Changeset 7240 for main/waeup.sirp/trunk/src/waeup/sirp/applicants/tests/test_authentication.py

Timestamp:

30 Nov 2011, 23:13:26 (13 years ago)

Author:

Henrik Bettermann

Message:

Rebuild applicants package (1st part). Applicants now have an applicant_id and a password and can use the regular login page to enter the portal.

Add user_type attribute to SIRPPrincipal objects.

Add some permissions in students package.

Some tests are still missing and will be re-added soon.

File:

• main/waeup.sirp/trunk/src/waeup/sirp/applicants/tests/test_authentication.py (modified) (1 diff)

main/waeup.sirp/trunk/src/waeup/sirp/applicants/tests/test_authentication.py

@@ -16 +16 @@
 ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 ##
-import shutil
-import tempfile
 import unittest
 from zope.authentication.interfaces import IAuthentication
-from zope.component import provideAdapter, getUtility, queryUtility
-from zope.component.hooks import setSite
-from zope.interface import verify
-from zope.pluggableauth.interfaces import  IAuthenticatedPrincipalFactory
-from zope.publisher.browser import TestRequest
-from zope.publisher.interfaces import IRequest
-from zope.session.interfaces import ISession
-from zope.testbrowser.testing import Browser
-from zope.testing import cleanup
-from waeup.sirp.testing import FunctionalLayer, FunctionalTestCase
-from waeup.sirp.app import University
-from waeup.sirp.interfaces import IAuthPluginUtility
-from waeup.sirp.applicants import  ApplicantsContainer, Applicant
+from zope.component import provideUtility, queryUtility, getGlobalSiteManager
+from zope.interface.verify import verifyClass, verifyObject
+from zope.password.password import SSHAPasswordManager
+from zope.password.interfaces import IPasswordManager
+from zope.pluggableauth import PluggableAuthentication
+from zope.security.interfaces import Unauthorized
+from zope.securitypolicy.role import Role
+from zope.securitypolicy.interfaces import IRole, Allow
+from waeup.sirp.authentication import get_principal_role_manager
+from waeup.sirp.interfaces import IAuthPluginUtility, IUserAccount
 from waeup.sirp.applicants.authentication import (
-    ApplicantsAuthenticatorPlugin, WAeUPApplicantCredentialsPlugin,
-    ApplicantCredentials, AuthenticatedApplicantPrincipalFactory,
-    ApplicantPrincipalInfo, ApplicantPrincipal, ApplicantsAuthenticatorSetup)
+    ApplicantsAuthenticatorSetup, ApplicantAccount)
+from waeup.sirp.applicants.tests.test_browser import ApplicantsFullSetup
+from waeup.sirp.testing import FunctionalLayer
+
+class ApplicantsAuthenticatorSetupTests(unittest.TestCase):
+
+    def test_iface(self):
+        obj = ApplicantsAuthenticatorSetup()
+        verifyClass(IAuthPluginUtility, ApplicantsAuthenticatorSetup)
+        verifyObject(IAuthPluginUtility, obj)
+        return
+
+    def test_register(self):
+        # Make sure registration works.
+        setup = ApplicantsAuthenticatorSetup()
+        pau = PluggableAuthentication()
+        setup.register(pau)
+        self.assertTrue('applicants' in pau.authenticatorPlugins)
+        return
+
+    def test_unregister(self):
+        # Make sure deregistration works.
+        setup = ApplicantsAuthenticatorSetup()
+        pau = PluggableAuthentication()
+        pau.authenticatorPlugins = ('applicants')
+        setup.unregister(pau)
+        self.assertTrue('applicants' not in pau.authenticatorPlugins)
+        return
 
 
-class FakeBatch(dict):
-    def getAccessCode(self, id):
-        return self.get(id)
+class FakeApplicant(object):
+    applicant_id = 'test_appl'
+    fullname = 'Tilman Gause'
+    password = None
+    email = None
+    phone = None
 
