RedHatTraining/repoze.who.git

Added alternate hash support to auth_tkt plugin

David Tulloh

2016-04-20 7483ece150564b242ba0ac5c091319ee570dd9e1

commit \| author \| age
496fcf	1	import unittest
TS	2
9c1e6f	3
496fcf	4	class TestAuthTktCookiePlugin(unittest.TestCase):
1810b2	5	tempdir = None
798feb	6	_now_testing = None
1810b2	7
TS	8	def setUp(self):
	9	pass
	10
	11	def tearDown(self):
	12	if self.tempdir is not None:
	13	import shutil
	14	shutil.rmtree(self.tempdir)
798feb	15	if self._now_testing is not None:
TS	16	self._setNowTesting(self._now_testing)
496fcf	17
TS	18	def _getTargetClass(self):
	19	from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
	20	return AuthTktCookiePlugin
	21
	22	def _makeEnviron(self, kw=None):
02a504	23	from wsgiref.util import setup_testing_defaults
AO	24	environ = {}
	25	setup_testing_defaults(environ)
496fcf	26	if kw is not None:
TS	27	environ.update(kw)
	28	environ['REMOTE_ADDR'] = '1.1.1.1'
02a504	29	environ['HTTP_HOST'] = 'localhost'
496fcf	30	return environ
TS	31
b0f81f	32	def _makeOne(self, secret='s33kr3t', arg, *kw):
TS	33	plugin = self._getTargetClass()(secret, arg, *kw)
496fcf	34	return plugin
TS	35
	36	def _makeTicket(self, userid='userid', remote_addr='0.0.0.0',
	37	tokens = [], userdata='userdata',
cd1198	38	cookie_name='auth_tkt', secure=False,
7483ec	39	time=None, digest_algo="md5"):
02a504	40	import repoze.who._auth_tkt as auth_tkt
496fcf	41	ticket = auth_tkt.AuthTicket(
TS	42	'secret',
	43	userid,
	44	remote_addr,
	45	tokens=tokens,
	46	user_data=userdata,
cd1198	47	time=time,
496fcf	48	cookie_name=cookie_name,
7483ec	49	secure=secure,
DT	50	digest_algo=digest_algo)
496fcf	51	return ticket.cookie_value()
798feb	52
TS	53	def _setNowTesting(self, value):
	54	from repoze.who.plugins import auth_tkt
4f3525	55	auth_tkt._UTCNOW, self._now_testing = value, auth_tkt._UTCNOW
496fcf	56
b0f81f	57	def test_class_conforms_to_IIdentifier(self):
496fcf	58	from zope.interface.verify import verifyClass
TS	59	from repoze.who.interfaces import IIdentifier
	60	klass = self._getTargetClass()
	61	verifyClass(IIdentifier, klass)
b0f81f	62
TS	63	def test_instance_conforms_to_IIdentifier(self):
	64	from zope.interface.verify import verifyObject
	65	from repoze.who.interfaces import IIdentifier
	66	klass = self._getTargetClass()
	67	verifyObject(IIdentifier, self._makeOne())
	68
	69	def test_class_conforms_to_IAuthenticator(self):
	70	from zope.interface.verify import verifyClass
	71	from repoze.who.interfaces import IAuthenticator
	72	klass = self._getTargetClass()
	73	verifyClass(IAuthenticator, klass)
	74
	75	def test_instance_conforms_to_IAuthenticator(self):
	76	from zope.interface.verify import verifyObject
	77	from repoze.who.interfaces import IAuthenticator
	78	klass = self._getTargetClass()
	79	verifyObject(IAuthenticator, self._makeOne())
	80
	81	def test_timeout_no_reissue(self):
	82	self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1)
	83
	84	def test_timeout_lower_than_reissue(self):
	85	self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1,
	86	reissue_time=2)
496fcf	87
TS	88	def test_identify_nocookie(self):
	89	plugin = self._makeOne('secret')
	90	environ = self._makeEnviron()
	91	result = plugin.identify(environ)
	92	self.assertEqual(result, None)
	93
	94	def test_identify_good_cookie_include_ip(self):
	95	plugin = self._makeOne('secret', include_ip=True)
8f8dfc	96	val = self._makeTicket(remote_addr='1.1.1.1', userdata='foo=123')
496fcf	97	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	98	result = plugin.identify(environ)
	99	self.assertEqual(len(result), 4)
	100	self.assertEqual(result['tokens'], [''])
