commit | author | age
|
496fcf
|
1 |
import unittest |
TS |
2 |
|
|
3 |
class TestAuthTktCookiePlugin(unittest.TestCase): |
1810b2
|
4 |
tempdir = None |
798feb
|
5 |
_now_testing = None |
1810b2
|
6 |
|
TS |
7 |
def setUp(self): |
|
8 |
pass |
|
9 |
|
|
10 |
def tearDown(self): |
|
11 |
if self.tempdir is not None: |
|
12 |
import shutil |
|
13 |
shutil.rmtree(self.tempdir) |
798feb
|
14 |
if self._now_testing is not None: |
TS |
15 |
self._setNowTesting(self._now_testing) |
496fcf
|
16 |
|
TS |
17 |
def _getTargetClass(self): |
|
18 |
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin |
|
19 |
return AuthTktCookiePlugin |
|
20 |
|
|
21 |
def _makeEnviron(self, kw=None): |
02a504
|
22 |
from wsgiref.util import setup_testing_defaults |
AO |
23 |
environ = {} |
|
24 |
setup_testing_defaults(environ) |
496fcf
|
25 |
if kw is not None: |
TS |
26 |
environ.update(kw) |
|
27 |
environ['REMOTE_ADDR'] = '1.1.1.1' |
02a504
|
28 |
environ['HTTP_HOST'] = 'localhost' |
496fcf
|
29 |
return environ |
TS |
30 |
|
b0f81f
|
31 |
def _makeOne(self, secret='s33kr3t', *arg, **kw): |
TS |
32 |
plugin = self._getTargetClass()(secret, *arg, **kw) |
496fcf
|
33 |
return plugin |
TS |
34 |
|
|
35 |
def _makeTicket(self, userid='userid', remote_addr='0.0.0.0', |
|
36 |
tokens = [], userdata='userdata', |
cd1198
|
37 |
cookie_name='auth_tkt', secure=False, |
CM |
38 |
time=None): |
02a504
|
39 |
#from paste.auth import auth_tkt |
AO |
40 |
import repoze.who._auth_tkt as auth_tkt |
496fcf
|
41 |
ticket = auth_tkt.AuthTicket( |
TS |
42 |
'secret', |
|
43 |
userid, |
|
44 |
remote_addr, |
|
45 |
tokens=tokens, |
|
46 |
user_data=userdata, |
cd1198
|
47 |
time=time, |
496fcf
|
48 |
cookie_name=cookie_name, |
TS |
49 |
secure=secure) |
|
50 |
return ticket.cookie_value() |
798feb
|
51 |
|
TS |
52 |
def _setNowTesting(self, value): |
|
53 |
from repoze.who.plugins import auth_tkt |
|
54 |
auth_tkt._NOW_TESTING, self._now_testing = value, auth_tkt._NOW_TESTING |
496fcf
|
55 |
|
b0f81f
|
56 |
def test_class_conforms_to_IIdentifier(self): |
496fcf
|
57 |
from zope.interface.verify import verifyClass |
TS |
58 |
from repoze.who.interfaces import IIdentifier |
|
59 |
klass = self._getTargetClass() |
|
60 |
verifyClass(IIdentifier, klass) |
b0f81f
|
61 |
|
TS |
62 |
def test_instance_conforms_to_IIdentifier(self): |
|
63 |
from zope.interface.verify import verifyObject |
|
64 |
from repoze.who.interfaces import IIdentifier |
|
65 |
klass = self._getTargetClass() |
|
66 |
verifyObject(IIdentifier, self._makeOne()) |
|
67 |
|
|
68 |
def test_class_conforms_to_IAuthenticator(self): |
|
69 |
from zope.interface.verify import verifyClass |
|
70 |
from repoze.who.interfaces import IAuthenticator |
|
71 |
klass = self._getTargetClass() |
|
72 |
verifyClass(IAuthenticator, klass) |
|
73 |
|
|
74 |
def test_instance_conforms_to_IAuthenticator(self): |
|
75 |
from zope.interface.verify import verifyObject |
|
76 |
from repoze.who.interfaces import IAuthenticator |
|
77 |
klass = self._getTargetClass() |
|
78 |
verifyObject(IAuthenticator, self._makeOne()) |
|
79 |
|
|
80 |
def test_timeout_no_reissue(self): |
|
81 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1) |
|
82 |
|
|
83 |
def test_timeout_lower_than_reissue(self): |
|
84 |
self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1, |
|
85 |
reissue_time=2) |
496fcf
|
86 |
|
TS |
87 |
def test_identify_nocookie(self): |
|
88 |
plugin = self._makeOne('secret') |
|
89 |
environ = self._makeEnviron() |
|
90 |
result = plugin.identify(environ) |
|
91 |
self.assertEqual(result, None) |
|
92 |
|
|
93 |