-class FakeAccessCode(object):
-    def __init__(self, repr, state = 'initialized'):
-        self.representation = repr
-        self.state = state
 
-class FakeApplication(object):
-    def __init__(self, ac=None):
-        self.access_code = ac
+class MinimalPAU(PluggableAuthentication):
+    def getPrincipal(self, id):
+        return 'faked principal'
 
-def FakeSite():
-    return {
-        'applicants': {
-            'APP': {
-                'APP-12345': FakeApplication(u'APP-12345'),
-                'APP-54321': FakeApplication(u'APP-54321'),
-                'APP-22222': FakeApplication(u'APP-OTHER'),
-                'APP-44444': FakeApplication(),
-                'APP-55555': FakeApplication(u'APP-OTHER'),
-                'APP-77777': FakeApplication(u'APP-77777'),
-                },
-            },
-        'accesscodes': {
-            'APP': FakeBatch({
-                    'APP-12345': FakeAccessCode('APP-12345'),
-                    'APP-54321': FakeAccessCode('APP-54321', 'used'),
-                    'APP-11111': FakeAccessCode('APP-11111'),
-                    'APP-22222': FakeAccessCode('APP-22222'),
-                    'APP-33333': FakeAccessCode('APP-33333', 'used'),
-                    'APP-44444': FakeAccessCode('APP-44444', 'used'),
-                    'APP-55555': FakeAccessCode('APP-55555', 'used'),
-                    'APP-66666': FakeAccessCode('APP-66666', 'disabled'),
-                    'APP-77777': FakeAccessCode('APP-77777', 'disabled'),
-                    })
-            }
-        }
-
-class AuthenticatorPluginTest(FunctionalTestCase):
-
-    layer = FunctionalLayer
-
-    def create_applicant(self, cname, aname, ac=None):
-        # Create an applicant in an applicants container
-        setSite(self.app)
-        if not cname in self.app['applicants'].keys():
-            container = ApplicantsContainer()
-            self.app['applicants'][cname] = container
-        applicant = Applicant()
-        if ac is not None:
-            applicant.access_code = ac
-        self.app['applicants'][cname][aname] = applicant
-        return
+class ApplicantAccountTests(unittest.TestCase):
 
     def setUp(self):
-        super(AuthenticatorPluginTest, self).setUp()
+        self.fake_stud = FakeApplicant()
+        self.account = ApplicantAccount(self.fake_stud)
 
-        # Setup a sample site for each test
-        app = University()
-        self.dc_root = tempfile.mkdtemp()
-        app['datacenter'].setStoragePath(self.dc_root)
+        # We provide a minimal PAU
+        pau = MinimalPAU()
+        provideUtility(pau, IAuthentication)
 
-        # Prepopulate the ZODB...
-        self.getRootFolder()['app'] = app
-        self.app = self.getRootFolder()['app']
+        # We register a role
+        test_role = Role('waeup.test.Role', 'Testing Role')
+        provideUtility(test_role, IRole, name='waeup.test.Role')
 
-        fake_site = FakeSite()
-        for ckey, fake_container in fake_site['applicants'].items():
-            for akey, fake_appl in fake_container.items():
-                self.create_applicant(ckey, akey, fake_appl.access_code)
-        del self.app['accesscodes']
-        self.app['accesscodes'] = fake_site['accesscodes']
-
-        self.plugin = ApplicantsAuthenticatorPlugin()
+        # We have to setup a password manager utility manually as we
+        # have no functional test. In functional tests this would
+        # happen automatically, but it would take a lot more time to
+        # run the tests.
+        provideUtility(
+            SSHAPasswordManager(), IPasswordManager, 'SSHA')
         return
 
     def tearDown(self):
-        super(AuthenticatorPluginTest, self).tearDown()
-        shutil.rmtree(self.dc_root)
+        self.account.roles = [] # make sure roles are reset
+        gsm = getGlobalSiteManager()
+        to_clean = []
+        # Clear up utilities registered in setUp
+        to_clean.append(
+            (IPasswordManager, queryUtility(
+                    IPasswordManager, name='SSHA', default=None)))
+        to_clean.append(
+            (IAuthentication, queryUtility(IAuthentication, default=None)))
+        to_clean.append(
+            (IRole, queryUtility(IRole, name='test.Role', default=None)))
+        for iface, elem in to_clean:
+            if elem is not None:
+                gsm.unregisterUtility(elem, iface)
         return
 
