commit | author | age
|
496fcf
|
1 |
import unittest |
TS |
2 |
|
9c1e6f
|
3 |
|
496fcf
|
4 |
class TestAuthTktCookiePlugin(unittest.TestCase): |
1810b2
|
5 |
tempdir = None |
798feb
|
6 |
_now_testing = None |
1810b2
|
7 |
|
TS |
8 |
def setUp(self): |
|
9 |
pass |
|
10 |
|
|
11 |
def tearDown(self): |
|
12 |
if self.tempdir is not None: |
|
13 |
import shutil |
|
14 |
shutil.rmtree(self.tempdir) |
798feb
|
15 |
if self._now_testing is not None: |
TS |
16 |
self._setNowTesting(self._now_testing) |
496fcf
|
17 |
|
TS |
18 |
def _getTargetClass(self): |
|
19 |
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin |
|
20 |
return AuthTktCookiePlugin |
|
21 |
|
|
22 |
def _makeEnviron(self, kw=None): |
02a504
|
23 |
from wsgiref.util import setup_testing_defaults |
AO |
24 |
environ = {} |
|
25 |
setup_testing_defaults(environ) |
496fcf
|
26 |
if kw is not None: |
TS |
27 |
environ.update(kw) |
|
28 |
environ['REMOTE_ADDR'] = '1.1.1.1' |
02a504
|
29 |
environ['HTTP_HOST'] = 'localhost' |
496fcf
|
30 |
return environ |
TS |
31 |
|
b0f81f
|
32 |
def _makeOne(self, secret='s33kr3t', *arg, **kw): |
TS |
33 |
plugin = self._getTargetClass()(secret, *arg, **kw) |
496fcf
|
34 |
return plugin |
TS |
35 |
|
|
36 |
def _makeTicket(self, userid='userid', remote_addr='0.0.0.0', |
|
37 |
tokens = [], userdata='userdata', |
cd1198
|
38 |
cookie_name='auth_tkt', secure=False, |
7483ec
|
39 |
time=None, digest_algo="md5"): |
02a504
|
40 |
import repoze.who._auth_tkt as auth_tkt |
496fcf
|
41 |
ticket = auth_tkt.AuthTicket( |
TS |
42 |
'secret', |
|
43 |
userid, |
|
44 |
remote_addr, |
|
45 |
tokens=tokens, |
|
46 |
user_data=userdata, |
cd1198
|
47 |
time=time, |
496fcf
|
48 |
cookie_name=cookie_name, |
7483ec
|
49 |
secure=secure, |
DT |
50 |
digest_algo=digest_algo) |
496fcf
|
51 |
return ticket.cookie_value() |
798feb
|
52 |
|
TS |
53 |
def _setNowTesting(self, value): |
|
54 |
from repoze.who.plugins import auth_tkt |
4f3525
|
55 |
auth_tkt._UTCNOW, self._now_testing = value, auth_tkt._UTCNOW |
496fcf
|
56 |
|
b0f81f
|
57 |
def test_class_conforms_to_IIdentifier(self): |
496fcf
|
58 |
from zope.interface.verify import verifyClass |
TS |
59 |
from repoze.who.interfaces import IIdentifier |
|
60 |
klass = self._getTargetClass() |
|
61 |
verifyClass(IIdentifier, klass) |
b0f81f
|
62 |
|
TS |
63 |
def test_instance_conforms_to_IIdentifier(self): |
|
64 |
from zope.interface.verify import verifyObject |
|
65 |
from repoze.who.interfaces import IIdentifier |
|
66 |
klass = self._getTargetClass() |
|
67 |
verifyObject(IIdentifier, self._makeOne()) |
|
68 |
|
|
69 |
def test_class_conforms_to_IAuthenticator(self): |
|
70 |
from zope.interface.verify import verifyClass |
|
71 |
from repoze.who.interfaces import IAuthenticator |
|
72 |
klass = self._getTargetClass() |
|
73 |
verifyClass(IAuthenticator, klass) |
|
74 |
|
|
75 |
def test_instance_conforms_to_IAuthenticator(self): |
|
76 |
from zope.interface.verify import verifyObject |
|
77 |
from repoze.who.interfaces import IAuthenticator |
|
78 |
klass = self._getTargetClass() |
|
79 |
verifyObject(IAuthenticator, self._makeOne()) |
|
80 |
|
|
81 |
def test_timeout_no_reissue(self): |
|
82 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1) |
|
83 |
|
|
84 |
def test_timeout_lower_than_reissue(self): |
|
85 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1, |
|
86 |
reissue_time=2) |
496fcf
|
87 |
|
TS |
88 |
def test_identify_nocookie(self): |
|
89 |
plugin = self._makeOne('secret') |
|
90 |
environ = self._makeEnviron() |
|
91 |
result = plugin.identify(environ) |
|
92 |
self.assertEqual(result, None) |
|
93 |
|
|
94 |
def test_identify_good_cookie_include_ip(self): |
|
95 |
plugin = self._makeOne('secret', include_ip=True) |
8f8dfc
|
96 |
val = self._makeTicket(remote_addr='1.1.1.1', userdata='foo=123') |
496fcf
|
97 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
98 |
result = plugin.identify(environ) |
|
99 |
self.assertEqual(len(result), 4) |
|
100 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
101 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