def test_identify_good_cookie_include_ip(self): |
|
94 |
plugin = self._makeOne('secret', include_ip=True) |
|
95 |
val = self._makeTicket(remote_addr='1.1.1.1') |
|
96 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
97 |
result = plugin.identify(environ) |
|
98 |
self.assertEqual(len(result), 4) |
|
99 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
100 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
496fcf
|
101 |
self.assertEqual(result['userdata'], 'userdata') |
TS |
102 |
self.failUnless('timestamp' in result) |
|
103 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
104 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
105 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
106 |
|
|
107 |
def test_identify_good_cookie_dont_include_ip(self): |
|
108 |
plugin = self._makeOne('secret', include_ip=False) |
|
109 |
val = self._makeTicket() |
|
110 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
111 |
result = plugin.identify(environ) |
|
112 |
self.assertEqual(len(result), 4) |
|
113 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
114 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
496fcf
|
115 |
self.assertEqual(result['userdata'], 'userdata') |
TS |
116 |
self.failUnless('timestamp' in result) |
|
117 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
118 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
119 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
120 |
|
|
121 |
def test_identify_good_cookie_int_useridtype(self): |
|
122 |
plugin = self._makeOne('secret', include_ip=False) |
|
123 |
val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
124 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
125 |
result = plugin.identify(environ) |
|
126 |
self.assertEqual(len(result), 4) |
|
127 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
128 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 1) |
496fcf
|
129 |
self.assertEqual(result['userdata'], 'userid_type:int') |
TS |
130 |
self.failUnless('timestamp' in result) |
|
131 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
132 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int') |
|
133 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
134 |
|
|
135 |
def test_identify_good_cookie_unknown_useridtype(self): |
|
136 |
plugin = self._makeOne('secret', include_ip=False) |
|
137 |
val = self._makeTicket(userid='userid', userdata='userid_type:unknown') |
|
138 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
139 |
result = plugin.identify(environ) |
|
140 |
self.assertEqual(len(result), 4) |
|
141 |
self.assertEqual(result['tokens'], ['']) |
b0f81f
|
142 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid') |
496fcf
|
143 |
self.assertEqual(result['userdata'], 'userid_type:unknown') |
TS |
144 |
self.failUnless('timestamp' in result) |
|
145 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
146 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown') |
|
147 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
|
148 |
|
|
149 |
def test_identify_bad_cookie(self): |
|
150 |
plugin = self._makeOne('secret', include_ip=True) |
|
151 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) |
|
152 |
result = plugin.identify(environ) |
|
153 |
self.assertEqual(result, None) |
|
154 |
|
cd1198
|
155 |
def test_identify_bad_cookie_expired(self): |
CM |
156 |
import time |
|
157 |
plugin = self._makeOne('secret', timeout=2, reissue_time=1) |
|
158 |
val = self._makeTicket(userid='userid', time=time.time()-3) |
|
159 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
160 |
result = plugin.identify(environ) |
|
161 |
