RedHatTraining/repoze.who.git

- If the ``identity`` dict passed to the ``auth_tkt`` ``remember`` method...

Chris McDonough

2009-06-25 299b4cbf28f7ecf21f6634c26abcda2f39fcdd6f

commit \| author \| age
496fcf	1	import unittest
TS	2
	3	class TestAuthTktCookiePlugin(unittest.TestCase):
1810b2	4	tempdir = None
TS	5
	6	def setUp(self):
	7	pass
	8
	9	def tearDown(self):
	10	if self.tempdir is not None:
	11	import shutil
	12	shutil.rmtree(self.tempdir)
496fcf	13
TS	14	def _getTargetClass(self):
	15	from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
	16	return AuthTktCookiePlugin
	17
	18	def _makeEnviron(self, kw=None):
	19	environ = {'wsgi.version': (1,0)}
	20	if kw is not None:
	21	environ.update(kw)
	22	environ['REMOTE_ADDR'] = '1.1.1.1'
	23	environ['SERVER_NAME'] = 'localhost'
	24	return environ
	25
	26	def _makeOne(self, arg, *kw):
	27	plugin = self._getTargetClass()(arg, *kw)
	28	return plugin
	29
	30	def _makeTicket(self, userid='userid', remote_addr='0.0.0.0',
	31	tokens = [], userdata='userdata',
cd1198	32	cookie_name='auth_tkt', secure=False,
CM	33	time=None):
496fcf	34	from paste.auth import auth_tkt
TS	35	ticket = auth_tkt.AuthTicket(
	36	'secret',
	37	userid,
	38	remote_addr,
	39	tokens=tokens,
	40	user_data=userdata,
cd1198	41	time=time,
496fcf	42	cookie_name=cookie_name,
TS	43	secure=secure)
	44	return ticket.cookie_value()
	45
	46	def test_implements(self):
	47	from zope.interface.verify import verifyClass
	48	from repoze.who.interfaces import IIdentifier
	49	klass = self._getTargetClass()
	50	verifyClass(IIdentifier, klass)
	51
	52	def test_identify_nocookie(self):
	53	plugin = self._makeOne('secret')
	54	environ = self._makeEnviron()
	55	result = plugin.identify(environ)
	56	self.assertEqual(result, None)
	57
	58	def test_identify_good_cookie_include_ip(self):
	59	plugin = self._makeOne('secret', include_ip=True)
	60	val = self._makeTicket(remote_addr='1.1.1.1')
	61	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	62	result = plugin.identify(environ)
	63	self.assertEqual(len(result), 4)
	64	self.assertEqual(result['tokens'], [''])
	65	self.assertEqual(result['repoze.who.userid'], 'userid')
	66	self.assertEqual(result['userdata'], 'userdata')
	67	self.failUnless('timestamp' in result)
	68	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	69	self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
	70	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	71
	72	def test_identify_good_cookie_dont_include_ip(self):
	73	plugin = self._makeOne('secret', include_ip=False)
	74	val = self._makeTicket()
	75	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	76	result = plugin.identify(environ)
	77	self.assertEqual(len(result), 4)
	78	self.assertEqual(result['tokens'], [''])
	79	self.assertEqual(result['repoze.who.userid'], 'userid')
	80	self.assertEqual(result['userdata'], 'userdata')
	81	self.failUnless('timestamp' in result)
	82	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	83	self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
	84	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	85
	86	def test_identify_good_cookie_int_useridtype(self):
	87	plugin = self._makeOne('secret', include_ip=False)
	88	val = self._makeTicket(userid='1', userdata='userid_type:int')
	89	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	90	result = plugin.identify(environ)
	91	self.assertEqual(len(result), 4)
	92	self.assertEqual(result['tokens'], [''])
	93	self.assertEqual(result['repoze.who.userid'], 1)
	94	self.assertEqual(result['userdata'], 'userid_type:int')
	95	self.failUnless('timestamp' in result)
	96	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	97	self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int')
	98	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	99
	100	def test_identify_good_cookie_unknown_useridtype(self):
	101	plugin = self._makeOne('secret', include_ip=False)
	102	val = self._makeTicket(userid='userid', userdata='userid_type:unknown')