8f8dfc
|
102 |
self.assertEqual(result['userdata'], {'foo': '123'}) |
6e8328
|
103 |
self.assertTrue('timestamp' in result) |
496fcf
|
104 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
8f8dfc
|
105 |
self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123') |
496fcf
|
106 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
TS |
107 |
|
|
108 |
def test_identify_good_cookie_dont_include_ip(self): |
|
109 |
plugin = self._makeOne('secret', include_ip=False) |
8f8dfc
|
110 |
val = self._makeTicket(userdata='foo=123') |
496fcf
|
111 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
112 |
result = plugin.identify(environ) |
|
113 |
self.assertEqual(len(result), 4) |
|
114 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
115 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
8f8dfc
|
116 |
self.assertEqual(result['userdata'], {'foo': '123'}) |
6e8328
|
117 |
self.assertTrue('timestamp' in result) |
496fcf
|
118 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
8f8dfc
|
119 |
self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123') |
496fcf
|
120 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
TS |
121 |
|
|
122 |
def test_identify_good_cookie_int_useridtype(self): |
|
123 |
plugin = self._makeOne('secret', include_ip=False) |
8f8dfc
|
124 |
val = self._makeTicket(userid='1', userdata='userid_type=int') |
496fcf
|
125 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
126 |
result = plugin.identify(environ) |
|
127 |
self.assertEqual(len(result), 4) |
|
128 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
129 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 1) |
8f8dfc
|
130 |
self.assertEqual(result['userdata'], {'userid_type': 'int'}) |
6e8328
|
131 |
self.assertTrue('timestamp' in result) |
496fcf
|
132 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
8f8dfc
|
133 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=int') |
496fcf
|
134 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
TS |
135 |
|
|
136 |
def test_identify_good_cookie_unknown_useridtype(self): |
|
137 |
plugin = self._makeOne('secret', include_ip=False) |
8f8dfc
|
138 |
val = self._makeTicket(userid='userid', userdata='userid_type=unknown') |
496fcf
|
139 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
140 |
result = plugin.identify(environ) |
|
141 |
self.assertEqual(len(result), 4) |
|
142 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
143 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
8f8dfc
|
144 |
self.assertEqual(result['userdata'], {'userid_type':'unknown'}) |
6e8328
|
145 |
self.assertTrue('timestamp' in result) |
496fcf
|
146 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
8f8dfc
|
147 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=unknown') |
496fcf
|
148 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
TS |
149 |
|
|
150 |
def test_identify_bad_cookie(self): |
|
151 |
plugin = self._makeOne('secret', include_ip=True) |
|
152 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) |
|
153 |
result = plugin.identify(environ) |
|
154 |
self.assertEqual(result, None) |
|
155 |
|
cd1198
|
156 |
def test_identify_bad_cookie_expired(self): |
CM |
157 |
import time |
|
158 |
plugin = self._makeOne('secret', timeout=2, reissue_time=1) |
|
159 |
val = self._makeTicket(userid='userid', time=time.time()-3) |
|
160 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
161 |
result = plugin.identify(environ) |
|
162 |
self.assertEqual(result, None) |
b0f81f
|
163 |
|
TS |
164 |
def test_identify_with_checker_and_existing_account(self): |
|
165 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
8f8dfc
|
166 |
val = self._makeTicket(userid='existing', userdata='foo=123') |
b0f81f
|
167 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
168 |
result = plugin.identify(environ) |
|
169 |
self.assertEqual(len(result), 4) |
|
170 |
self.assertEqual(result['tokens'], ['']) |
|
171 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'existing') |
8f8dfc
|
172 |
self.assertEqual(result['userdata'], {'foo': '123'}) |