self.assertEqual(result, None) |
b0f81f
|
162 |
|
TS |
163 |
def test_identify_with_checker_and_existing_account(self): |
|
164 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
165 |
val = self._makeTicket(userid='existing') |
|
166 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
167 |
result = plugin.identify(environ) |
|
168 |
self.assertEqual(len(result), 4) |
|
169 |
self.assertEqual(result['tokens'], ['']) |
|
170 |
self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'existing') |
|
171 |
self.assertEqual(result['userdata'], 'userdata') |
|
172 |
self.failUnless('timestamp' in result) |
|
173 |
self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) |
|
174 |
self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') |
|
175 |
self.assertEqual(environ['AUTH_TYPE'],'cookie') |
cd1198
|
176 |
|
496fcf
|
177 |
def test_remember_creds_same(self): |
TS |
178 |
plugin = self._makeOne('secret') |
|
179 |
val = self._makeTicket(userid='userid') |
|
180 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) |
|
181 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
182 |
'userdata':'userdata'}) |
|
183 |
self.assertEqual(result, None) |
|
184 |
|
d7e647
|
185 |
def test_remember_creds_secure(self): |
BS |
186 |
plugin = self._makeOne('secret', secure=True) |
|
187 |
val = self._makeTicket(userid='userid', secure=True) |
|
188 |
environ = self._makeEnviron() |
|
189 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
190 |
'userdata':'userdata'}) |
|
191 |
self.assertEqual(len(result), 3) |
|
192 |
self.assertEqual(result[0], |
|
193 |
('Set-Cookie', |
7f9907
|
194 |
'auth_tkt="%s"; ' |
TS |
195 |
'Path=/; ' |
|
196 |
'secure; ' |
|
197 |
'HttpOnly' % val)) |
d7e647
|
198 |
self.assertEqual(result[1], |
BS |
199 |
('Set-Cookie', |
7f9907
|
200 |
'auth_tkt="%s"; ' |
TS |
201 |
'Path=/; ' |
|
202 |
'Domain=localhost; ' |
|
203 |
'secure; HttpOnly' |
d7e647
|
204 |
% val)) |
BS |
205 |
self.assertEqual(result[2], |
|
206 |
('Set-Cookie', |
7f9907
|
207 |
'auth_tkt="%s"; ' |
TS |
208 |
'Path=/; ' |
|
209 |
'Domain=.localhost; ' |
|
210 |
'secure; HttpOnly' |
d7e647
|
211 |
% val)) |
BS |
212 |
|
496fcf
|
213 |
def test_remember_creds_different(self): |
TS |
214 |
plugin = self._makeOne('secret') |
|
215 |
old_val = self._makeTicket(userid='userid') |
|
216 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
217 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
218 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
219 |
'userdata':'userdata'}) |
|
220 |
self.assertEqual(len(result), 3) |
|
221 |
self.assertEqual(result[0], |
|
222 |
('Set-Cookie', |
7f9907
|
223 |
'auth_tkt="%s"; ' |
TS |
224 |
'Path=/' % new_val)) |
496fcf
|
225 |
self.assertEqual(result[1], |
TS |
226 |
('Set-Cookie', |
7f9907
|
227 |
'auth_tkt="%s"; ' |
TS |
228 |
'Path=/; ' |
|
229 |
'Domain=localhost' |
2afbb8
|
230 |
% new_val)) |
496fcf
|
231 |
self.assertEqual(result[2], |
TS |
232 |
('Set-Cookie', |
7f9907
|
233 |
'auth_tkt="%s"; ' |
TS |
234 |
'Path=/; ' |
|
235 |
'Domain=.localhost' |
|
236 |
% new_val)) |
|
237 |
|
|
238 |
def test_remember_creds_different_strips_port(self): |
|
239 |
plugin = self._makeOne('secret') |
|
240 |
old_val = self._makeTicket(userid='userid') |
|
241 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val, |
|
242 |
'HTTP_HOST': 'localhost:8080', |
|
243 |
}) |
|
244 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
245 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
246 |
'userdata':'userdata'}) |
|
247 |
self.assertEqual(len(result), 3) |
|
248 |
self.assertEqual(result[0], |
|
249 |
('Set-Cookie', |