-    def test_invalid_credentials(self):
-        result = self.plugin.authenticateCredentials('not-a-dict')
-        assert result is None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode=None, foo='blah'))
-        assert result is None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='Nonsense',))
-        assert result is None
-
-        # Possible cases, where formal correct authentication
-        # data is not valid:
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-33333'))
-        assert result is None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-55555'))
-        assert result is None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-66666'))
-        assert result is None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-77777'))
-        assert result is None
-
+    def test_iface(self):
+        verifyClass(IUserAccount, ApplicantAccount)
+        verifyObject(IUserAccount, self.account)
         return
 
-    def test_valid_credentials(self):
-        """The six different cases where we allow login.
-
-        All other combinations should be forbidden.
-        """
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-11111'))
-        assert result is not None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-12345'))
-        assert result is not None
-
-        result = self.plugin.authenticateCredentials(
-            dict(accesscode='APP-54321'))
-        assert result is not None
-
-        # check the `principalInfo` method of authenticator
-        # plugin. This is only here to satisfy the coverage report.
-        assert self.plugin.principalInfo('not-an-id') is None
+    def test_set_password(self):
+        # make sure we can set a password.
+        self.account.setPassword('secret')
+        self.assertTrue(self.fake_stud.password is not None)
+        # we do not store plaintext passwords
+        self.assertTrue(self.fake_stud.password != 'secret')
+        # passwords are stored as unicode
+        self.assertTrue(isinstance(self.fake_stud.password, unicode))
         return
 
-session_data = {
-    'zope.pluggableauth.browserplugins': {}
-    }
-
-class FakeSession(dict):
-    def __init__(self, request):
-        pass
-
-    def get(self, key, default=None):
-        return self.__getitem__(key, default)
-
-    def __getitem__(self, key, default=None):
-        return session_data.get(key, default)
-
-    def __setitem__(self, key, value):
-        session_data[key] = value
+    def test_check_password(self):
+        # make sure we can check a password.
+        self.account.setPassword('secret')
+        result1 = self.account.checkPassword(None)
+        result2 = self.account.checkPassword('nonsense')
+        result3 = self.account.checkPassword('secret')
+        self.assertEqual(result1, False)
+        self.assertEqual(result2, False)
+        self.assertEqual(result3, True)
         return
 
-class CredentialsPluginTest(unittest.TestCase):
-
-    def setUp(self):
-        self.request = TestRequest()
-        provideAdapter(FakeSession, (IRequest,), ISession)
-        self.plugin = WAeUPApplicantCredentialsPlugin()
-        self.full_request = TestRequest()
-        session_data['zope.pluggableauth.browserplugins'] = {}
+    def test_check_unset_password(self):
+        # empty and unset passwords do not match anything
+        self.fake_stud.password = None
+        result1 = self.account.checkPassword('')
+        self.fake_stud.password = ''
+        result2 = self.account.checkPassword('')
+        self.assertEqual(result1, False)
+        self.assertEqual(result2, False)
         return
 
-    def tearDown(self):
-        cleanup.tearDown()
+    def test_check_password_no_string(self):
+        # if passed in password is not a string, we gain no access
+        self.fake_stud.password = 'secret'
+        result1 = self.account.checkPassword(None)
+        result2 = self.account.checkPassword(object())
+        self.assertEqual(result1, False)
+        self.assertEqual(result2, False)
         return
 