6e8328
|
173 |
self.assertTrue('timestamp' in result) |
b0f81f
|
174 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
8f8dfc
|
175 |
self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123') |
b0f81f
|
176 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
cd1198
|
177 |
|
7483ec
|
178 |
def test_identify_with_alternate_hash(self): |
DT |
179 |
plugin = self._makeOne('secret', include_ip=False, digest_algo="sha256") |
|
180 |
val = self._makeTicket(userdata='foo=123', digest_algo="sha256") |
|
181 |
md5_val = self._makeTicket(userdata='foo=123') |
|
182 |
self.assertNotEqual(val, md5_val) |
|
183 |
# md5 is 16*2 characters long, sha256 is 32*2 |
|
184 |
self.assertEqual(len(val), len(md5_val)+32) |
|
185 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
186 |
result = plugin.identify(environ) |
|
187 |
self.assertEqual(len(result), 4) |
|
188 |
self.assertEqual(result['tokens'], ['']) |
|
189 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
|
190 |
self.assertEqual(result['userdata'], {'foo': '123'}) |
|
191 |
self.assertTrue('timestamp' in result) |
|
192 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
193 |
self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123') |
|
194 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
195 |
|
|
196 |
def test_identify_bad_cookie_with_alternate_hash(self): |
|
197 |
plugin = self._makeOne('secret', include_ip=True, digest_algo="sha256") |
|
198 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) |
|
199 |
result = plugin.identify(environ) |
|
200 |
self.assertEqual(result, None) |
|
201 |
|
496fcf
|
202 |
def test_remember_creds_same(self): |
TS |
203 |
plugin = self._makeOne('secret') |
8f8dfc
|
204 |
val = self._makeTicket(userid='userid', userdata='foo=123') |
496fcf
|
205 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
TS |
206 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
8f8dfc
|
207 |
'userdata':{'foo': '123'}}) |
6e8328
|
208 |
self.assertEqual(result, None) |
7483ec
|
209 |
|
DT |
210 |
def test_remember_creds_same_alternate_hash(self): |
|
211 |
plugin = self._makeOne('secret', digest_algo="sha1") |
|
212 |
val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1") |
|
213 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
214 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
215 |
'userdata':{'foo': '123'}}) |
|
216 |
self.assertEqual(result, None) |
|
217 |
|
|
218 |
def test_remember_creds_hash_mismatch(self): |
|
219 |
plugin = self._makeOne('secret', digest_algo="sha1") |
|
220 |
old_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="md5") |
|
221 |
new_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1") |
|
222 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
223 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
224 |
'userdata':{'foo': '123'}}) |
|
225 |
self.assertEqual(len(result), 3) |
|
226 |
self.assertEqual(result[0], |
|
227 |
('Set-Cookie', |
|
228 |
'auth_tkt="%s"; ' |
|
229 |
'Path=/' % new_val)) |
|
230 |
self.assertEqual(result[1], |
|
231 |
('Set-Cookie', |
|
232 |
'auth_tkt="%s"; ' |
|
233 |
'Path=/; ' |
|
234 |
'Domain=localhost' |
|
235 |
% new_val)) |
|
236 |
self.assertEqual(result[2], |
|
237 |
('Set-Cookie', |
|
238 |
'auth_tkt="%s"; ' |
|
239 |
'Path=/; ' |
|
240 |
'Domain=.localhost' |
|
241 |
% new_val)) |
|
242 |
|
|
243 |
def test_remember_creds_secure_alternate_hash(self): |
|
244 |
plugin = self._makeOne('secret', secure=True, digest_algo="sha512") |
|
245 |
val = self._makeTicket(userid='userid', secure=True, userdata='foo=123', digest_algo="sha512") |
|
246 |
environ = self._makeEnviron() |
|
247 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
248 |
'userdata':{'foo':'123'}}) |
|
249 |
self.assertEqual(len(result), 3) |
|
250 |
self.assertEqual(result[0], |
|
251 |
('Set-Cookie', |
|
252 |
'auth_tkt="%s"; ' |
|
253 |
'Path=/; ' |
|
254 |
'secure; ' |
|
255 |
'HttpOnly' % val)) |
|
256 |
self.assertEqual(result[1], |
|
257 |
('Set-Cookie', |
|
258 |
'auth_tkt="%s"; ' |
|
259 |
'Path=/; ' |
|
260 |
'Domain=localhost; ' |
|
261 |