|
250 |
'auth_tkt="%s"; ' |
|
251 |
'Path=/' % new_val)) |
|
252 |
self.assertEqual(result[1], |
|
253 |
('Set-Cookie', |
|
254 |
'auth_tkt="%s"; ' |
|
255 |
'Path=/; ' |
|
256 |
'Domain=localhost' |
|
257 |
% new_val)) |
|
258 |
self.assertEqual(result[2], |
|
259 |
('Set-Cookie', |
|
260 |
'auth_tkt="%s"; ' |
|
261 |
'Path=/; ' |
|
262 |
'Domain=.localhost' |
2afbb8
|
263 |
% new_val)) |
496fcf
|
264 |
|
394ea6
|
265 |
def test_remember_creds_different_include_ip(self): |
TS |
266 |
plugin = self._makeOne('secret', include_ip=True) |
|
267 |
old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1') |
|
268 |
environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val}) |
|
269 |
new_val = self._makeTicket(userid='other', |
|
270 |
userdata='userdata', |
|
271 |
remote_addr='1.1.1.1') |
|
272 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
273 |
'userdata':'userdata'}) |
|
274 |
self.assertEqual(len(result), 3) |
|
275 |
self.assertEqual(result[0], |
|
276 |
('Set-Cookie', |
7f9907
|
277 |
'auth_tkt="%s"; ' |
TS |
278 |
'Path=/' % new_val)) |
394ea6
|
279 |
self.assertEqual(result[1], |
TS |
280 |
('Set-Cookie', |
7f9907
|
281 |
'auth_tkt="%s"; ' |
TS |
282 |
'Path=/; ' |
|
283 |
'Domain=localhost' |
394ea6
|
284 |
% new_val)) |
TS |
285 |
self.assertEqual(result[2], |
|
286 |
('Set-Cookie', |
7f9907
|
287 |
'auth_tkt="%s"; ' |
TS |
288 |
'Path=/; ' |
|
289 |
'Domain=.localhost' |
394ea6
|
290 |
% new_val)) |
TS |
291 |
|
|
292 |
def test_remember_creds_different_bad_old_cookie(self): |
|
293 |
plugin = self._makeOne('secret') |
|
294 |
old_val = 'BOGUS' |
|
295 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
296 |
new_val = self._makeTicket(userid='other', userdata='userdata') |
|
297 |
result = plugin.remember(environ, {'repoze.who.userid':'other', |
|
298 |
'userdata':'userdata'}) |
|
299 |
self.assertEqual(len(result), 3) |
|
300 |
self.assertEqual(result[0], |
|
301 |
('Set-Cookie', |
7f9907
|
302 |
'auth_tkt="%s"; ' |
TS |
303 |
'Path=/' % new_val)) |
394ea6
|
304 |
self.assertEqual(result[1], |
TS |
305 |
('Set-Cookie', |
7f9907
|
306 |
'auth_tkt="%s"; ' |
TS |
307 |
'Path=/; ' |
|
308 |
'Domain=localhost' |
394ea6
|
309 |
% new_val)) |
TS |
310 |
self.assertEqual(result[2], |
|
311 |
('Set-Cookie', |
7f9907
|
312 |
'auth_tkt="%s"; ' |
TS |
313 |
'Path=/; ' |
|
314 |
'Domain=.localhost' |
394ea6
|
315 |
% new_val)) |
TS |
316 |
|
fc9a88
|
317 |
def test_remember_creds_different_with_tokens(self): |
394ea6
|
318 |
plugin = self._makeOne('secret') |
TS |
319 |
old_val = self._makeTicket(userid='userid') |
|
320 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
fc9a88
|
321 |
new_val = self._makeTicket(userid='userid', |
394ea6
|
322 |
userdata='userdata', |
fc9a88
|
323 |
tokens=['foo', 'bar'], |
394ea6
|
324 |
) |
fc9a88
|
325 |
result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
394ea6
|
326 |
'userdata': 'userdata', |
TS |
327 |
'tokens': ['foo', 'bar'], |
|
328 |
}) |
|
329 |
self.assertEqual(len(result), 3) |
|
330 |
self.assertEqual(result[0], |
|
331 |
('Set-Cookie', |
7f9907
|
332 |
'auth_tkt="%s"; ' |
TS |
333 |
'Path=/' % new_val)) |
394ea6
|
334 |
self.assertEqual(result[1], |
TS |
335 |
('Set-Cookie', |
7f9907
|
336 |
'auth_tkt="%s"; ' |
TS |
337 |
'Path=/; Domain=localhost' |
394ea6
|
338 |
% new_val)) |
TS |
339 |
self.assertEqual(result[2], |
|
340 |
('Set-Cookie', |
7f9907
|
341 |
'auth_tkt="%s"; ' |
TS |
342 |
'Path=/; ' |
|
343 |
'Domain=.localhost' |
394ea6
|
344 |
% new_val)) |
TS |
345 |
|
fc9a88
|
346 |
def test_remember_creds_different_with_tuple_tokens(self): |
BS |
347 |
