commit | author | age
|
496fcf
|
1 |
import unittest |
TS |
2 |
|
|
3 |
class TestAuthTktCookiePlugin(unittest.TestCase): |
|
4 |
|
|
5 |
def _getTargetClass(self): |
|
6 |
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin |
|
7 |
return AuthTktCookiePlugin |
|
8 |
|
|
9 |
def _makeEnviron(self, kw=None): |
|
10 |
environ = {'wsgi.version': (1,0)} |
|
11 |
if kw is not None: |
|
12 |
environ.update(kw) |
|
13 |
environ['REMOTE_ADDR'] = '1.1.1.1' |
|
14 |
environ['SERVER_NAME'] = 'localhost' |
|
15 |
return environ |
|
16 |
|
|
17 |
def _makeOne(self, *arg, **kw): |
|
18 |
plugin = self._getTargetClass()(*arg, **kw) |
|
19 |
return plugin |
|
20 |
|
|
21 |
def _makeTicket(self, userid='userid', remote_addr='0.0.0.0', |
|
22 |
tokens = [], userdata='userdata', |
|
23 |
cookie_name='auth_tkt', secure=False): |
|
24 |
from paste.auth import auth_tkt |
|
25 |
ticket = auth_tkt.AuthTicket( |
|
26 |
'secret', |
|
27 |
userid, |
|
28 |
remote_addr, |
|
29 |
tokens=tokens, |
|
30 |
user_data=userdata, |
|
31 |
cookie_name=cookie_name, |
|
32 |
secure=secure) |
|
33 |
return ticket.cookie_value() |
|
34 |
|
|
35 |
def test_implements(self): |
|
36 |
from zope.interface.verify import verifyClass |
|
37 |
from repoze.who.interfaces import IIdentifier |
|
38 |
klass = self._getTargetClass() |
|
39 |
verifyClass(IIdentifier, klass) |
|
40 |
|
|
41 |
def test_identify_nocookie(self): |
|
42 |
plugin = self._makeOne('secret') |
|
43 |
environ = self._makeEnviron() |
|
44 |
result = plugin.identify(environ) |
|
45 |
self.assertEqual(result, None) |
|
46 |
|
|
47 |
def test_identify_good_cookie_include_ip(self): |
|
48 |
plugin = self._makeOne('secret', include_ip=True) |
|
49 |
val = self._makeTicket(remote_addr='1.1.1.1') |
|
50 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
51 |
result = plugin.identify(environ) |
|
52 |
self.assertEqual(len(result), 4) |
|
53 |
self.assertEqual(result['tokens'], ['']) |
|
54 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
55 |
self.assertEqual(result['userdata'], 'userdata') |
|
56 |
self.failUnless('timestamp' in result) |
|
57 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
58 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
59 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
60 |
|
|
61 |
def test_identify_good_cookie_dont_include_ip(self): |
|
62 |
plugin = self._makeOne('secret', include_ip=False) |
|
63 |
val = self._makeTicket() |
|
64 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
65 |
result = plugin.identify(environ) |
|
66 |
self.assertEqual(len(result), 4) |
|
67 |
self.assertEqual(result['tokens'], ['']) |
|
68 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
69 |
self.assertEqual(result['userdata'], 'userdata') |
|
70 |
self.failUnless('timestamp' in result) |
|
71 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
72 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
73 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
74 |
|
|
75 |
def test_identify_good_cookie_int_useridtype(self): |
|
76 |
plugin = self._makeOne('secret', include_ip=False) |
|
77 |
val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
78 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
79 |
result = plugin.identify(environ) |
|
80 |
self.assertEqual(len(result), 4) |
|
81 |
self.assertEqual(result['tokens'], ['']) |
|
82 |
self.assertEqual(result['repoze.who.userid'], 1) |
|
83 |
self.assertEqual(result['userdata'], 'userid_type:int') |
|
84 |
self.failUnless('timestamp' in result) |
|
85 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
86 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int') |
|
87 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
88 |
|
|
89 |
def test_identify_good_cookie_unknown_useridtype(self): |
|
90 |
plugin = self._makeOne('secret', include_ip=False) |
|
91 |
val = self._makeTicket(userid='userid', userdata='userid_type:unknown') |
|
92 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
93 |
result = plugin.identify(environ) |
|
94 |
self.assertEqual(len(result), 4) |
|
95 |
self.assertEqual(result['tokens'], ['']) |
|
96 |
self.assertEqual(result['repoze.who.userid'], 'userid') |
|
97 |
self.assertEqual(result['userdata'], 'userid_type:unknown') |
|
98 |
self.failUnless('timestamp' in result) |
|
99 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
100 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown') |
|
101 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
102 |
|
|
103 |
def test_identify_bad_cookie(self): |
|
104 |
plugin = self._makeOne('secret', include_ip=True) |
|
105 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) |
|
106 |
result = plugin.identify(environ) |
|
107 |
self.assertEqual(result, None) |
|
108 |
|
|
109 |
def test_remember_creds_same(self): |
|
110 |
plugin = self._makeOne('secret') |
|
111 |
val = self._makeTicket(userid='userid') |
|
112 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