'secure; HttpOnly' |
|
262 |
% val)) |
|
263 |
self.assertEqual(result[2], |
|
264 |
('Set-Cookie', |
|
265 |
'auth_tkt="%s"; ' |
|
266 |
'Path=/; ' |
|
267 |
'Domain=.localhost; ' |
|
268 |
'secure; HttpOnly' |
|
269 |
% val)) |
496fcf
|
270 |
|
d7e647
|
271 |
def test_remember_creds_secure(self): |
BS |
272 |
plugin = self._makeOne('secret', secure=True) |
8f8dfc
|
273 |
val = self._makeTicket(userid='userid', secure=True, userdata='foo=123') |
d7e647
|
274 |
environ = self._makeEnviron() |
BS |
275 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
8f8dfc
|
276 |
'userdata':{'foo':'123'}}) |
d7e647
|
277 |
self.assertEqual(len(result), 3) |
BS |
278 |
self.assertEqual(result[0], |
|
279 |
('Set-Cookie', |
7f9907
|
280 |
'auth_tkt="%s"; ' |
TS |
281 |
'Path=/; ' |
|
282 |
'secure; ' |
|
283 |
'HttpOnly' % val)) |
d7e647
|
284 |
self.assertEqual(result[1], |
BS |
285 |
('Set-Cookie', |
7f9907
|
286 |
'auth_tkt="%s"; ' |
TS |
287 |
'Path=/; ' |
|
288 |
'Domain=localhost; ' |
|
289 |
'secure; HttpOnly' |
d7e647
|
290 |
% val)) |
BS |
291 |
self.assertEqual(result[2], |
|
292 |
('Set-Cookie', |
7f9907
|
293 |
'auth_tkt="%s"; ' |
TS |
294 |
'Path=/; ' |
|
295 |
'Domain=.localhost; ' |
|
296 |
'secure; HttpOnly' |
d7e647
|
297 |
% val)) |
BS |
298 |
|
496fcf
|
299 |
def test_remember_creds_different(self): |
TS |
300 |
plugin = self._makeOne('secret') |
|
301 |
old_val = self._makeTicket(userid='userid') |
|
302 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
8f8dfc
|
303 |
new_val = self._makeTicket(userid='other', userdata='foo=123') |
496fcf
|
304 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
8f8dfc
|
305 |
'userdata':{'foo':'123'}}) |
496fcf
|
306 |
self.assertEqual(len(result), 3) |
TS |
307 |
self.assertEqual(result[0], |
|
308 |
('Set-Cookie', |
7f9907
|
309 |
'auth_tkt="%s"; ' |
TS |
310 |
'Path=/' % new_val)) |
496fcf
|
311 |
self.assertEqual(result[1], |
TS |
312 |
('Set-Cookie', |
7f9907
|
313 |
'auth_tkt="%s"; ' |
TS |
314 |
'Path=/; ' |
|
315 |
'Domain=localhost' |
2afbb8
|
316 |
% new_val)) |
496fcf
|
317 |
self.assertEqual(result[2], |
TS |
318 |
('Set-Cookie', |
7f9907
|
319 |
'auth_tkt="%s"; ' |
TS |
320 |
'Path=/; ' |
|
321 |
'Domain=.localhost' |
|
322 |
% new_val)) |
|
323 |
|
|
324 |
def test_remember_creds_different_strips_port(self): |
|
325 |
plugin = self._makeOne('secret') |
|
326 |
old_val = self._makeTicket(userid='userid') |
|
327 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val, |
|
328 |
'HTTP_HOST': 'localhost:8080', |
|
329 |
}) |
8f8dfc
|
330 |
new_val = self._makeTicket(userid='other', userdata='foo=123') |
7f9907
|
331 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
8f8dfc
|
332 |
'userdata':{'foo': '123'}}) |
7f9907
|
333 |
self.assertEqual(len(result), 3) |
TS |
334 |
self.assertEqual(result[0], |
|
335 |
('Set-Cookie', |
|
336 |
'auth_tkt="%s"; ' |
|
337 |
'Path=/' % new_val)) |
|
338 |
self.assertEqual(result[1], |
|
339 |
('Set-Cookie', |
|
340 |
'auth_tkt="%s"; ' |
|
341 |
'Path=/; ' |
|
342 |
'Domain=localhost' |
|
343 |
% new_val)) |
|
344 |
self.assertEqual(result[2], |
|
345 |
('Set-Cookie', |
|
346 |
'auth_tkt="%s"; ' |
|
347 |
'Path=/; ' |
|
348 |
'Domain=.localhost' |
2afbb8
|
349 |
% new_val)) |
496fcf
|
350 |
|
394ea6
|
351 |
def test_remember_creds_different_include_ip(self): |
TS |
352 |
plugin = self._makeOne('secret', include_ip=True) |
|
353 |
old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1') |
|
354 |
environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val}) |
|
355 |
new_val = self._makeTicket(userid='other', |
8f8dfc
|
356 |
userdata='foo=123', |
394ea6
|
357 |
remote_addr='1.1.1.1') |
TS |
358 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
8f8dfc
|
359 |
'userdata':{'foo': '123'}}) |
394ea6
|
360 |
self.assertEqual(len(result), 3) |
TS |
361 |
self.assertEqual(result[0], |
|
362 |
('Set-Cookie', |
7f9907
|
363 |
'auth_tkt="%s"; ' |
TS |
364 |
'Path=/' % new_val)) |
394ea6
|
365 |
self.assertEqual(result[1], |
TS |
366 |
('Set-Cookie', |
7f9907
|
367 |
'auth_tkt="%s"; ' |
TS |
368 |