	103	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	104	result = plugin.identify(environ)
	105	self.assertEqual(len(result), 4)
	106	self.assertEqual(result['tokens'], [''])
	107	self.assertEqual(result['repoze.who.userid'], 'userid')
	108	self.assertEqual(result['userdata'], 'userid_type:unknown')
	109	self.failUnless('timestamp' in result)
	110	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	111	self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown')
	112	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	113
	114	def test_identify_bad_cookie(self):
	115	plugin = self._makeOne('secret', include_ip=True)
	116	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'})
	117	result = plugin.identify(environ)
	118	self.assertEqual(result, None)
	119
cd1198	120	def test_identify_bad_cookie_expired(self):
CM	121	import time
	122	plugin = self._makeOne('secret', timeout=2, reissue_time=1)
	123	val = self._makeTicket(userid='userid', time=time.time()-3)
	124	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	125	result = plugin.identify(environ)
	126	self.assertEqual(result, None)
	127
496fcf	128	def test_remember_creds_same(self):
TS	129	plugin = self._makeOne('secret')
	130	val = self._makeTicket(userid='userid')
	131	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	132	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	133	'userdata':'userdata'})
	134	self.assertEqual(result, None)
	135
	136	def test_remember_creds_different(self):
	137	plugin = self._makeOne('secret')
	138	old_val = self._makeTicket(userid='userid')
	139	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	140	new_val = self._makeTicket(userid='other', userdata='userdata')
	141	result = plugin.remember(environ, {'repoze.who.userid':'other',
	142	'userdata':'userdata'})
	143	self.assertEqual(len(result), 3)
	144	self.assertEqual(result[0],
	145	('Set-Cookie',
	146	'auth_tkt="%s"; Path=/' % new_val))
	147	self.assertEqual(result[1],
	148	('Set-Cookie',
2afbb8	149	'auth_tkt="%s"; Path=/; Domain=localhost'
TS	150	% new_val))
496fcf	151	self.assertEqual(result[2],
TS	152	('Set-Cookie',
2afbb8	153	'auth_tkt="%s"; Path=/; Domain=.localhost'
TS	154	% new_val))
496fcf	155
394ea6	156	def test_remember_creds_different_include_ip(self):
TS	157	plugin = self._makeOne('secret', include_ip=True)
	158	old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1')
	159	environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val})
	160	new_val = self._makeTicket(userid='other',
	161	userdata='userdata',
	162	remote_addr='1.1.1.1')
	163	result = plugin.remember(environ, {'repoze.who.userid':'other',
	164	'userdata':'userdata'})
	165	self.assertEqual(len(result), 3)
	166	self.assertEqual(result[0],
	167	('Set-Cookie',
	168	'auth_tkt="%s"; Path=/' % new_val))
	169	self.assertEqual(result[1],
	170	('Set-Cookie',
	171	'auth_tkt="%s"; Path=/; Domain=localhost'
	172	% new_val))
	173	self.assertEqual(result[2],
	174	('Set-Cookie',
	175	'auth_tkt="%s"; Path=/; Domain=.localhost'
	176	% new_val))
	177
	178	def test_remember_creds_different_bad_old_cookie(self):
	179	plugin = self._makeOne('secret')
	180	old_val = 'BOGUS'
	181	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	182	new_val = self._makeTicket(userid='other', userdata='userdata')
	183	result = plugin.remember(environ, {'repoze.who.userid':'other',
	184	'userdata':'userdata'})
	185	self.assertEqual(len(result), 3)
	186	self.assertEqual(result[0],
	187	('Set-Cookie',
	188	'auth_tkt="%s"; Path=/' % new_val))
	189	self.assertEqual(result[1],
	190	('Set-Cookie',
	191	'auth_tkt="%s"; Path=/; Domain=localhost'
	192	% new_val))
	193	self.assertEqual(result[2],
	194	('Set-Cookie',
	195	'auth_tkt="%s"; Path=/; Domain=.localhost'
	196	% new_val))
	197
	198	def test_remember_creds_different_with_nonstring_tokens(self):
	199	plugin = self._makeOne('secret')
	200	old_val = self._makeTicket(userid='userid')
	201	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	202	new_val = self._makeTicket(userid='other',