b0f81f	101	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
8f8dfc	102	self.assertEqual(result['userdata'], {'foo': '123'})
6e8328	103	self.assertTrue('timestamp' in result)
496fcf	104	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
8f8dfc	105	self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
496fcf	106	self.assertEqual(environ['AUTH_TYPE'],'cookie')
TS	107
	108	def test_identify_good_cookie_dont_include_ip(self):
	109	plugin = self._makeOne('secret', include_ip=False)
8f8dfc	110	val = self._makeTicket(userdata='foo=123')
496fcf	111	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	112	result = plugin.identify(environ)
	113	self.assertEqual(len(result), 4)
	114	self.assertEqual(result['tokens'], [''])
b0f81f	115	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
8f8dfc	116	self.assertEqual(result['userdata'], {'foo': '123'})
6e8328	117	self.assertTrue('timestamp' in result)
496fcf	118	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
8f8dfc	119	self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
496fcf	120	self.assertEqual(environ['AUTH_TYPE'],'cookie')
TS	121
	122	def test_identify_good_cookie_int_useridtype(self):
	123	plugin = self._makeOne('secret', include_ip=False)
8f8dfc	124	val = self._makeTicket(userid='1', userdata='userid_type=int')
496fcf	125	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	126	result = plugin.identify(environ)
	127	self.assertEqual(len(result), 4)
	128	self.assertEqual(result['tokens'], [''])
b0f81f	129	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 1)
8f8dfc	130	self.assertEqual(result['userdata'], {'userid_type': 'int'})
6e8328	131	self.assertTrue('timestamp' in result)
496fcf	132	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
8f8dfc	133	self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=int')
496fcf	134	self.assertEqual(environ['AUTH_TYPE'],'cookie')
TS	135
	136	def test_identify_good_cookie_unknown_useridtype(self):
	137	plugin = self._makeOne('secret', include_ip=False)
8f8dfc	138	val = self._makeTicket(userid='userid', userdata='userid_type=unknown')
496fcf	139	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	140	result = plugin.identify(environ)
	141	self.assertEqual(len(result), 4)
	142	self.assertEqual(result['tokens'], [''])
b0f81f	143	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
8f8dfc	144	self.assertEqual(result['userdata'], {'userid_type':'unknown'})
6e8328	145	self.assertTrue('timestamp' in result)
496fcf	146	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
8f8dfc	147	self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=unknown')
496fcf	148	self.assertEqual(environ['AUTH_TYPE'],'cookie')
TS	149
	150	def test_identify_bad_cookie(self):
	151	plugin = self._makeOne('secret', include_ip=True)
	152	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'})
	153	result = plugin.identify(environ)
	154	self.assertEqual(result, None)
	155
cd1198	156	def test_identify_bad_cookie_expired(self):
CM	157	import time
	158	plugin = self._makeOne('secret', timeout=2, reissue_time=1)
	159	val = self._makeTicket(userid='userid', time=time.time()-3)
	160	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	161	result = plugin.identify(environ)
	162	self.assertEqual(result, None)
b0f81f	163
TS	164	def test_identify_with_checker_and_existing_account(self):
	165	plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
8f8dfc	166	val = self._makeTicket(userid='existing', userdata='foo=123')
b0f81f	167	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	168	result = plugin.identify(environ)
	169	self.assertEqual(len(result), 4)