'Path=/; ' |
|
369 |
'Domain=localhost' |
394ea6
|
370 |
% new_val)) |
TS |
371 |
self.assertEqual(result[2], |
|
372 |
('Set-Cookie', |
7f9907
|
373 |
'auth_tkt="%s"; ' |
TS |
374 |
'Path=/; ' |
|
375 |
'Domain=.localhost' |
394ea6
|
376 |
% new_val)) |
TS |
377 |
|
|
378 |
def test_remember_creds_different_bad_old_cookie(self): |
|
379 |
plugin = self._makeOne('secret') |
|
380 |
old_val = 'BOGUS' |
|
381 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
8f8dfc
|
382 |
new_val = self._makeTicket(userid='other', userdata='foo=123') |
394ea6
|
383 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
8f8dfc
|
384 |
'userdata':{'foo': '123'}}) |
394ea6
|
385 |
self.assertEqual(len(result), 3) |
TS |
386 |
self.assertEqual(result[0], |
|
387 |
('Set-Cookie', |
7f9907
|
388 |
'auth_tkt="%s"; ' |
TS |
389 |
'Path=/' % new_val)) |
394ea6
|
390 |
self.assertEqual(result[1], |
TS |
391 |
('Set-Cookie', |
7f9907
|
392 |
'auth_tkt="%s"; ' |
TS |
393 |
'Path=/; ' |
|
394 |
'Domain=localhost' |
394ea6
|
395 |
% new_val)) |
TS |
396 |
self.assertEqual(result[2], |
|
397 |
('Set-Cookie', |
7f9907
|
398 |
'auth_tkt="%s"; ' |
TS |
399 |
'Path=/; ' |
|
400 |
'Domain=.localhost' |
394ea6
|
401 |
% new_val)) |
TS |
402 |
|
fc9a88
|
403 |
def test_remember_creds_different_with_tokens(self): |
394ea6
|
404 |
plugin = self._makeOne('secret') |
TS |
405 |
old_val = self._makeTicket(userid='userid') |
|
406 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
fc9a88
|
407 |
new_val = self._makeTicket(userid='userid', |
8f8dfc
|
408 |
userdata='foo=123', |
fc9a88
|
409 |
tokens=['foo', 'bar'], |
394ea6
|
410 |
) |
fc9a88
|
411 |
result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
8f8dfc
|
412 |
'userdata': {'foo': '123'}, |
394ea6
|
413 |
'tokens': ['foo', 'bar'], |
TS |
414 |
}) |
|
415 |
self.assertEqual(len(result), 3) |
|
416 |
self.assertEqual(result[0], |
|
417 |
('Set-Cookie', |
7f9907
|
418 |
'auth_tkt="%s"; ' |
TS |
419 |
'Path=/' % new_val)) |
394ea6
|
420 |
self.assertEqual(result[1], |
TS |
421 |
('Set-Cookie', |
7f9907
|
422 |
'auth_tkt="%s"; ' |
TS |
423 |
'Path=/; Domain=localhost' |
394ea6
|
424 |
% new_val)) |
TS |
425 |
self.assertEqual(result[2], |
|
426 |
('Set-Cookie', |
7f9907
|
427 |
'auth_tkt="%s"; ' |
TS |
428 |
'Path=/; ' |
|
429 |
'Domain=.localhost' |
394ea6
|
430 |
% new_val)) |
TS |
431 |
|
fc9a88
|
432 |
def test_remember_creds_different_with_tuple_tokens(self): |
BS |
433 |
plugin = self._makeOne('secret') |
|
434 |
old_val = self._makeTicket(userid='userid') |
|
435 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
436 |
new_val = self._makeTicket(userid='userid', |
8f8dfc
|
437 |
userdata='foo=123', |
fc9a88
|
438 |
tokens=['foo', 'bar'], |
BS |
439 |
) |
|
440 |
result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
8f8dfc
|
441 |
'userdata': {'foo': '123'}, |
fc9a88
|
442 |
'tokens': ('foo', 'bar'), |
BS |
443 |
}) |
|
444 |
self.assertEqual(len(result), 3) |
|
445 |
self.assertEqual(result[0], |
|
446 |
('Set-Cookie', |
7f9907
|
447 |
'auth_tkt="%s"; ' |
TS |
448 |
'Path=/' % new_val)) |
fc9a88
|
449 |
self.assertEqual(result[1], |
BS |
450 |
('Set-Cookie', |
7f9907
|
451 |
'auth_tkt="%s"; ' |
TS |
452 |
'Path=/; ' |
|
453 |
'Domain=localhost' |
fc9a88
|
454 |
% new_val)) |
BS |
455 |
self.assertEqual(result[2], |
|
456 |
('Set-Cookie', |
7f9907
|
457 |
'auth_tkt="%s"; ' |
TS |
458 |
'Path=/; ' |
|
459 |
'Domain=.localhost' |
fc9a88
|
460 |
% new_val)) |
BS |
461 |
|
496fcf
|
462 |
def test_remember_creds_different_int_userid(self): |
TS |
463 |
plugin = self._makeOne('secret') |
|
464 |
old_val = self._makeTicket(userid='userid') |
|
465 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
8f8dfc
|
466 |
new_val = self._makeTicket(userid='1', userdata='userid_type=int') |
496fcf
|
467 |
result = plugin.remember(environ, {'repoze.who.userid':1, |
8f8dfc
|
468 |
'userdata':{}}) |
MM |
469 |
|
496fcf
|
470 |
self.assertEqual(len(result), 3) |
TS |
471 |
self.assertEqual(result[0], |
|
472 |
('Set-Cookie', |
d6fa0a
|
473 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