	203	userdata='userdata',
	204	tokens='foo,bar',
	205	)
	206	result = plugin.remember(environ, {'repoze.who.userid': 'other',
	207	'userdata': 'userdata',
	208	'tokens': ['foo', 'bar'],
	209	})
	210	self.assertEqual(len(result), 3)
	211	self.assertEqual(result[0],
	212	('Set-Cookie',
	213	'auth_tkt="%s"; Path=/' % new_val))
	214	self.assertEqual(result[1],
	215	('Set-Cookie',
	216	'auth_tkt="%s"; Path=/; Domain=localhost'
	217	% new_val))
	218	self.assertEqual(result[2],
	219	('Set-Cookie',
	220	'auth_tkt="%s"; Path=/; Domain=.localhost'
	221	% new_val))
	222
496fcf	223	def test_remember_creds_different_int_userid(self):
TS	224	plugin = self._makeOne('secret')
	225	old_val = self._makeTicket(userid='userid')
	226	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	227	new_val = self._makeTicket(userid='1', userdata='userid_type:int')
	228	result = plugin.remember(environ, {'repoze.who.userid':1,
	229	'userdata':''})
	230
	231	self.assertEqual(len(result), 3)
	232	self.assertEqual(result[0],
	233	('Set-Cookie',
	234	'auth_tkt="%s"; Path=/' % new_val))
	235
	236	def test_remember_creds_different_long_userid(self):
	237	plugin = self._makeOne('secret')
	238	old_val = self._makeTicket(userid='userid')
	239	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	240	new_val = self._makeTicket(userid='1', userdata='userid_type:int')
	241	result = plugin.remember(environ, {'repoze.who.userid':long(1),
	242	'userdata':''})
	243	self.assertEqual(len(result), 3)
	244	self.assertEqual(result[0],
	245	('Set-Cookie',
	246	'auth_tkt="%s"; Path=/' % new_val))
	247
	248	def test_remember_creds_different_unicode_userid(self):
	249	plugin = self._makeOne('secret')
	250	old_val = self._makeTicket(userid='userid')
	251	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	252	userid = unicode('\xc2\xa9', 'utf-8')
	253	new_val = self._makeTicket(userid=userid.encode('utf-8'),
	254	userdata='userid_type:unicode')
	255	result = plugin.remember(environ, {'repoze.who.userid':userid,
	256	'userdata':''})
	257	self.assertEqual(type(result[0][1]), str)
	258	self.assertEqual(len(result), 3)
	259	self.assertEqual(result[0],
	260	('Set-Cookie',
	261	'auth_tkt="%s"; Path=/' % new_val))
	262
cd1198	263	def test_remember_creds_reissue(self):
CM	264	import time
	265	plugin = self._makeOne('secret', reissue_time=1)
	266	old_val = self._makeTicket(userid='userid', userdata='', time=time.time()-2)
	267	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	268	new_val = self._makeTicket(userid='userid', userdata='')
	269	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	270	'userdata':''})
	271	self.assertEqual(type(result[0][1]), str)
	272	self.assertEqual(len(result), 3)
	273	self.assertEqual(result[0],
	274	('Set-Cookie',
	275	'auth_tkt="%s"; Path=/' % new_val))
	276
496fcf	277	def test_forget(self):
TS	278	plugin = self._makeOne('secret')
	279	environ = self._makeEnviron()
	280	headers = plugin.forget(environ, None)
	281	self.assertEqual(len(headers), 3)
	282	header = headers[0]
	283	name, value = header
	284	self.assertEqual(name, 'Set-Cookie')
	285	self.assertEqual(value, 'auth_tkt=""""; Path=/')
	286	header = headers[1]
	287	name, value = header
	288	self.assertEqual(name, 'Set-Cookie')
	289	self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=localhost')
	290	header = headers[2]
	291	name, value = header
	292	self.assertEqual(name, 'Set-Cookie')
	293	self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=.localhost')
	294
	295	def test_factory_wo_secret_wo_secretfile_raises_ValueError(self):
	296	from repoze.who.plugins.auth_tkt import make_plugin
	297	self.assertRaises(ValueError, make_plugin)
	298
	299	def test_factory_w_secret_w_secretfile_raises_ValueError(self):
	300	from repoze.who.plugins.auth_tkt import make_plugin
	301	self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile')
	302
	303	def test_factory_w_bad_secretfile_raises_ValueError(self):
	304	from repoze.who.plugins.auth_tkt import make_plugin