	170	self.assertEqual(result['tokens'], [''])
	171	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'existing')
8f8dfc	172	self.assertEqual(result['userdata'], {'foo': '123'})
6e8328	173	self.assertTrue('timestamp' in result)
b0f81f	174	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
8f8dfc	175	self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
b0f81f	176	self.assertEqual(environ['AUTH_TYPE'],'cookie')
cd1198	177
7483ec	178	def test_identify_with_alternate_hash(self):
DT	179	plugin = self._makeOne('secret', include_ip=False, digest_algo="sha256")
	180	val = self._makeTicket(userdata='foo=123', digest_algo="sha256")
	181	md5_val = self._makeTicket(userdata='foo=123')
	182	self.assertNotEqual(val, md5_val)
	183	# md5 is 162 characters long, sha256 is 322
	184	self.assertEqual(len(val), len(md5_val)+32)
	185	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	186	result = plugin.identify(environ)
	187	self.assertEqual(len(result), 4)
	188	self.assertEqual(result['tokens'], [''])
	189	self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
	190	self.assertEqual(result['userdata'], {'foo': '123'})
	191	self.assertTrue('timestamp' in result)
	192	self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
	193	self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
	194	self.assertEqual(environ['AUTH_TYPE'],'cookie')
	195
	196	def test_identify_bad_cookie_with_alternate_hash(self):
	197	plugin = self._makeOne('secret', include_ip=True, digest_algo="sha256")
	198	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'})
	199	result = plugin.identify(environ)
	200	self.assertEqual(result, None)
	201
496fcf	202	def test_remember_creds_same(self):
TS	203	plugin = self._makeOne('secret')
8f8dfc	204	val = self._makeTicket(userid='userid', userdata='foo=123')
496fcf	205	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
TS	206	result = plugin.remember(environ, {'repoze.who.userid':'userid',
8f8dfc	207	'userdata':{'foo': '123'}})
6e8328	208	self.assertEqual(result, None)
7483ec	209
DT	210	def test_remember_creds_same_alternate_hash(self):
	211	plugin = self._makeOne('secret', digest_algo="sha1")
	212	val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1")
	213	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
	214	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	215	'userdata':{'foo': '123'}})
	216	self.assertEqual(result, None)
	217
	218	def test_remember_creds_hash_mismatch(self):
	219	plugin = self._makeOne('secret', digest_algo="sha1")
	220	old_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="md5")
	221	new_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1")
	222	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	223	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	224	'userdata':{'foo': '123'}})
	225	self.assertEqual(len(result), 3)
	226	self.assertEqual(result[0],
	227	('Set-Cookie',
	228	'auth_tkt="%s"; '
	229	'Path=/' % new_val))
	230	self.assertEqual(result[1],
	231	('Set-Cookie',
	232	'auth_tkt="%s"; '
	233	'Path=/; '
	234	'Domain=localhost'
	235	% new_val))
	236	self.assertEqual(result[2],
	237	('Set-Cookie',
	238	'auth_tkt="%s"; '
	239	'Path=/; '
	240	'Domain=.localhost'
	241	% new_val))
	242
	243	def test_remember_creds_secure_alternate_hash(self):
	244	plugin = self._makeOne('secret', secure=True, digest_algo="sha512")
	245	val = self._makeTicket(userid='userid', secure=True, userdata='foo=123', digest_algo="sha512")
	246	environ = self._makeEnviron()
	247	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	248	'userdata':{'foo':'123'}})
	249	self.assertEqual(len(result), 3)
