Changeset 6680 for main/waeup.sirp/trunk/src/waeup/sirp

Timestamp:

4 Sep 2011, 23:35:58 (13 years ago)

Author:

uli

Message:

Add support for assigning roles to student accounts and let password setter create unicode passwords.

Location:

main/waeup.sirp/trunk/src/waeup/sirp/students

Files:

• authentication.py (modified) (3 diffs)
• tests/test_authentication.py (modified) (7 diffs)

main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py

@@ -27 +27 @@
 from zope.password.interfaces import IPasswordManager
 from zope.pluggableauth.interfaces import IAuthenticatorPlugin
-from waeup.sirp.authentication import PrincipalInfo
+from waeup.sirp.authentication import PrincipalInfo, get_principal_role_manager
 from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
 from waeup.sirp.students.interfaces import IStudent
@@ -53 +53 @@
         return self.title
 
-    @property
-    def roles(self):
-        return getattr(self.context, 'roles', None)
+    def _get_roles(self):
+        prm = get_principal_role_manager()
+        roles = [x[0] for x in prm.getRolesForPrincipal(self.name)
+                 if x[0].startswith('waeup.')]
+        return roles
+
+    def _set_roles(self, roles):
+        """Set roles for principal denoted by this account.
+        """
+        prm = get_principal_role_manager()
+        old_roles = self.roles
+        for role in old_roles:
+            # Remove old roles, not to be set now...
+            if role.startswith('waeup.') and role not in roles:
+                prm.unsetRoleForPrincipal(role, self.name)
+        for role in roles:
+            prm.assignRoleToPrincipal(role, self.name)
+        return
+
+    roles = property(_get_roles, _set_roles)
 
     def setPassword(self, password):
         """Set a password (LDAP-compatible) SSHA encoded.
 
-        We do not store passwords in plaintext.
+        We do not store passwords in plaintext. Encrypted password is
+        stored as unicode string.
         """
         passwordmanager = getUtility(IPasswordManager, 'SSHA')
-        self.context.password = passwordmanager.encodePassword(password)
+        self.context.password = u'%s' % (
+            passwordmanager.encodePassword(password))
 
     def checkPassword(self, password):
@@ -71 +90 @@
             return False
         passwordmanager = getUtility(IPasswordManager, 'SSHA')
-        return passwordmanager.checkPassword(self.context.password, password)
+        return passwordmanager.checkPassword(
+            self.context.password.encode('utf-8'), # turn unicode into bytes
+            password)
 
 class StudentsAuthenticatorPlugin(grok.GlobalUtility):

main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_authentication.py

@@ -21 +21 @@
 ##
 import unittest
+from zope.authentication.interfaces import IAuthentication
 from zope.component import provideUtility, queryUtility, getGlobalSiteManager
 from zope.interface.verify import verifyClass, verifyObject
@@ -26 +27 @@
 from zope.password.interfaces import IPasswordManager
 from zope.pluggableauth import PluggableAuthentication
+from zope.securitypolicy.role import Role
+from zope.securitypolicy.interfaces import IRole, Allow
+from waeup.sirp.authentication import get_principal_role_manager
 from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
 from waeup.sirp.students.authentication import (
@@ -62 +66 @@
     password = None
 
+
+class MinimalPAU(PluggableAuthentication):
+    def getPrincipal(self, id):
+        return 'faked principal'
+
 class StudentAccountTests(unittest.TestCase):
 
@@ -67 +76 @@
         self.fake_stud = FakeStudent()
         self.account = StudentAccount(self.fake_stud)
+
+        # We provide a minimal PAU
+        pau = MinimalPAU()
+        provideUtility(pau, IAuthentication)
+
+        # We register a role
+        test_role = Role('waeup.test.Role', 'Testing Role')
+        provideUtility(test_role, IRole, name='waeup.test.Role')
+
         # We have to setup a password manager utility manually as we
         # have no functional test. In functional tests this would
@@ -76 +94 @@
 
     def tearDown(self):
-        # Clear up the SSHA utility
-        ssha_manager = queryUtility(
-            IPasswordManager, name='SSHA', default=None)
-        if ssha_manager is not None:
-            gsm = getGlobalSiteManager()
-            gsm.unregisterUtility(ssha_manager)
+        self.account.roles = [] # make sure roles are reset
+        gsm = getGlobalSiteManager()
+        to_clean = []
+        # Clear up utilities registered in setUp
+        to_clean.append(
+            (IPasswordManager, queryUtility(
+                    IPasswordManager, name='SSHA', default=None)))
+        to_clean.append(
+            (IAuthentication, queryUtility(IAuthentication, default=None)))
+        to_clean.append(
+            (IRole, queryUtility(IRole, name='test.Role', default=None)))
+        for iface, elem in to_clean:
+            if elem is not None:
+                gsm.unregisterUtility(elem, iface)
         return
 
@@ -95 +121 @@
         # we do not store plaintext passwords
         self.assertTrue(self.fake_stud.password != 'secret')
+        # passwords are stored as unicode
+        self.assertTrue(isinstance(self.fake_stud.password, unicode))
         return
 
@@ -107 +135 @@
         self.assertEqual(result3, True)
         return
+
+    def test_role_set(self):
+        # make sure we can set roles for principals denoted by account
+        prm = get_principal_role_manager()
+        self.assertEqual(prm.getPrincipalsAndRoles(), [])
+        self.account.roles = ['waeup.test.Role']
+        self.assertEqual(
+            prm.getPrincipalsAndRoles(),
+            [('waeup.test.Role', 'test_stud', Allow)])
+        return
+
+    def test_role_get(self):
+        # make sure we can get roles set for an account
+        self.assertEqual(self.account.roles, [])
+        self.account.roles = ['waeup.test.Role',] # set a role
+        self.assertEqual(self.account.roles, ['waeup.test.Role'])
+        return