commit | author | age
|
496fcf
|
1 |
import unittest |
TS |
2 |
|
|
3 |
class TestAuthTktCookiePlugin(unittest.TestCase): |
1810b2
|
4 |
tempdir = None |
TS |
5 |
|
|
6 |
def setUp(self): |
|
7 |
pass |
|
8 |
|
|
9 |
def tearDown(self): |
|
10 |
if self.tempdir is not None: |
|
11 |
import shutil |
|
12 |
shutil.rmtree(self.tempdir) |
496fcf
|
13 |
|
TS |
14 |
def _getTargetClass(self): |
|
15 |
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin |
|
16 |
return AuthTktCookiePlugin |
|
17 |
|
|
18 |
def _makeEnviron(self, kw=None): |
|
19 |
environ = {'wsgi.version': (1,0)} |
|
20 |
if kw is not None: |
|
21 |
environ.update(kw) |
|
22 |
environ['REMOTE_ADDR'] = '1.1.1.1' |
|
23 |
environ['SERVER_NAME'] = 'localhost' |
|
24 |
return environ |
|
25 |
|
|
26 |
def _makeOne(self, *arg, **kw): |
|
27 |
plugin = self._getTargetClass()(*arg, **kw) |
|
28 |
return plugin |
|
29 |
|
|
30 |
def _makeTicket(self, userid='userid', remote_addr='0.0.0.0', |
|
31 |
tokens = [], userdata='userdata', |
cd1198
|
32 |
cookie_name='auth_tkt', secure=False, |
CM |
33 |
time=None): |
496fcf
|
34 |
from paste.auth import auth_tkt |
TS |
35 |
ticket = auth_tkt.AuthTicket( |
|
36 |
'secret', |
|
37 |
userid, |
|
38 |
remote_addr, |
|
39 |
tokens=tokens, |
|
40 |
user_data=userdata, |
cd1198
|
41 |
time=time, |
496fcf
|
42 |
cookie_name=cookie_name, |
TS |
43 |
secure=secure) |
|
44 |
return ticket.cookie_value() |
|
45 |
|
|
46 |
def test_implements(self): |
|
47 |
from zope.interface.verify import verifyClass |
|
48 |
from repoze.who.interfaces import IIdentifier |
|
49 |
klass = self._getTargetClass() |
|
50 |
verifyClass(IIdentifier, klass) |
|
51 |
|
|
52 |
def test_identify_nocookie(self): |
|
53 |
plugin = self._makeOne('secret') |
|
54 |
environ = self._makeEnviron() |
|
55 |
result = plugin.identify(environ) |
|
56 |
self.assertEqual(result, None) |
|
57 |
|
|
58 |
def test_identify_good_cookie_include_ip(self): |
|
59 |
plugin = self._makeOne('secret', include_ip=True) |
|
60 |
val = self._makeTicket(remote_addr='1.1.1.1') |
|
61 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
62 |
result = plugin.identify(environ) |
|
63 |
self.assertEqual(len(result), 4) |
|
64 |
self.assertEqual(result['tokens'], ['']) |
|
65 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
66 |
self.assertEqual(result['userdata'], 'userdata') |
|
67 |
self.failUnless('timestamp' in result) |
|
68 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
69 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
70 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
71 |
|
|
72 |
def test_identify_good_cookie_dont_include_ip(self): |
|
73 |
plugin = self._makeOne('secret', include_ip=False) |
|
74 |
val = self._makeTicket() |
|
75 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
76 |
result = plugin.identify(environ) |
|
77 |
self.assertEqual(len(result), 4) |
|
78 |
self.assertEqual(result['tokens'], ['']) |
|
79 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
80 |
self.assertEqual(result['userdata'], 'userdata') |
|
81 |
self.failUnless('timestamp' in result) |
|
82 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
83 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
84 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
85 |
|
|
86 |
def test_identify_good_cookie_int_useridtype(self): |
|
87 |
plugin = self._makeOne('secret', include_ip=False) |
|
88 |
val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
89 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
90 |
result = plugin.identify(environ) |
|
91 |
self.assertEqual(len(result), 4) |
|
92 |
self.assertEqual(result['tokens'], ['']) |
|
93 |
self.assertEqual(result['repoze.who.userid'], 1) |
|
94 |
self.assertEqual(result['userdata'], 'userid_type:int') |
|
95 |
self.failUnless('timestamp' in result) |
|
96 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
97 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int') |
|
98 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
99 |
|
|
100 |
def test_identify_good_cookie_unknown_useridtype(self): |
|
101 |
plugin = self._makeOne('secret', include_ip=False) |
|
102 |
val = self._makeTicket(userid='userid', userdata='userid_type:unknown') |
|
103 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
104 |
result = plugin.identify(environ) |
|
105 |
self.assertEqual(len(result), 4) |
|
106 |