plugin = self._makeOne('secret') |
|
348 |
old_val = self._makeTicket(userid='userid') |
|
349 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
350 |
new_val = self._makeTicket(userid='userid', |
|
351 |
userdata='userdata', |
|
352 |
tokens=['foo', 'bar'], |
|
353 |
) |
|
354 |
result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
|
355 |
'userdata': 'userdata', |
|
356 |
'tokens': ('foo', 'bar'), |
|
357 |
}) |
|
358 |
self.assertEqual(len(result), 3) |
|
359 |
self.assertEqual(result[0], |
|
360 |
('Set-Cookie', |
7f9907
|
361 |
'auth_tkt="%s"; ' |
TS |
362 |
'Path=/' % new_val)) |
fc9a88
|
363 |
self.assertEqual(result[1], |
BS |
364 |
('Set-Cookie', |
7f9907
|
365 |
'auth_tkt="%s"; ' |
TS |
366 |
'Path=/; ' |
|
367 |
'Domain=localhost' |
fc9a88
|
368 |
% new_val)) |
BS |
369 |
self.assertEqual(result[2], |
|
370 |
('Set-Cookie', |
7f9907
|
371 |
'auth_tkt="%s"; ' |
TS |
372 |
'Path=/; ' |
|
373 |
'Domain=.localhost' |
fc9a88
|
374 |
% new_val)) |
BS |
375 |
|
496fcf
|
376 |
def test_remember_creds_different_int_userid(self): |
TS |
377 |
plugin = self._makeOne('secret') |
|
378 |
old_val = self._makeTicket(userid='userid') |
|
379 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
380 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
381 |
result = plugin.remember(environ, {'repoze.who.userid':1, |
|
382 |
'userdata':''}) |
|
383 |
|
|
384 |
self.assertEqual(len(result), 3) |
|
385 |
self.assertEqual(result[0], |
|
386 |
('Set-Cookie', |
d6fa0a
|
387 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
388 |
|
TS |
389 |
def test_remember_creds_different_long_userid(self): |
6a32cd
|
390 |
try: |
TS |
391 |
long |
|
392 |
except NameError: #pragma NO COVER Python >= 3.0 |
|
393 |
return |
496fcf
|
394 |
plugin = self._makeOne('secret') |
TS |
395 |
old_val = self._makeTicket(userid='userid') |
|
396 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
|
397 |
new_val = self._makeTicket(userid='1', userdata='userid_type:int') |
|
398 |
result = plugin.remember(environ, {'repoze.who.userid':long(1), |
|
399 |
'userdata':''}) |
|
400 |
self.assertEqual(len(result), 3) |
|
401 |
self.assertEqual(result[0], |
|
402 |
('Set-Cookie', |
d6fa0a
|
403 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
404 |
|
TS |
405 |
def test_remember_creds_different_unicode_userid(self): |
|
406 |
plugin = self._makeOne('secret') |
|
407 |
old_val = self._makeTicket(userid='userid') |
|
408 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
6a32cd
|
409 |
userid = b'\xc2\xa9'.decode('utf-8') |
d6fa0a
|
410 |
if type(b'') == type(''): |
TS |
411 |
userdata = 'userid_type:unicode' |
|
412 |
else: # XXX |
|
413 |
userdata = '' |
496fcf
|
414 |
new_val = self._makeTicket(userid=userid.encode('utf-8'), |
d6fa0a
|
415 |
userdata=userdata) |
496fcf
|
416 |
result = plugin.remember(environ, {'repoze.who.userid':userid, |
TS |
417 |
'userdata':''}) |
|
418 |
self.assertEqual(type(result[0][1]), str) |
|
419 |
self.assertEqual(len(result), 3) |
|
420 |
self.assertEqual(result[0], |
|
421 |
('Set-Cookie', |
d6fa0a
|
422 |
'auth_tkt="%s"; Path=/' % new_val)) |
496fcf
|
423 |
|
cd1198
|
424 |
def test_remember_creds_reissue(self): |
CM |
425 |
import time |
|
426 |
plugin = self._makeOne('secret', reissue_time=1) |
798feb
|
427 |
old_val = self._makeTicket(userid='userid', userdata='', |
TS |
428 |
time=time.time()-2) |
cd1198
|
429 |
environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
CM |
430 |
new_val = self._makeTicket(userid='userid', userdata='') |
|
431 |
result = plugin.remember(environ, {'repoze.who.userid':'userid', |
|
432 |