474 |
|
TS |
475 |
def test_remember_creds_different_long_userid(self): |
6a32cd
|
476 |
try: |
TS |
477 |
long |
|
478 |
except NameError: #pragma NO COVER Python >= 3.0 |
|
479 |
return |
496fcf
|
480 |
plugin = self._makeOne('secret') |
TS |
481 |
old_val = self._makeTicket(userid='userid') |
|
482 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
8f8dfc
|
483 |
new_val = self._makeTicket(userid='1', userdata='userid_type=int') |
496fcf
|
484 |
result = plugin.remember(environ, {'repoze.who.userid':long(1), |
8f8dfc
|
485 |
'userdata':{}}) |
496fcf
|
486 |
self.assertEqual(len(result), 3) |
TS |
487 |
self.assertEqual(result[0], |
|
488 |
('Set-Cookie', |
d6fa0a
|
489 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
490 |
|
TS |
491 |
def test_remember_creds_different_unicode_userid(self): |
|
492 |
plugin = self._makeOne('secret') |
|
493 |
old_val = self._makeTicket(userid='userid') |
|
494 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
6a32cd
|
495 |
userid = b'\xc2\xa9'.decode('utf-8') |
d6fa0a
|
496 |
if type(b'') == type(''): |
8729b3
|
497 |
userdata = 'userid_type=unicode' |
d13829
|
498 |
else: # pragma: no cover Py3k |
d6fa0a
|
499 |
userdata = '' |
496fcf
|
500 |
new_val = self._makeTicket(userid=userid.encode('utf-8'), |
d6fa0a
|
501 |
userdata=userdata) |
496fcf
|
502 |
result = plugin.remember(environ, {'repoze.who.userid':userid, |
8f8dfc
|
503 |
'userdata':{}}) |
496fcf
|
504 |
self.assertEqual(type(result[0][1]), str) |
TS |
505 |
self.assertEqual(len(result), 3) |
|
506 |
self.assertEqual(result[0], |
|
507 |
('Set-Cookie', |
d6fa0a
|
508 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
509 |
|
cd1198
|
510 |
def test_remember_creds_reissue(self): |
CM |
511 |
import time |
|
512 |
plugin = self._makeOne('secret', reissue_time=1) |
798feb
|
513 |
old_val = self._makeTicket(userid='userid', userdata='', |
TS |
514 |
time=time.time()-2) |
cd1198
|
515 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
CM |
516 |
new_val = self._makeTicket(userid='userid', userdata='') |
|
517 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
518 |
'userdata':''}) |
|
519 |
self.assertEqual(type(result[0][1]), str) |
|
520 |
self.assertEqual(len(result), 3) |
|
521 |
self.assertEqual(result[0], |
|
522 |
('Set-Cookie', |
d6fa0a
|
523 |
'auth_tkt="%s"; Path=/' % new_val)) |
cd1198
|
524 |
|
7483ec
|
525 |
def test_remember_creds_reissue_alternate_hash(self): |
DT |
526 |
import time |
|
527 |
plugin = self._makeOne('secret', reissue_time=1, digest_algo="sha256") |
|
528 |
old_val = self._makeTicket(userid='userid', userdata='', |
|
529 |
time=time.time()-2, digest_algo="sha256") |
|
530 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
531 |
new_val = self._makeTicket(userid='userid', userdata='', |
|
532 |
digest_algo="sha256") |
|
533 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
534 |
'userdata':''}) |
|
535 |
self.assertEqual(type(result[0][1]), str) |
|
536 |
self.assertEqual(len(result), 3) |
|
537 |
self.assertEqual(result[0], |
|
538 |
('Set-Cookie', |
|
539 |
'auth_tkt="%s"; Path=/' % new_val)) |
|
540 |
|
4f3525
|
541 |
def test_l10n_sane_cookie_date(self): |
TS |
542 |
from datetime import datetime |
|
543 |
|
|
544 |
now = datetime(2009, 11, 8, 16, 15, 22) |
|
545 |
self._setNowTesting(now) |
|
546 |
|
b0f81f
|
547 |
plugin = self._makeOne('secret') |
4f3525
|
548 |
environ = {'HTTP_HOST': 'example.com'} |
TS |
549 |
|
b0f81f
|
550 |
tkt = self._makeTicket(userid='chris', userdata='') |
4f3525
|
551 |
|
TS |
552 |
|
|
553 |
result = plugin.remember(environ, {'repoze.who.userid': 'chris', |
|
554 |
'max_age': '500'}) |
|
555 |
name, value = result.pop(0) |
|
556 |
|
|
557 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
558 |
self.assertTrue( |
4f3525
|
559 |
value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT')) |
TS |
560 |
|
|
561 |
def test_remember_max_age(self): |
|
562 |
from datetime import datetime |
|
563 |
|
|
564 |
now = datetime(2009, 11, 8, 16, 15, 22) |
|
565 |
self._setNowTesting(now) |
|
566 |
|
|
567 |
