Changeset 6680
- Timestamp:
- 4 Sep 2011, 23:35:58 (13 years ago)
- Location:
- main/waeup.sirp/trunk/src/waeup/sirp/students
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py
r6674 r6680 27 27 from zope.password.interfaces import IPasswordManager 28 28 from zope.pluggableauth.interfaces import IAuthenticatorPlugin 29 from waeup.sirp.authentication import PrincipalInfo 29 from waeup.sirp.authentication import PrincipalInfo, get_principal_role_manager 30 30 from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount 31 31 from waeup.sirp.students.interfaces import IStudent … … 53 53 return self.title 54 54 55 @property 56 def roles(self): 57 return getattr(self.context, 'roles', None) 55 def _get_roles(self): 56 prm = get_principal_role_manager() 57 roles = [x[0] for x in prm.getRolesForPrincipal(self.name) 58 if x[0].startswith('waeup.')] 59 return roles 60 61 def _set_roles(self, roles): 62 """Set roles for principal denoted by this account. 63 """ 64 prm = get_principal_role_manager() 65 old_roles = self.roles 66 for role in old_roles: 67 # Remove old roles, not to be set now... 68 if role.startswith('waeup.') and role not in roles: 69 prm.unsetRoleForPrincipal(role, self.name) 70 for role in roles: 71 prm.assignRoleToPrincipal(role, self.name) 72 return 73 74 roles = property(_get_roles, _set_roles) 58 75 59 76 def setPassword(self, password): 60 77 """Set a password (LDAP-compatible) SSHA encoded. 61 78 62 We do not store passwords in plaintext. 79 We do not store passwords in plaintext. Encrypted password is 80 stored as unicode string. 63 81 """ 64 82 passwordmanager = getUtility(IPasswordManager, 'SSHA') 65 self.context.password = passwordmanager.encodePassword(password) 83 self.context.password = u'%s' % ( 84 passwordmanager.encodePassword(password)) 66 85 67 86 def checkPassword(self, password): … … 71 90 return False 72 91 passwordmanager = getUtility(IPasswordManager, 'SSHA') 73 return passwordmanager.checkPassword(self.context.password, password) 92 return passwordmanager.checkPassword( 93 self.context.password.encode('utf-8'), # turn unicode into bytes 94 password) 74 95 75 96 class StudentsAuthenticatorPlugin(grok.GlobalUtility): -
main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_authentication.py
r6668 r6680 21 21 ## 22 22 import unittest 23 from zope.authentication.interfaces import IAuthentication 23 24 from zope.component import provideUtility, queryUtility, getGlobalSiteManager 24 25 from zope.interface.verify import verifyClass, verifyObject … … 26 27 from zope.password.interfaces import IPasswordManager 27 28 from zope.pluggableauth import PluggableAuthentication 29 from zope.securitypolicy.role import Role 30 from zope.securitypolicy.interfaces import IRole, Allow 31 from waeup.sirp.authentication import get_principal_role_manager 28 32 from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount 29 33 from waeup.sirp.students.authentication import ( … … 62 66 password = None 63 67 68 69 class MinimalPAU(PluggableAuthentication): 70 def getPrincipal(self, id): 71 return 'faked principal' 72 64 73 class StudentAccountTests(unittest.TestCase): 65 74 … … 67 76 self.fake_stud = FakeStudent() 68 77 self.account = StudentAccount(self.fake_stud) 78 79 # We provide a minimal PAU 80 pau = MinimalPAU() 81 provideUtility(pau, IAuthentication) 82 83 # We register a role 84 test_role = Role('waeup.test.Role', 'Testing Role') 85 provideUtility(test_role, IRole, name='waeup.test.Role') 86 69 87 # We have to setup a password manager utility manually as we 70 88 # have no functional test. In functional tests this would … … 76 94 77 95 def tearDown(self): 78 # Clear up the SSHA utility 79 ssha_manager = queryUtility( 80 IPasswordManager, name='SSHA', default=None) 81 if ssha_manager is not None: 82 gsm = getGlobalSiteManager() 83 gsm.unregisterUtility(ssha_manager) 96 self.account.roles = [] # make sure roles are reset 97 gsm = getGlobalSiteManager() 98 to_clean = [] 99 # Clear up utilities registered in setUp 100 to_clean.append( 101 (IPasswordManager, queryUtility( 102 IPasswordManager, name='SSHA', default=None))) 103 to_clean.append( 104 (IAuthentication, queryUtility(IAuthentication, default=None))) 105 to_clean.append( 106 (IRole, queryUtility(IRole, name='test.Role', default=None))) 107 for iface, elem in to_clean: 108 if elem is not None: 109 gsm.unregisterUtility(elem, iface) 84 110 return 85 111 … … 95 121 # we do not store plaintext passwords 96 122 self.assertTrue(self.fake_stud.password != 'secret') 123 # passwords are stored as unicode 124 self.assertTrue(isinstance(self.fake_stud.password, unicode)) 97 125 return 98 126 … … 107 135 self.assertEqual(result3, True) 108 136 return 137 138 def test_role_set(self): 139 # make sure we can set roles for principals denoted by account 140 prm = get_principal_role_manager() 141 self.assertEqual(prm.getPrincipalsAndRoles(), []) 142 self.account.roles = ['waeup.test.Role'] 143 self.assertEqual( 144 prm.getPrincipalsAndRoles(), 145 [('waeup.test.Role', 'test_stud', Allow)]) 146 return 147 148 def test_role_get(self): 149 # make sure we can get roles set for an account 150 self.assertEqual(self.account.roles, []) 151 self.account.roles = ['waeup.test.Role',] # set a role 152 self.assertEqual(self.account.roles, ['waeup.test.Role']) 153 return
Note: See TracChangeset for help on using the changeset viewer.