'userdata':''}) |
|
433 |
self.assertEqual(type(result[0][1]), str) |
|
434 |
self.assertEqual(len(result), 3) |
|
435 |
self.assertEqual(result[0], |
|
436 |
('Set-Cookie', |
d6fa0a
|
437 |
'auth_tkt="%s"; Path=/' % new_val)) |
cd1198
|
438 |
|
b0f81f
|
439 |
def test_remember_max_age(self): |
TS |
440 |
plugin = self._makeOne('secret') |
|
441 |
environ = {'HTTP_HOST':'example.com'} |
|
442 |
|
|
443 |
tkt = self._makeTicket(userid='chris', userdata='') |
|
444 |
result = plugin.remember(environ, {'repoze.who.userid':'chris', |
|
445 |
'max_age':'500'}) |
|
446 |
|
|
447 |
name,value = result.pop(0) |
|
448 |
self.assertEqual('Set-Cookie', name) |
|
449 |
self.failUnless( |
|
450 |
value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), |
|
451 |
value) |
|
452 |
self.failUnless('; Expires=' in value) |
|
453 |
|
|
454 |
name,value = result.pop(0) |
|
455 |
self.assertEqual('Set-Cookie', name) |
|
456 |
self.failUnless( |
|
457 |
value.startswith( |
|
458 |
'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' |
|
459 |
% tkt), value) |
|
460 |
self.failUnless('; Expires=' in value) |
|
461 |
|
|
462 |
name,value = result.pop(0) |
|
463 |
self.assertEqual('Set-Cookie', name) |
|
464 |
self.failUnless( |
|
465 |
value.startswith( |
|
466 |
'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), |
|
467 |
value) |
|
468 |
self.failUnless('; Expires=' in value) |
|
469 |
|
496fcf
|
470 |
def test_forget(self): |
798feb
|
471 |
from datetime import datetime |
TS |
472 |
now = datetime(2009, 11, 5, 16, 15, 22) |
|
473 |
self._setNowTesting(now) |
496fcf
|
474 |
plugin = self._makeOne('secret') |
TS |
475 |
environ = self._makeEnviron() |
|
476 |
headers = plugin.forget(environ, None) |
|
477 |
self.assertEqual(len(headers), 3) |
|
478 |
header = headers[0] |
|
479 |
name, value = header |
|
480 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
481 |
self.assertEqual(value, |
TS |
482 |
'auth_tkt="INVALID"; Path=/; ' |
|
483 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' |
|
484 |
) |
496fcf
|
485 |
header = headers[1] |
TS |
486 |
name, value = header |
|
487 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
488 |
self.assertEqual(value, |
TS |
489 |
'auth_tkt="INVALID"; Path=/; Domain=localhost; ' |
|
490 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' |
|
491 |
) |
496fcf
|
492 |
header = headers[2] |
TS |
493 |
name, value = header |
|
494 |
self.assertEqual(name, 'Set-Cookie') |
798feb
|
495 |
self.assertEqual(value, |
TS |
496 |
'auth_tkt="INVALID"; Path=/; Domain=.localhost; ' |
|
497 |
'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' |
|
498 |
) |
b0f81f
|
499 |
|
TS |
500 |
def test_authenticate_non_auth_tkt_credentials(self): |
|
501 |
plugin = self._makeOne() |
|
502 |
self.assertEqual(plugin.authenticate(environ={}, identity={}), None) |
|
503 |
|
|
504 |
def test_authenticate_without_checker(self): |
|
505 |
plugin = self._makeOne() |
|
506 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'} |
|
507 |
self.assertEqual(plugin.authenticate({}, identity), 'phred') |
|
508 |
|
|
509 |
def test_authenticate_with_checker_and_non_existing_account(self): |
|
510 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
511 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'phred'} |
|
512 |
self.assertEqual(plugin.authenticate({}, identity), None) |
|
513 |
|
|
514 |
def test_authenticate_with_checker_and_existing_account(self): |
|
515 |
plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) |
|
516 |
identity = {'repoze.who.plugins.auth_tkt.userid': 'existing'} |
|
517 |