self.assertEqual(result['tokens'], ['']) |
|
107 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
108 |
self.assertEqual(result['userdata'], 'userid_type:unknown') |
|
109 |
self.failUnless('timestamp' in result) |
|
110 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
111 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown') |
|
112 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
113 |
|
|
114 |
def test_identify_bad_cookie(self): |
|
115 |
plugin = self._makeOne('secret', include_ip=True) |
|
116 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) |
|
117 |
result = plugin.identify(environ) |
|
118 |
self.assertEqual(result, None) |
|
119 |
|
cd1198
|
120 |
def test_identify_bad_cookie_expired(self): |
CM |
121 |
import time |
|
122 |
plugin = self._makeOne('secret', timeout=2, reissue_time=1) |
|
123 |
val = self._makeTicket(userid='userid', time=time.time()-3) |
|
124 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
125 |
result = plugin.identify(environ) |
|
126 |
self.assertEqual(result, None) |
|
127 |
|
496fcf
|
128 |
def test_remember_creds_same(self): |
TS |
129 |
plugin = self._makeOne('secret') |
|
130 |
val = self._makeTicket(userid='userid') |
|
131 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
132 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
133 |
'userdata':'userdata'}) |
|
134 |
self.assertEqual(result, None) |
|
135 |
|
|
136 |
def test_remember_creds_different(self): |
|
137 |
plugin = self._makeOne('secret') |
|
138 |
old_val = self._makeTicket(userid='userid') |
|
139 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
140 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
141 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
142 |
'userdata':'userdata'}) |
|
143 |
self.assertEqual(len(result), 3) |
|
144 |
self.assertEqual(result[0], |
|
145 |
('Set-Cookie', |
|
146 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
147 |
self.assertEqual(result[1], |
|
148 |
('Set-Cookie', |
2afbb8
|
149 |
'auth_tkt="%s"; Path=/; Domain=localhost' |
TS |
150 |
% new_val)) |
496fcf
|
151 |
self.assertEqual(result[2], |
TS |
152 |
('Set-Cookie', |
2afbb8
|
153 |
'auth_tkt="%s"; Path=/; Domain=.localhost' |
TS |
154 |
% new_val)) |
496fcf
|
155 |
|
394ea6
|
156 |
def test_remember_creds_different_include_ip(self): |
TS |
157 |
plugin = self._makeOne('secret', include_ip=True) |
|
158 |
old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1') |
|
159 |
environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val}) |
|
160 |
new_val = self._makeTicket(userid='other', |
|
161 |
userdata='userdata', |
|
162 |
remote_addr='1.1.1.1') |
|
163 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
164 |
'userdata':'userdata'}) |
|
165 |
self.assertEqual(len(result), 3) |
|
166 |
self.assertEqual(result[0], |
|
167 |
('Set-Cookie', |
|
168 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
169 |
self.assertEqual(result[1], |
|
170 |
('Set-Cookie', |
|
171 |
'auth_tkt="%s"; Path=/; Domain=localhost' |
|
172 |
% new_val)) |
|
173 |
self.assertEqual(result[2], |
|
174 |
('Set-Cookie', |
|
175 |
'auth_tkt="%s"; Path=/; Domain=.localhost' |
|
176 |
% new_val)) |
|
177 |
|
|
178 |
def test_remember_creds_different_bad_old_cookie(self): |
|
179 |
plugin = self._makeOne('secret') |
|
180 |
old_val = 'BOGUS' |
|
181 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
182 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
183 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
184 |
'userdata':'userdata'}) |
|
185 |
self.assertEqual(len(result), 3) |
|
186 |
self.assertEqual(result[0], |
|
187 |
('Set-Cookie', |
|
188 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
189 |
self.assertEqual(result[1], |
|
190 |
('Set-Cookie', |
|
191 |
'auth_tkt="%s"; Path=/; Domain=localhost' |
|
192 |
% new_val)) |
|
193 |
self.assertEqual(result[2], |
|
194 |
('Set-Cookie', |
|
195 |
'auth_tkt="%s"; Path=/; Domain=.localhost' |
|
196 |
% new_val)) |
|
197 |
|
|
198 |
def test_remember_creds_different_with_nonstring_tokens(self): |
|
199 |
plugin = self._makeOne('secret') |
|
200 |
old_val = self._makeTicket(userid='userid') |
|
201 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
202 |
new_val = self._makeTicket(userid='other', |
|
203 |
userdata='userdata', |
|
204 |
tokens='foo,bar', |
|
205 |
) |
|
206 |
result = plugin.remember(environ, {'repoze.who.userid': 'other', |
|
207 |