plugin = self._makeOne('secret') |
|
568 |
environ = {'HTTP_HOST': 'example.com'} |
|
569 |
|
|
570 |
tkt = self._makeTicket(userid='chris', userdata='') |
|
571 |
result = plugin.remember(environ, {'repoze.who.userid': 'chris', |
|
572 |
'max_age': '500'}) |
|
573 |
|
|
574 |
name, value = result.pop(0) |
b0f81f
|
575 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
576 |
self.assertTrue( |
b0f81f
|
577 |
value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), |
TS |
578 |
value) |
826ba0
|
579 |
self.assertTrue( |
4f3525
|
580 |
value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT')) |
b0f81f
|
581 |
|
4f3525
|
582 |
name, value = result.pop(0) |
b0f81f
|
583 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
584 |
self.assertTrue( |
b0f81f
|
585 |
value.startswith( |
4f3525
|
586 |
'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' |
TS |
587 |
% tkt), value) |
826ba0
|
588 |
self.assertTrue( |
4f3525
|
589 |
value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT')) |
TS |
590 |
|
|
591 |
name, value = result.pop(0) |
|
592 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
593 |
self.assertTrue( |
4f3525
|
594 |
value.startswith( |
TS |
595 |
'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), |
b0f81f
|
596 |
value) |
826ba0
|
597 |
self.assertTrue( |
4f3525
|
598 |
value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT')) |
b0f81f
|
599 |
|
496fcf
|
600 |
def test_forget(self): |
798feb
|
601 |
from datetime import datetime |
TS |
602 |
now = datetime(2009, 11, 5, 16, 15, 22) |
|
603 |
self._setNowTesting(now) |
496fcf
|
604 |
plugin = self._makeOne('secret') |
TS |
605 |
environ = self._makeEnviron() |
|
606 |
headers = plugin.forget(environ, None) |
|
607 |
self.assertEqual(len(headers), 3) |
|
608 |
header = headers[0] |
|
609 |
name, value = header |
|
610 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
611 |
self.assertEqual(value, |
TS |
612 |
'auth_tkt="INVALID"; Path=/; ' |
4f3525
|
613 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT' |
798feb
|
614 |
) |
496fcf
|
615 |
header = headers[1] |
TS |
616 |
name, value = header |
|
617 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
618 |
self.assertEqual(value, |
TS |
619 |
'auth_tkt="INVALID"; Path=/; Domain=localhost; ' |
4f3525
|
620 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT' |
798feb
|
621 |
) |
496fcf
|
622 |
header = headers[2] |
TS |
623 |
name, value = header |
|
624 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
625 |
self.assertEqual(value, |
TS |
626 |
'auth_tkt="INVALID"; Path=/; Domain=.localhost; ' |
4f3525
|
627 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT' |
798feb
|
628 |
) |
b0f81f
|
629 |
|
TS |
630 |
def test_authenticate_non_auth_tkt_credentials(self): |
|
631 |
plugin = self._makeOne() |
|
632 |
self.assertEqual(plugin.authenticate(environ={}, identity={}), None) |
|
633 |
|
|
634 |
def test_authenticate_without_checker(self): |
|
635 |
plugin = self._makeOne() |
|
636 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'} |
|
637 |
self.assertEqual(plugin.authenticate({}, identity), 'phred') |
|
638 |
|
|
639 |
def test_authenticate_with_checker_and_non_existing_account(self): |
|
640 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
641 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'} |
|
642 |
self.assertEqual(plugin.authenticate({}, identity), None) |
|
643 |
|
|
644 |
def test_authenticate_with_checker_and_existing_account(self): |
|
645 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
646 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'existing'} |
|
647 |
self.assertEqual(plugin.authenticate({}, identity), 'existing') |
496fcf
|
648 |
|
TS |
649 |
def test_factory_wo_secret_wo_secretfile_raises_ValueError(self): |
|
650 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
651 |
self.assertRaises(ValueError, make_plugin) |
|
652 |
|
|
653 |
def test_factory_w_secret_w_secretfile_raises_ValueError(self): |
|
654 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
655 |