self.assertEqual(plugin.authenticate({}, identity), 'existing') |
496fcf
|
518 |
|
TS |
519 |
def test_factory_wo_secret_wo_secretfile_raises_ValueError(self): |
|
520 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
521 |
self.assertRaises(ValueError, make_plugin) |
|
522 |
|
|
523 |
def test_factory_w_secret_w_secretfile_raises_ValueError(self): |
|
524 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
525 |
self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile') |
|
526 |
|
|
527 |
def test_factory_w_bad_secretfile_raises_ValueError(self): |
|
528 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
529 |
self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt') |
|
530 |
|
|
531 |
def test_factory_w_secret(self): |
|
532 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
533 |
plugin = make_plugin('secret') |
|
534 |
self.assertEqual(plugin.cookie_name, 'auth_tkt') |
|
535 |
self.assertEqual(plugin.secret, 'secret') |
|
536 |
self.assertEqual(plugin.include_ip, False) |
|
537 |
self.assertEqual(plugin.secure, False) |
|
538 |
|
|
539 |
def test_factory_w_secretfile(self): |
1810b2
|
540 |
import os |
TS |
541 |
from tempfile import mkdtemp |
496fcf
|
542 |
from repoze.who.plugins.auth_tkt import make_plugin |
1810b2
|
543 |
tempdir = self.tempdir = mkdtemp() |
TS |
544 |
path = os.path.join(tempdir, 'who.secret') |
|
545 |
secret = open(path, 'w') |
|
546 |
secret.write('s33kr1t\n') |
|
547 |
secret.flush() |
|
548 |
secret.close() |
|
549 |
plugin = make_plugin(secretfile=path) |
496fcf
|
550 |
self.assertEqual(plugin.secret, 's33kr1t') |
TS |
551 |
|
cd1198
|
552 |
def test_factory_with_timeout_and_reissue_time(self): |
CM |
553 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
554 |
plugin = make_plugin('secret', timeout=5, reissue_time=1) |
|
555 |
self.assertEqual(plugin.timeout, 5) |
|
556 |
self.assertEqual(plugin.reissue_time, 1) |
|
557 |
|
a6f6dc
|
558 |
def test_factory_with_userid_checker(self): |
CM |
559 |
from repoze.who.plugins.auth_tkt import make_plugin |
|
560 |
plugin = make_plugin( |
|
561 |
'secret', |
|
562 |
userid_checker='repoze.who.plugins.auth_tkt:make_plugin') |
|
563 |
self.assertEqual(plugin.userid_checker, make_plugin) |
299b4c
|
564 |
|
15e365
|
565 |
def test_remember_max_age_unicode(self): |
6a32cd
|
566 |
from repoze.who._compat import u |
15e365
|
567 |
plugin = self._makeOne('secret') |
TS |
568 |
environ = {'HTTP_HOST':'example.com'} |
|
569 |
tkt = self._makeTicket(userid='chris', userdata='') |
|
570 |
result = plugin.remember(environ, {'repoze.who.userid': 'chris', |
6919cb
|
571 |
'max_age': u('500')}) |
TS |
572 |
name, value = result.pop(0) |
15e365
|
573 |
self.assertEqual('Set-Cookie', name) |
TS |
574 |
self.failUnless(isinstance(value, str)) |
|
575 |
self.failUnless( |
|
576 |
value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), |
|
577 |
(value, tkt)) |
|
578 |
self.failUnless('; Expires=' in value) |
|
579 |
|
|
580 |
name,value = result.pop(0) |
|
581 |
self.assertEqual('Set-Cookie', name) |
|
582 |
self.failUnless( |
|
583 |
value.startswith( |
|
584 |
'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' |
|
585 |
% tkt), value) |
|
586 |
self.failUnless('; Expires=' in value) |
|
587 |
|
|
588 |
name,value = result.pop(0) |
|
589 |
self.assertEqual('Set-Cookie', name) |
|
590 |
self.failUnless( |
|
591 |
value.startswith( |
|
592 |
'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), |
|
593 |
value) |
|
594 |
self.failUnless('; Expires=' in value) |
|
595 |
|
299b4c
|
596 |
|
a6f6dc
|
597 |
def dummy_userid_checker(userid): |
CM |
598 |
return userid == 'existing' |