	305	self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt')
	306
	307	def test_factory_w_secret(self):
	308	from repoze.who.plugins.auth_tkt import make_plugin
	309	plugin = make_plugin('secret')
	310	self.assertEqual(plugin.cookie_name, 'auth_tkt')
	311	self.assertEqual(plugin.secret, 'secret')
	312	self.assertEqual(plugin.include_ip, False)
	313	self.assertEqual(plugin.secure, False)
	314
	315	def test_factory_w_secretfile(self):
1810b2	316	import os
TS	317	from tempfile import mkdtemp
496fcf	318	from repoze.who.plugins.auth_tkt import make_plugin
1810b2	319	tempdir = self.tempdir = mkdtemp()
TS	320	path = os.path.join(tempdir, 'who.secret')
	321	secret = open(path, 'w')
	322	secret.write('s33kr1t\n')
	323	secret.flush()
	324	secret.close()
	325	plugin = make_plugin(secretfile=path)
496fcf	326	self.assertEqual(plugin.secret, 's33kr1t')
TS	327
cd1198	328	def test_factory_with_timeout_and_reissue_time(self):
CM	329	from repoze.who.plugins.auth_tkt import make_plugin
	330	plugin = make_plugin('secret', timeout=5, reissue_time=1)
	331	self.assertEqual(plugin.timeout, 5)
	332	self.assertEqual(plugin.reissue_time, 1)
	333
a6f6dc	334	def test_factory_with_userid_checker(self):
CM	335	from repoze.who.plugins.auth_tkt import make_plugin
	336	plugin = make_plugin(
	337	'secret',
	338	userid_checker='repoze.who.plugins.auth_tkt:make_plugin')
	339	self.assertEqual(plugin.userid_checker, make_plugin)
	340
cd1198	341	def test_timeout_no_reissue(self):
CM	342	self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1)
	343
	344	def test_timeout_lower_than_reissue(self):
	345	self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1,
	346	reissue_time=2)
a6f6dc	347
CM	348	def test_identify_with_checker_and_existing_account(self):
	349	plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
	350	val = self._makeTicket(userid='existing')
	351	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	352	result = plugin.identify(environ)
	353	self.assertEqual(len(result), 4)
	354	self.assertEqual(result['tokens'], [''])
	355	self.assertEqual(result['repoze.who.userid'], 'existing')
	356	self.assertEqual(result['userdata'], 'userdata')
	357	self.failUnless('timestamp' in result)
	358	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	359	self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
	360	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	361
	362	def test_identify_with_checker_and_non_existing_account(self):
	363	plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
	364	val = self._makeTicket(userid='nonexisting')
	365	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	366	original_environ = environ.copy()
	367	result = plugin.identify(environ)
	368	self.assertEqual(result, None)
	369	# The environ must not have been modified, excuding the paste.cookies
	370	# variable:
	371	del environ['paste.cookies']
	372	self.assertEqual(environ, original_environ)
299b4c	373
CM	374	def test_remember_max_age(self):
	375	plugin = self._makeOne('secret')
	376	environ = {'HTTP_HOST':'example.com'}
	377
	378	tkt = self._makeTicket(userid='chris', userdata='')
	379	result = plugin.remember(environ, {'repoze.who.userid':'chris',
	380	'max_age':'500'})
	381
	382	name,value = result.pop(0)
	383	self.assertEqual('Set-Cookie', name)
	384	self.failUnless(
	385	value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt),
	386	value)
	387	self.failUnless('; Expires=' in value)
	388
	389	name,value = result.pop(0)
	390	self.assertEqual('Set-Cookie', name)
	391	self.failUnless(
	392	value.startswith(
	393	'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
	394	% tkt), value)
	395	self.failUnless('; Expires=' in value)
	396
	397	name,value = result.pop(0)
	398	self.assertEqual('Set-Cookie', name)
	399	self.failUnless(
	400	value.startswith(
	401	'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
	402	value)
	403	self.failUnless('; Expires=' in value)
	404
	405
a6f6dc	406	def dummy_userid_checker(userid):
CM	407	return userid == 'existing'