 # Test for XMLRPC credentials plugin 92 93 layer = FunctionalLayer 94 95 def test_ifaces(self): 96 # we meet interface requirements 97 plugin = KofaXMLRPCCredentialsPlugin() 98 self.assertTrue( 99 verifyClass(ICredentialsPlugin, KofaXMLRPCCredentialsPlugin)) 100 101 def test_util_is_registered(self): 102 # we can query this named utility 103 util = queryUtility(ICredentialsPlugin, name='xmlrpc-credentials') 104 assert util is not None 105 106 def test_can_extract_creds(self): 107 # we can extract credentials from appropriate requests 108 req = TestRequest( 109 environ={'HTTP_AUTHORIZATION': u'Basic bWdyOm1ncnB3'}) 110 plugin = KofaXMLRPCCredentialsPlugin() 111 assert plugin.extractCredentials(req) == { 112 'login': 'mgr', 'password': 'mgrpw'} 113 114 def test_challenge_disabled(self): 115 # we will not challenge people 116 plugin = KofaXMLRPCCredentialsPlugin() 117 assert plugin.challenge(TestRequest()) is False 118 119 def test_logout_disabled(self): 120 # we do not support logging out. HTTP basic auth cannot do this. 121 plugin = KofaXMLRPCCredentialsPlugin() 122 assert plugin.logout(TestRequest()) is False 123 41 124 42 125 class UserAuthenticatorPluginTests(FunctionalTestCase):
Note: See TracChangeset for help on using the changeset viewer.