'userdata': 'userdata', |
|
208 |
'tokens': ['foo', 'bar'], |
|
209 |
}) |
|
210 |
self.assertEqual(len(result), 3) |
|
211 |
self.assertEqual(result[0], |
|
212 |
('Set-Cookie', |
|
213 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
214 |
self.assertEqual(result[1], |
|
215 |
('Set-Cookie', |
|
216 |
'auth_tkt="%s"; Path=/; Domain=localhost' |
|
217 |
% new_val)) |
|
218 |
self.assertEqual(result[2], |
|
219 |
('Set-Cookie', |
|
220 |
'auth_tkt="%s"; Path=/; Domain=.localhost' |
|
221 |
% new_val)) |
|
222 |
|
496fcf
|
223 |
def test_remember_creds_different_int_userid(self): |
TS |
224 |
plugin = self._makeOne('secret') |
|
225 |
old_val = self._makeTicket(userid='userid') |
|
226 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
227 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
228 |
result = plugin.remember(environ, {'repoze.who.userid':1, |
|
229 |
'userdata':''}) |
|
230 |
|
|
231 |
self.assertEqual(len(result), 3) |
|
232 |
self.assertEqual(result[0], |
|
233 |
('Set-Cookie', |
|
234 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
235 |
|
|
236 |
def test_remember_creds_different_long_userid(self): |
|
237 |
plugin = self._makeOne('secret') |
|
238 |
old_val = self._makeTicket(userid='userid') |
|
239 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
240 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
241 |
result = plugin.remember(environ, {'repoze.who.userid':long(1), |
|
242 |
'userdata':''}) |
|
243 |
self.assertEqual(len(result), 3) |
|
244 |
self.assertEqual(result[0], |
|
245 |
('Set-Cookie', |
|
246 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
247 |
|
|
248 |
def test_remember_creds_different_unicode_userid(self): |
|
249 |
plugin = self._makeOne('secret') |
|
250 |
old_val = self._makeTicket(userid='userid') |
|
251 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
252 |
userid = unicode('\xc2\xa9', 'utf-8') |
|
253 |
new_val = self._makeTicket(userid=userid.encode('utf-8'), |
|
254 |
userdata='userid_type:unicode') |
|
255 |
result = plugin.remember(environ, {'repoze.who.userid':userid, |
|
256 |
'userdata':''}) |
|
257 |
self.assertEqual(type(result[0][1]), str) |
|
258 |
self.assertEqual(len(result), 3) |
|
259 |
self.assertEqual(result[0], |
|
260 |
('Set-Cookie', |
|
261 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
262 |
|
cd1198
|
263 |
def test_remember_creds_reissue(self): |
CM |
264 |
import time |
|
265 |
plugin = self._makeOne('secret', reissue_time=1) |
|
266 |
old_val = self._makeTicket(userid='userid', userdata='', time=time.time()-2) |
|
267 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
268 |
new_val = self._makeTicket(userid='userid', userdata='') |
|
269 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
270 |
'userdata':''}) |
|
271 |
self.assertEqual(type(result[0][1]), str) |
|
272 |
self.assertEqual(len(result), 3) |
|
273 |
self.assertEqual(result[0], |
|
274 |
('Set-Cookie', |
|
275 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
276 |
|
496fcf
|
277 |
def test_forget(self): |
TS |
278 |
plugin = self._makeOne('secret') |
|
279 |
environ = self._makeEnviron() |
|
280 |
headers = plugin.forget(environ, None) |
|
281 |
self.assertEqual(len(headers), 3) |
|
282 |
header = headers[0] |
|
283 |
name, value = header |
|
284 |
self.assertEqual(name, 'Set-Cookie') |
|
285 |
self.assertEqual(value, 'auth_tkt=""""; Path=/') |
|
286 |
header = headers[1] |
|
287 |
name, value = header |
|
288 |
self.assertEqual(name, 'Set-Cookie') |
|
289 |
self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=localhost') |
|
290 |
header = headers[2] |
|
291 |
name, value = header |
|
292 |
self.assertEqual(name, 'Set-Cookie') |
|
293 |
self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=.localhost') |
|
294 |
|
|
295 |
def test_factory_wo_secret_wo_secretfile_raises_ValueError(self): |
|
296 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
297 |
self.assertRaises(ValueError, make_plugin) |
|
298 |
|
|
299 |
def test_factory_w_secret_w_secretfile_raises_ValueError(self): |
|
300 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
301 |
self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile') |
|
302 |
|
|
303 |
def test_factory_w_bad_secretfile_raises_ValueError(self): |
|
304 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
305 |
self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt') |
|