	250	self.assertEqual(result[0],
	251	('Set-Cookie',
	252	'auth_tkt="%s"; '
	253	'Path=/; '
	254	'secure; '
	255	'HttpOnly' % val))
	256	self.assertEqual(result[1],
	257	('Set-Cookie',
	258	'auth_tkt="%s"; '
	259	'Path=/; '
	260	'Domain=localhost; '
	261	'secure; HttpOnly'
	262	% val))
	263	self.assertEqual(result[2],
	264	('Set-Cookie',
	265	'auth_tkt="%s"; '
	266	'Path=/; '
	267	'Domain=.localhost; '
	268	'secure; HttpOnly'
	269	% val))
496fcf	270
d7e647	271	def test_remember_creds_secure(self):
BS	272	plugin = self._makeOne('secret', secure=True)
8f8dfc	273	val = self._makeTicket(userid='userid', secure=True, userdata='foo=123')
d7e647	274	environ = self._makeEnviron()
BS	275	result = plugin.remember(environ, {'repoze.who.userid':'userid',
8f8dfc	276	'userdata':{'foo':'123'}})
d7e647	277	self.assertEqual(len(result), 3)
BS	278	self.assertEqual(result[0],
	279	('Set-Cookie',
7f9907	280	'auth_tkt="%s"; '
TS	281	'Path=/; '
	282	'secure; '
	283	'HttpOnly' % val))
d7e647	284	self.assertEqual(result[1],
BS	285	('Set-Cookie',
7f9907	286	'auth_tkt="%s"; '
TS	287	'Path=/; '
	288	'Domain=localhost; '
	289	'secure; HttpOnly'
d7e647	290	% val))
BS	291	self.assertEqual(result[2],
	292	('Set-Cookie',
7f9907	293	'auth_tkt="%s"; '
TS	294	'Path=/; '
	295	'Domain=.localhost; '
	296	'secure; HttpOnly'
d7e647	297	% val))
BS	298
496fcf	299	def test_remember_creds_different(self):
TS	300	plugin = self._makeOne('secret')
	301	old_val = self._makeTicket(userid='userid')
	302	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
8f8dfc	303	new_val = self._makeTicket(userid='other', userdata='foo=123')
496fcf	304	result = plugin.remember(environ, {'repoze.who.userid':'other',
8f8dfc	305	'userdata':{'foo':'123'}})
496fcf	306	self.assertEqual(len(result), 3)
TS	307	self.assertEqual(result[0],
	308	('Set-Cookie',
7f9907	309	'auth_tkt="%s"; '
TS	310	'Path=/' % new_val))
496fcf	311	self.assertEqual(result[1],
TS	312	('Set-Cookie',
7f9907	313	'auth_tkt="%s"; '
TS	314	'Path=/; '
	315	'Domain=localhost'
2afbb8	316	% new_val))
496fcf	317	self.assertEqual(result[2],
TS	318	('Set-Cookie',
7f9907	319	'auth_tkt="%s"; '
TS	320	'Path=/; '
	321	'Domain=.localhost'
	322	% new_val))
	323
	324	def test_remember_creds_different_strips_port(self):
	325	plugin = self._makeOne('secret')
	326	old_val = self._makeTicket(userid='userid')
	327	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val,
	328	'HTTP_HOST': 'localhost:8080',
	329	})
8f8dfc	330	new_val = self._makeTicket(userid='other', userdata='foo=123')
7f9907	331	result = plugin.remember(environ, {'repoze.who.userid':'other',
8f8dfc	332	'userdata':{'foo': '123'}})
7f9907	333	self.assertEqual(len(result), 3)
TS	334	self.assertEqual(result[0],
	335	('Set-Cookie',
	336	'auth_tkt="%s"; '
	337	'Path=/' % new_val))
	338	self.assertEqual(result[1],
	339	('Set-Cookie',
	340	'auth_tkt="%s"; '
	341	'Path=/; '
	342	'Domain=localhost'
	343	% new_val))
	344	self.assertEqual(result[2],
	345	('Set-Cookie',
	346	'auth_tkt="%s"; '
	347	'Path=/; '
	348	'Domain=.localhost'
2afbb8	349	% new_val))
496fcf	350
394ea6	351	def test_remember_creds_different_include_ip(self):
TS	352	plugin = self._makeOne('secret', include_ip=True)
	353	old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1')
	354	environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val})
	355	new_val = self._makeTicket(userid='other',
8f8dfc	356	userdata='foo=123',
394ea6	357	remote_addr='1.1.1.1')
TS	358	result = plugin.remember(environ, {'repoze.who.userid':'other',
8f8dfc	359	'userdata':{'foo': '123'}})
394ea6	360	self.assertEqual(len(result), 3)
TS	361	self.assertEqual(result[0],