self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile') |
|
656 |
|
|
657 |
def test_factory_w_bad_secretfile_raises_ValueError(self): |
|
658 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
659 |
self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt') |
|
660 |
|
|
661 |
def test_factory_w_secret(self): |
|
662 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
663 |
plugin = make_plugin('secret') |
|
664 |
self.assertEqual(plugin.cookie_name, 'auth_tkt') |
|
665 |
self.assertEqual(plugin.secret, 'secret') |
|
666 |
self.assertEqual(plugin.include_ip, False) |
|
667 |
self.assertEqual(plugin.secure, False) |
|
668 |
|
|
669 |
def test_factory_w_secretfile(self): |
1810b2
|
670 |
import os |
TS |
671 |
from tempfile import mkdtemp |
496fcf
|
672 |
from repoze.who.plugins.auth_tkt import make_plugin |
1810b2
|
673 |
tempdir = self.tempdir = mkdtemp() |
TS |
674 |
path = os.path.join(tempdir, 'who.secret') |
|
675 |
secret = open(path, 'w') |
|
676 |
secret.write('s33kr1t\n') |
|
677 |
secret.flush() |
|
678 |
secret.close() |
|
679 |
plugin = make_plugin(secretfile=path) |
496fcf
|
680 |
self.assertEqual(plugin.secret, 's33kr1t') |
TS |
681 |
|
cd1198
|
682 |
def test_factory_with_timeout_and_reissue_time(self): |
CM |
683 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
684 |
plugin = make_plugin('secret', timeout=5, reissue_time=1) |
|
685 |
self.assertEqual(plugin.timeout, 5) |
|
686 |
self.assertEqual(plugin.reissue_time, 1) |
|
687 |
|
a6f6dc
|
688 |
def test_factory_with_userid_checker(self): |
CM |
689 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
690 |
plugin = make_plugin( |
|
691 |
'secret', |
|
692 |
userid_checker='repoze.who.plugins.auth_tkt:make_plugin') |
|
693 |
self.assertEqual(plugin.userid_checker, make_plugin) |
299b4c
|
694 |
|
7483ec
|
695 |
def test_factory_with_alternate_hash(self): |
DT |
696 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
697 |
import hashlib |
|
698 |
plugin = make_plugin('secret', digest_algo="sha1") |
|
699 |
self.assertEqual(plugin.digest_algo, hashlib.sha1) |
|
700 |
|
|
701 |
def test_factory_with_alternate_hash_func(self): |
|
702 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
703 |
import hashlib |
|
704 |
plugin = make_plugin('secret', digest_algo=hashlib.sha1) |
|
705 |
self.assertEqual(plugin.digest_algo, hashlib.sha1) |
|
706 |
|
|
707 |
def test_factory_with_bogus_hash(self): |
|
708 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
709 |
self.assertRaises(ValueError, make_plugin, |
|
710 |
secret="fiddly", digest_algo='foo23') |
|
711 |
|
15e365
|
712 |
def test_remember_max_age_unicode(self): |
6a32cd
|
713 |
from repoze.who._compat import u |
15e365
|
714 |
plugin = self._makeOne('secret') |
TS |
715 |
environ = {'HTTP_HOST':'example.com'} |
|
716 |
tkt = self._makeTicket(userid='chris', userdata='') |
|
717 |
result = plugin.remember(environ, {'repoze.who.userid': 'chris', |
6919cb
|
718 |
'max_age': u('500')}) |
TS |
719 |
name, value = result.pop(0) |
15e365
|
720 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
721 |
self.assertTrue(isinstance(value, str)) |
TS |
722 |
self.assertTrue( |
15e365
|
723 |
value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), |
TS |
724 |
(value, tkt)) |
826ba0
|
725 |
self.assertTrue('; Expires=' in value) |
15e365
|
726 |
|
TS |
727 |
name,value = result.pop(0) |
|
728 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
729 |
self.assertTrue( |
15e365
|
730 |
value.startswith( |
TS |
731 |
'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' |
|
732 |
% tkt), value) |
826ba0
|
733 |
self.assertTrue('; Expires=' in value) |
15e365
|
734 |
|
TS |
735 |
name,value = result.pop(0) |
|
736 |
self.assertEqual('Set-Cookie', name) |
826ba0
|
737 |
self.assertTrue( |
15e365
|
738 |
value.startswith( |
TS |
739 |
'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), |
|
740 |
value) |
826ba0
|
741 |
self.assertTrue('; Expires=' in value) |
15e365
|
742 |
|
299b4c
|
743 |
|
a6f6dc
|
744 |
def dummy_userid_checker(userid): |
CM |
745 |
return userid == 'existing' |