306 |
|
|
307 |
def test_factory_w_secret(self): |
|
308 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
309 |
plugin = make_plugin('secret') |
|
310 |
self.assertEqual(plugin.cookie_name, 'auth_tkt') |
|
311 |
self.assertEqual(plugin.secret, 'secret') |
|
312 |
self.assertEqual(plugin.include_ip, False) |
|
313 |
self.assertEqual(plugin.secure, False) |
|
314 |
|
|
315 |
def test_factory_w_secretfile(self): |
1810b2
|
316 |
import os |
TS |
317 |
from tempfile import mkdtemp |
496fcf
|
318 |
from repoze.who.plugins.auth_tkt import make_plugin |
1810b2
|
319 |
tempdir = self.tempdir = mkdtemp() |
TS |
320 |
path = os.path.join(tempdir, 'who.secret') |
|
321 |
secret = open(path, 'w') |
|
322 |
secret.write('s33kr1t\n') |
|
323 |
secret.flush() |
|
324 |
secret.close() |
|
325 |
plugin = make_plugin(secretfile=path) |
496fcf
|
326 |
self.assertEqual(plugin.secret, 's33kr1t') |
TS |
327 |
|
cd1198
|
328 |
def test_factory_with_timeout_and_reissue_time(self): |
CM |
329 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
330 |
plugin = make_plugin('secret', timeout=5, reissue_time=1) |
|
331 |
self.assertEqual(plugin.timeout, 5) |
|
332 |
self.assertEqual(plugin.reissue_time, 1) |
|
333 |
|
a6f6dc
|
334 |
def test_factory_with_userid_checker(self): |
CM |
335 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
336 |
plugin = make_plugin( |
|
337 |
'secret', |
|
338 |
userid_checker='repoze.who.plugins.auth_tkt:make_plugin') |
|
339 |
self.assertEqual(plugin.userid_checker, make_plugin) |
|
340 |
|
cd1198
|
341 |
def test_timeout_no_reissue(self): |
CM |
342 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1) |
|
343 |
|
|
344 |
def test_timeout_lower_than_reissue(self): |
|
345 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1, |
|
346 |
reissue_time=2) |
a6f6dc
|
347 |
|
CM |
348 |
def test_identify_with_checker_and_existing_account(self): |
|
349 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
350 |
val = self._makeTicket(userid='existing') |
|
351 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
352 |
result = plugin.identify(environ) |
|
353 |
self.assertEqual(len(result), 4) |
|
354 |
self.assertEqual(result['tokens'], ['']) |
|
355 |
self.assertEqual(result['repoze.who.userid'], 'existing') |
|
356 |
self.assertEqual(result['userdata'], 'userdata') |
|
357 |
self.failUnless('timestamp' in result) |
|
358 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
359 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
360 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
361 |
|
|
362 |
def test_identify_with_checker_and_non_existing_account(self): |
|
363 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
364 |
val = self._makeTicket(userid='nonexisting') |
|
365 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
366 |
original_environ = environ.copy() |
|
367 |
result = plugin.identify(environ) |
|
368 |
self.assertEqual(result, None) |
|
369 |
# The environ must not have been modified, excuding the paste.cookies |
|
370 |
# variable: |
|
371 |
del environ['paste.cookies'] |
|
372 |
self.assertEqual(environ, original_environ) |
299b4c
|
373 |
|
CM |
374 |
def test_remember_max_age(self): |
|
375 |
plugin = self._makeOne('secret') |
|
376 |
environ = {'HTTP_HOST':'example.com'} |
|
377 |
|
|
378 |
tkt = self._makeTicket(userid='chris', userdata='') |
|
379 |
result = plugin.remember(environ, {'repoze.who.userid':'chris', |
|
380 |
'max_age':'500'}) |
|
381 |
|
|
382 |
name,value = result.pop(0) |
|
383 |
self.assertEqual('Set-Cookie', name) |
|
384 |
self.failUnless( |
|
385 |
value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), |
|
386 |
value) |
|
387 |
self.failUnless('; Expires=' in value) |
|
388 |
|
|
389 |
name,value = result.pop(0) |
|
390 |
self.assertEqual('Set-Cookie', name) |
|
391 |
self.failUnless( |
|
392 |
value.startswith( |
|
393 |
'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' |
|
394 |
% tkt), value) |
|
395 |
self.failUnless('; Expires=' in value) |
|
396 |
|
|
397 |
name,value = result.pop(0) |
|
398 |
self.assertEqual('Set-Cookie', name) |
|
399 |
self.failUnless( |
|
400 |
value.startswith( |
|
401 |
'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), |
|
402 |
value) |
|
403 |
self.failUnless('; Expires=' in value) |
|
404 |
|
|
405 |
|
a6f6dc
|
406 |
def dummy_userid_checker(userid): |
CM |
407 |
return userid == 'existing' |