	362	('Set-Cookie',
7f9907	363	'auth_tkt="%s"; '
TS	364	'Path=/' % new_val))
394ea6	365	self.assertEqual(result[1],
TS	366	('Set-Cookie',
7f9907	367	'auth_tkt="%s"; '
TS	368	'Path=/; '
	369	'Domain=localhost'
394ea6	370	% new_val))
TS	371	self.assertEqual(result[2],
	372	('Set-Cookie',
7f9907	373	'auth_tkt="%s"; '
TS	374	'Path=/; '
	375	'Domain=.localhost'
394ea6	376	% new_val))
TS	377
	378	def test_remember_creds_different_bad_old_cookie(self):
	379	plugin = self._makeOne('secret')
	380	old_val = 'BOGUS'
	381	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
8f8dfc	382	new_val = self._makeTicket(userid='other', userdata='foo=123')
394ea6	383	result = plugin.remember(environ, {'repoze.who.userid':'other',
8f8dfc	384	'userdata':{'foo': '123'}})
394ea6	385	self.assertEqual(len(result), 3)
TS	386	self.assertEqual(result[0],
	387	('Set-Cookie',
7f9907	388	'auth_tkt="%s"; '
TS	389	'Path=/' % new_val))
394ea6	390	self.assertEqual(result[1],
TS	391	('Set-Cookie',
7f9907	392	'auth_tkt="%s"; '
TS	393	'Path=/; '
	394	'Domain=localhost'
394ea6	395	% new_val))
TS	396	self.assertEqual(result[2],
	397	('Set-Cookie',
7f9907	398	'auth_tkt="%s"; '
TS	399	'Path=/; '
	400	'Domain=.localhost'
394ea6	401	% new_val))
TS	402
fc9a88	403	def test_remember_creds_different_with_tokens(self):
394ea6	404	plugin = self._makeOne('secret')
TS	405	old_val = self._makeTicket(userid='userid')
	406	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
fc9a88	407	new_val = self._makeTicket(userid='userid',
8f8dfc	408	userdata='foo=123',
fc9a88	409	tokens=['foo', 'bar'],
394ea6	410	)
fc9a88	411	result = plugin.remember(environ, {'repoze.who.userid': 'userid',
8f8dfc	412	'userdata': {'foo': '123'},
394ea6	413	'tokens': ['foo', 'bar'],
TS	414	})
	415	self.assertEqual(len(result), 3)
	416	self.assertEqual(result[0],
	417	('Set-Cookie',
7f9907	418	'auth_tkt="%s"; '
TS	419	'Path=/' % new_val))
394ea6	420	self.assertEqual(result[1],
TS	421	('Set-Cookie',
7f9907	422	'auth_tkt="%s"; '
TS	423	'Path=/; Domain=localhost'
394ea6	424	% new_val))
TS	425	self.assertEqual(result[2],
	426	('Set-Cookie',
7f9907	427	'auth_tkt="%s"; '
TS	428	'Path=/; '
	429	'Domain=.localhost'
394ea6	430	% new_val))
TS	431
fc9a88	432	def test_remember_creds_different_with_tuple_tokens(self):
BS	433	plugin = self._makeOne('secret')
	434	old_val = self._makeTicket(userid='userid')
	435	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	436	new_val = self._makeTicket(userid='userid',
8f8dfc	437	userdata='foo=123',
fc9a88	438	tokens=['foo', 'bar'],
BS	439	)
	440	result = plugin.remember(environ, {'repoze.who.userid': 'userid',
8f8dfc	441	'userdata': {'foo': '123'},
fc9a88	442	'tokens': ('foo', 'bar'),
BS	443	})
	444	self.assertEqual(len(result), 3)
	445	self.assertEqual(result[0],
	446	('Set-Cookie',
7f9907	447	'auth_tkt="%s"; '
TS	448	'Path=/' % new_val))
fc9a88	449	self.assertEqual(result[1],
BS	450	('Set-Cookie',
7f9907	451	'auth_tkt="%s"; '
TS	452	'Path=/; '
	453	'Domain=localhost'
fc9a88	454	% new_val))
BS	455	self.assertEqual(result[2],
	456	('Set-Cookie',
7f9907	457	'auth_tkt="%s"; '
TS	458	'Path=/; '
	459	'Domain=.localhost'
fc9a88	460	% new_val))
BS	461
496fcf	462	def test_remember_creds_different_int_userid(self):
TS	463	plugin = self._makeOne('secret')
	464	old_val = self._makeTicket(userid='userid')
	465	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
8f8dfc	466	new_val = self._makeTicket(userid='1', userdata='userid_type=int')
496fcf	467	result = plugin.remember(environ, {'repoze.who.userid':1,
8f8dfc	468	'userdata':{}})
MM	469
496fcf	470	self.assertEqual(len(result), 3)
TS	471	self.assertEqual(result[0],