-    def filled_request(self, form_dict):
-        request = TestRequest()
-        for key, value in form_dict.items():
-            request.form[key] = value
-        return request
-
-    def test_extractCredentials_invalid(self):
-        result = self.plugin.extractCredentials('not-a-request')
-        assert result is None
+    def test_role_set(self):
+        # make sure we can set roles for principals denoted by account
+        prm = get_principal_role_manager()
+        self.assertEqual(prm.getPrincipalsAndRoles(), [])
+        self.account.roles = ['waeup.test.Role']
+        self.assertEqual(
+            prm.getPrincipalsAndRoles(),
+            [('waeup.test.Role', 'test_appl', Allow)])
         return
 
-    def test_extractCredentials_empty(self):
-        result = self.plugin.extractCredentials(self.request)
-        assert result is None
+    def test_role_get(self):
+        # make sure we can get roles set for an account
+        self.assertEqual(self.account.roles, [])
+        self.account.roles = ['waeup.test.Role',] # set a role
+        self.assertEqual(self.account.roles, ['waeup.test.Role'])
         return
 
-    def test_extractCredentials_full_set(self):
-        request = self.filled_request({
-                'form.ac_prefix': 'APP',
-                'form.ac_series': '1',
-                'form.ac_number': '1234567890',
-                #'form.jamb_reg_no': 'JAMB_NUMBER',
-                })
-        result = self.plugin.extractCredentials(request)
-        self.assertEqual(result, {'accesscode': 'APP-1-1234567890'})
-        return
-
-    def test_extractCredentials_accesscode_only(self):
-        request = self.filled_request({
-                'form.ac_prefix': 'APP',
-                'form.ac_series': '1',
-                'form.ac_number': '1234567890',
-                })
-        result = self.plugin.extractCredentials(request)
-        self.assertEqual(result, {'accesscode': 'APP-1-1234567890'})
-        return
-
-    def test_extractCredentials_from_empty_session(self):
-        session_data['zope.pluggableauth.browserplugins']['credentials'] = None
-        result = self.plugin.extractCredentials(self.request)
-        assert result is None
-        return
-
-    def test_extractCredentials_from_nonempty_session(self):
-        credentials = ApplicantCredentials('APP-1-12345')
-        session_data['zope.pluggableauth.browserplugins'][
-            'credentials'] = credentials
-        result = self.plugin.extractCredentials(self.request)
-        self.assertEqual(result, {'accesscode': 'APP-1-12345'})
-        return
-
-
-class ApplicantCredentialsTest(unittest.TestCase):
-
-    def setUp(self):
-        self.credentials = ApplicantCredentials('SOME_ACCESSCODE')
-        return
-
-    def tearDown(self):
-        return
-
-    def test_methods(self):
-        self.assertEqual(self.credentials.getAccessCode(), 'SOME_ACCESSCODE')
-        assert self.credentials.getLogin() is None
-        assert self.credentials.getPassword() is None
-        return
-
-class FakePluggableAuth(object):
-    prefix = 'foo'
-
-class PrincipalFactoryTest(unittest.TestCase):
-
-    def setUp(self):
-        self.info = ApplicantPrincipalInfo('APP-1-1234567890')
-        return
-
-    def tearDown(self):
-        pass
-
-    def test_principalFactory_interface(self):
-        verify.verifyClass(IAuthenticatedPrincipalFactory,
-                           AuthenticatedApplicantPrincipalFactory
-                           )
-        return
-
-    def test_principalFactory_create(self):
-        factory = AuthenticatedApplicantPrincipalFactory(self.info, None)
-
-        assert factory.info is self.info
-        assert factory.request is None
-        return
-
-    def test_principalFactory_call_w_prefix(self):
-        factory = AuthenticatedApplicantPrincipalFactory(self.info, None)
-        principal = factory(FakePluggableAuth())
-
-        assert isinstance(principal, ApplicantPrincipal)
-        self.assertEqual(principal.__repr__(),
-                         "ApplicantPrincipal('foo.APP-1-1234567890')")
-        self.assertEqual(principal.id, 'foo.APP-1-1234567890')
-        return
-
-    def test_principalFactory_call_wo_prefix(self):
-        factory = AuthenticatedApplicantPrincipalFactory(self.info, None)
-        fake_auth = FakePluggableAuth()
-        fake_auth.prefix = None
-        principal = factory(fake_auth)
-        self.assertEqual(principal.id, 'APP-1-1234567890')
-        return
-
-class PAUSetupTest(FunctionalTestCase):
-    # Check correct setup of authentication components in the
-    # applicants subpackage.
-
-    # When a university is created, we want by default have our local
-    # authentication components (an authenticator plugin and a
-    # credentials plugin) to be registered with the local PAU. Admins
-    # can remove these components on the fly later-on if they wish.
+class FunctionalApplicantAuthTests(ApplicantsFullSetup):
 