113 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
114 |
'userdata':'userdata'}) |
|
115 |
self.assertEqual(result, None) |
|
116 |
|
|
117 |
def test_remember_creds_different(self): |
|
118 |
plugin = self._makeOne('secret') |
|
119 |
old_val = self._makeTicket(userid='userid') |
|
120 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
121 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
122 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
123 |
'userdata':'userdata'}) |
|
124 |
self.assertEqual(len(result), 3) |
|
125 |
self.assertEqual(result[0], |
|
126 |
('Set-Cookie', |
|
127 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
128 |
self.assertEqual(result[1], |
|
129 |
('Set-Cookie', |
2afbb8
|
130 |
'auth_tkt="%s"; Path=/; Domain=localhost' |
TS |
131 |
% new_val)) |
496fcf
|
132 |
self.assertEqual(result[2], |
TS |
133 |
('Set-Cookie', |
2afbb8
|
134 |
'auth_tkt="%s"; Path=/; Domain=.localhost' |
TS |
135 |
% new_val)) |
496fcf
|
136 |
|
TS |
137 |
def test_remember_creds_different_int_userid(self): |
|
138 |
plugin = self._makeOne('secret') |
|
139 |
old_val = self._makeTicket(userid='userid') |
|
140 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
141 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
142 |
result = plugin.remember(environ, {'repoze.who.userid':1, |
|
143 |
'userdata':''}) |
|
144 |
|
|
145 |
self.assertEqual(len(result), 3) |
|
146 |
self.assertEqual(result[0], |
|
147 |
('Set-Cookie', |
|
148 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
149 |
|
|
150 |
def test_remember_creds_different_long_userid(self): |
|
151 |
plugin = self._makeOne('secret') |
|
152 |
old_val = self._makeTicket(userid='userid') |
|
153 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
154 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
155 |
result = plugin.remember(environ, {'repoze.who.userid':long(1), |
|
156 |
'userdata':''}) |
|
157 |
self.assertEqual(len(result), 3) |
|
158 |
self.assertEqual(result[0], |
|
159 |
('Set-Cookie', |
|
160 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
161 |
|
|
162 |
def test_remember_creds_different_unicode_userid(self): |
|
163 |
plugin = self._makeOne('secret') |
|
164 |
old_val = self._makeTicket(userid='userid') |
|
165 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
166 |
userid = unicode('\xc2\xa9', 'utf-8') |
|
167 |
new_val = self._makeTicket(userid=userid.encode('utf-8'), |
|
168 |
userdata='userid_type:unicode') |
|
169 |
result = plugin.remember(environ, {'repoze.who.userid':userid, |
|
170 |
'userdata':''}) |
|
171 |
self.assertEqual(type(result[0][1]), str) |
|
172 |
self.assertEqual(len(result), 3) |
|
173 |
self.assertEqual(result[0], |
|
174 |
('Set-Cookie', |
|
175 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
176 |
|
|
177 |
def test_forget(self): |
|
178 |
plugin = self._makeOne('secret') |
|
179 |
environ = self._makeEnviron() |
|
180 |
headers = plugin.forget(environ, None) |
|
181 |
self.assertEqual(len(headers), 3) |
|
182 |
header = headers[0] |
|
183 |
name, value = header |
|
184 |
self.assertEqual(name, 'Set-Cookie') |
|
185 |
self.assertEqual(value, 'auth_tkt=""""; Path=/') |
|
186 |
header = headers[1] |
|
187 |
name, value = header |
|
188 |
self.assertEqual(name, 'Set-Cookie') |
|
189 |
self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=localhost') |
|
190 |
header = headers[2] |
|
191 |
name, value = header |
|
192 |
self.assertEqual(name, 'Set-Cookie') |
|
193 |
self.assertEqual(value, 'auth_tkt=""""; Path=/; Domain=.localhost') |
|
194 |
|
|
195 |
def test_factory_wo_secret_wo_secretfile_raises_ValueError(self): |
|
196 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
197 |
self.assertRaises(ValueError, make_plugin) |
|
198 |
|
|
199 |
def test_factory_w_secret_w_secretfile_raises_ValueError(self): |
|
200 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
201 |
self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile') |
|
202 |
|
|
203 |
def test_factory_w_bad_secretfile_raises_ValueError(self): |
|
204 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
205 |
self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt') |
|
206 |
|
|
207 |
def test_factory_w_secret(self): |
|
208 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
209 |
plugin = make_plugin('secret') |
|
210 |
self.assertEqual(plugin.cookie_name, 'auth_tkt') |
|
211 |
self.assertEqual(plugin.secret, 'secret') |
|
212 |
self.assertEqual(plugin.include_ip, False) |
|
213 |
self.assertEqual(plugin.secure, False) |
|
214 |
|
|
215 |
def test_factory_w_secretfile(self): |
|
216 |
from tempfile import NamedTemporaryFile |
|
217 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
218 |
ntf = NamedTemporaryFile() |
|
219 |
ntf.write('s33kr1t\n') |
|
220 |
ntf.flush() |
|
221 |
plugin = make_plugin(secretfile=ntf.name) |
|
222 |
self.assertEqual(plugin.secret, 's33kr1t') |
|
223 |
|