	472	('Set-Cookie',
d6fa0a	473	'auth_tkt="%s"; Path=/' % new_val))
496fcf	474
TS	475	def test_remember_creds_different_long_userid(self):
6a32cd	476	try:
TS	477	long
	478	except NameError: #pragma NO COVER Python >= 3.0
	479	return
496fcf	480	plugin = self._makeOne('secret')
TS	481	old_val = self._makeTicket(userid='userid')
	482	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
8f8dfc	483	new_val = self._makeTicket(userid='1', userdata='userid_type=int')
496fcf	484	result = plugin.remember(environ, {'repoze.who.userid':long(1),
8f8dfc	485	'userdata':{}})
496fcf	486	self.assertEqual(len(result), 3)
TS	487	self.assertEqual(result[0],
	488	('Set-Cookie',
d6fa0a	489	'auth_tkt="%s"; Path=/' % new_val))
496fcf	490
TS	491	def test_remember_creds_different_unicode_userid(self):
	492	plugin = self._makeOne('secret')
	493	old_val = self._makeTicket(userid='userid')
	494	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
6a32cd	495	userid = b'\xc2\xa9'.decode('utf-8')
d6fa0a	496	if type(b'') == type(''):
8729b3	497	userdata = 'userid_type=unicode'
d13829	498	else: # pragma: no cover Py3k
d6fa0a	499	userdata = ''
496fcf	500	new_val = self._makeTicket(userid=userid.encode('utf-8'),
d6fa0a	501	userdata=userdata)
496fcf	502	result = plugin.remember(environ, {'repoze.who.userid':userid,
8f8dfc	503	'userdata':{}})
496fcf	504	self.assertEqual(type(result[0][1]), str)
TS	505	self.assertEqual(len(result), 3)
	506	self.assertEqual(result[0],
	507	('Set-Cookie',
d6fa0a	508	'auth_tkt="%s"; Path=/' % new_val))
496fcf	509
cd1198	510	def test_remember_creds_reissue(self):
CM	511	import time
	512	plugin = self._makeOne('secret', reissue_time=1)
798feb	513	old_val = self._makeTicket(userid='userid', userdata='',
TS	514	time=time.time()-2)
cd1198	515	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
CM	516	new_val = self._makeTicket(userid='userid', userdata='')
	517	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	518	'userdata':''})
	519	self.assertEqual(type(result[0][1]), str)
	520	self.assertEqual(len(result), 3)
	521	self.assertEqual(result[0],
	522	('Set-Cookie',
d6fa0a	523	'auth_tkt="%s"; Path=/' % new_val))
cd1198	524
7483ec	525	def test_remember_creds_reissue_alternate_hash(self):
DT	526	import time
	527	plugin = self._makeOne('secret', reissue_time=1, digest_algo="sha256")
	528	old_val = self._makeTicket(userid='userid', userdata='',
	529	time=time.time()-2, digest_algo="sha256")
	530	environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
	531	new_val = self._makeTicket(userid='userid', userdata='',
	532	digest_algo="sha256")
	533	result = plugin.remember(environ, {'repoze.who.userid':'userid',
	534	'userdata':''})
	535	self.assertEqual(type(result[0][1]), str)
	536	self.assertEqual(len(result), 3)
	537	self.assertEqual(result[0],
	538	('Set-Cookie',
	539	'auth_tkt="%s"; Path=/' % new_val))
	540
4f3525	541	def test_l10n_sane_cookie_date(self):
TS	542	from datetime import datetime
	543
	544	now = datetime(2009, 11, 8, 16, 15, 22)
	545	self._setNowTesting(now)
	546
b0f81f	547	plugin = self._makeOne('secret')
4f3525	548	environ = {'HTTP_HOST': 'example.com'}
TS	549
b0f81f	550	tkt = self._makeTicket(userid='chris', userdata='')
4f3525	551
TS	552
	553	result = plugin.remember(environ, {'repoze.who.userid': 'chris',
	554	'max_age': '500'})
	555	name, value = result.pop(0)
	556
	557	self.assertEqual('Set-Cookie', name)
826ba0	558	self.assertTrue(
4f3525	559	value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))
TS	560
	561	def test_remember_max_age(self):
	562	from datetime import datetime
	563
	564	now = datetime(2009, 11, 8, 16, 15, 22)