     layer = FunctionalLayer
 
     def setUp(self):
-        super(PAUSetupTest, self).setUp()
-
-        # Setup a sample site for each test
-        app = University()
-        self.dc_root = tempfile.mkdtemp()
-        app['datacenter'].setStoragePath(self.dc_root)
-
-        # Prepopulate the ZODB...
-        self.getRootFolder()['app'] = app
-        self.app = self.getRootFolder()['app']
-        self.browser = Browser()
-        self.browser.handleErrors = False
+        super(FunctionalApplicantAuthTests, self).setUp()
+        return
 
     def tearDown(self):
-        super(PAUSetupTest, self).tearDown()
-        shutil.rmtree(self.dc_root)
-
-    def test_extra_auth_plugins_installed(self):
-        # Check whether the auth plugins defined in here are setup
-        # automatically when a university is created
-
-        # Get the PAU responsible for the local site ('app')
-        pau = getUtility(IAuthentication, context=self.app)
-        cred_plugins = pau.getCredentialsPlugins()
-        auth_plugins = pau.getAuthenticatorPlugins()
-        cred_names = [name for name, plugin in cred_plugins]
-        auth_names = [name for name, plugin in auth_plugins]
-
-        # Make sure our local ApplicantsAuthenticatorPlugin is registered...
-        self.assertTrue('applicants' in auth_names)
-        # Make sure our local WAeUPApplicantCredentialsPlugin is registered...
-        self.assertTrue('applicant_credentials' in cred_names)
+        super(FunctionalApplicantAuthTests, self).tearDown()
         return
-
-class FakePAU(object):
-    credentialsPlugins = ()
-    authenticatorPlugins = ()
-
-class ApplicantsAuthenticatorSetupTests(FunctionalTestCase):
-
-    layer = FunctionalLayer
-
-    def test_ifaces(self):
-        # make sure we fullfill the interface promises
-        obj = ApplicantsAuthenticatorSetup()
-        verify.verifyClass(IAuthPluginUtility, ApplicantsAuthenticatorSetup)
-        verify.verifyObject(IAuthPluginUtility, obj)
-        return
-
-    def test_utility_available(self):
-        # we can get an applicant auth utility by lookup
-        util = queryUtility(IAuthPluginUtility,
-                            name='applicants_auth_setup')
-        self.assertTrue(util is not None)
-        return
-
-    def test_register(self):
-        # make sure we can register additional components
-        pau = FakePAU()
-        result = ApplicantsAuthenticatorSetup().register(pau)
-        self.assertEqual(
-            result.credentialsPlugins, ('applicant_credentials',))
-        self.assertEqual(
-            result.authenticatorPlugins, ('applicants',))
-        return
-
-    def test_unregister(self):
-        # make sure we can unregister applicant auth components
-        pau = FakePAU()
-        util = ApplicantsAuthenticatorSetup()
-        pau = util.register(pau)
-        result = util.unregister(pau)
-        self.assertEqual(
-            result.credentialsPlugins, ())
-        self.assertEqual(
-            result.authenticatorPlugins, ())
-        return