	565	self._setNowTesting(now)
	566
	567	plugin = self._makeOne('secret')
	568	environ = {'HTTP_HOST': 'example.com'}
	569
	570	tkt = self._makeTicket(userid='chris', userdata='')
	571	result = plugin.remember(environ, {'repoze.who.userid': 'chris',
	572	'max_age': '500'})
	573
	574	name, value = result.pop(0)
b0f81f	575	self.assertEqual('Set-Cookie', name)
826ba0	576	self.assertTrue(
b0f81f	577	value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt),
TS	578	value)
826ba0	579	self.assertTrue(
4f3525	580	value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))
b0f81f	581
4f3525	582	name, value = result.pop(0)
b0f81f	583	self.assertEqual('Set-Cookie', name)
826ba0	584	self.assertTrue(
b0f81f	585	value.startswith(
4f3525	586	'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
TS	587	% tkt), value)
826ba0	588	self.assertTrue(
4f3525	589	value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))
TS	590
	591	name, value = result.pop(0)
	592	self.assertEqual('Set-Cookie', name)
826ba0	593	self.assertTrue(
4f3525	594	value.startswith(
TS	595	'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
b0f81f	596	value)
826ba0	597	self.assertTrue(
4f3525	598	value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))
b0f81f	599
496fcf	600	def test_forget(self):
798feb	601	from datetime import datetime
TS	602	now = datetime(2009, 11, 5, 16, 15, 22)
	603	self._setNowTesting(now)
496fcf	604	plugin = self._makeOne('secret')
TS	605	environ = self._makeEnviron()
	606	headers = plugin.forget(environ, None)
	607	self.assertEqual(len(headers), 3)
	608	header = headers[0]
	609	name, value = header
	610	self.assertEqual(name, 'Set-Cookie')
798feb	611	self.assertEqual(value,
TS	612	'auth_tkt="INVALID"; Path=/; '
4f3525	613	'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
798feb	614	)
496fcf	615	header = headers[1]
TS	616	name, value = header
	617	self.assertEqual(name, 'Set-Cookie')
798feb	618	self.assertEqual(value,
TS	619	'auth_tkt="INVALID"; Path=/; Domain=localhost; '
4f3525	620	'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
798feb	621	)
496fcf	622	header = headers[2]
TS	623	name, value = header
	624	self.assertEqual(name, 'Set-Cookie')
798feb	625	self.assertEqual(value,
TS	626	'auth_tkt="INVALID"; Path=/; Domain=.localhost; '
4f3525	627	'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
798feb	628	)
b0f81f	629
TS	630	def test_authenticate_non_auth_tkt_credentials(self):
	631	plugin = self._makeOne()
	632	self.assertEqual(plugin.authenticate(environ={}, identity={}), None)
	633
	634	def test_authenticate_without_checker(self):
	635	plugin = self._makeOne()
	636	identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'}
	637	self.assertEqual(plugin.authenticate({}, identity), 'phred')
	638
	639	def test_authenticate_with_checker_and_non_existing_account(self):
	640	plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
	641	identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'}
	642	self.assertEqual(plugin.authenticate({}, identity), None)
	643
	644	def test_authenticate_with_checker_and_existing_account(self):
	645	plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
	646	identity = {'repoze.who.plugins.auth_tkt.userid': 'existing'}
	647	self.assertEqual(plugin.authenticate({}, identity), 'existing')
496fcf	648
TS	649	def test_factory_wo_secret_wo_secretfile_raises_ValueError(self):
	650	from repoze.who.plugins.auth_tkt import make_plugin
	651	self.assertRaises(ValueError, make_plugin)
	652
	653	def test_factory_w_secret_w_secretfile_raises_ValueError(self):
	654	from repoze.who.plugins.auth_tkt import make_plugin
	655	self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile')
	656
	657	def test_factory_w_bad_secretfile_raises_ValueError(self):
	658	from repoze.who.plugins.auth_tkt import make_plugin
	659	self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt')
	660
	661	def test_factory_w_secret(self):
	662	from repoze.who.plugins.auth_tkt import make_plugin
	663	plugin = make_plugin('secret')
	664	self.assertEqual(plugin.cookie_name, 'auth_tkt')
	665	self.assertEqual(plugin.secret, 'secret')
	666	self.assertEqual(plugin.include_ip, False)
	667	self.assertEqual(plugin.secure, False)
	668
	669	def test_factory_w_secretfile(self):
1810b2	670	import os
TS	671	from tempfile import mkdtemp
496fcf	672	from repoze.who.plugins.auth_tkt import make_plugin
1810b2	673	tempdir = self.tempdir = mkdtemp()
TS	674	path = os.path.join(tempdir, 'who.secret')
	675	secret = open(path, 'w')
	676	secret.write('s33kr1t\n')
	677	secret.flush()
	678	secret.close()
	679	plugin = make_plugin(secretfile=path)
496fcf	680	self.assertEqual(plugin.secret, 's33kr1t')
TS	681
cd1198	682	def test_factory_with_timeout_and_reissue_time(self):
CM	683	from repoze.who.plugins.auth_tkt import make_plugin
	684	plugin = make_plugin('secret', timeout=5, reissue_time=1)
	685	self.assertEqual(plugin.timeout, 5)
	686	self.assertEqual(plugin.reissue_time, 1)
	687
a6f6dc	688	def test_factory_with_userid_checker(self):
CM	689	from repoze.who.plugins.auth_tkt import make_plugin
	690	plugin = make_plugin(
	691	'secret',
	692	userid_checker='repoze.who.plugins.auth_tkt:make_plugin')
	693	self.assertEqual(plugin.userid_checker, make_plugin)
299b4c	694
7483ec	695	def test_factory_with_alternate_hash(self):
DT	696	from repoze.who.plugins.auth_tkt import make_plugin
	697	import hashlib
	698	plugin = make_plugin('secret', digest_algo="sha1")
	699	self.assertEqual(plugin.digest_algo, hashlib.sha1)
	700
	701	def test_factory_with_alternate_hash_func(self):
	702	from repoze.who.plugins.auth_tkt import make_plugin
	703	import hashlib
	704	plugin = make_plugin('secret', digest_algo=hashlib.sha1)
	705	self.assertEqual(plugin.digest_algo, hashlib.sha1)
	706
	707	def test_factory_with_bogus_hash(self):
	708	from repoze.who.plugins.auth_tkt import make_plugin
	709	self.assertRaises(ValueError, make_plugin,
	710	secret="fiddly", digest_algo='foo23')
	711
15e365	712	def test_remember_max_age_unicode(self):
6a32cd	713	from repoze.who._compat import u
15e365	714	plugin = self._makeOne('secret')
TS	715	environ = {'HTTP_HOST':'example.com'}
	716	tkt = self._makeTicket(userid='chris', userdata='')
	717	result = plugin.remember(environ, {'repoze.who.userid': 'chris',
6919cb	718	'max_age': u('500')})
TS	719	name, value = result.pop(0)
15e365	720	self.assertEqual('Set-Cookie', name)
826ba0	721	self.assertTrue(isinstance(value, str))
TS	722	self.assertTrue(
15e365	723	value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt),
TS	724	(value, tkt))
826ba0	725	self.assertTrue('; Expires=' in value)
15e365	726
TS	727	name,value = result.pop(0)
	728	self.assertEqual('Set-Cookie', name)
826ba0	729	self.assertTrue(
15e365	730	value.startswith(
TS	731	'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
	732	% tkt), value)
826ba0	733	self.assertTrue('; Expires=' in value)
15e365	734
TS	735	name,value = result.pop(0)
	736	self.assertEqual('Set-Cookie', name)
826ba0	737	self.assertTrue(
15e365	738	value.startswith(
TS	739	'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
	740	value)
826ba0	741	self.assertTrue('; Expires=' in value)
15e365	742
299b4c	743
a6f6dc	744	def dummy_userid_checker(userid):
CM	745	return userid == 'existing'