Back to index

moin  1.9.0~rc2
test_auth.py
Go to the documentation of this file.
00001 # -*- coding: utf-8 -*-
00002 """
00003     MoinMoin - MoinMoin.auth and session tests
00004 
00005     @copyright: 2008 MoinMoin:ThomasWaldmann
00006     @license: GNU GPL, see COPYING for details.
00007 """
00008 import py.test
00009 
00010 from MoinMoin.web.request import TestRequest, evaluate_request
00011 from MoinMoin import wsgiapp
00012 from MoinMoin._tests import wikiconfig
00013 
00014 
00015 class AuthTest:
00016     """ test misc. auth methods """
00017     PAGES = ['FrontPage', 'MoinMoin', 'HelpContents', 'WikiSandBox', ] # must all exist!
00018 
00019     def setup_class(cls):
00020         """ Stuff that should be run to init the state of this test class
00021 
00022         Some test needs specific config values, or they will fail.
00023         """
00024 
00025     def teardown_class(cls):
00026         """ Stuff that should run to clean up the state of this test class
00027 
00028         """
00029 
00030     def run_request(self, **params):
00031         request = TestRequest(**params)
00032         #XXX: config passing hack
00033         request.given_config = getattr(self, 'Config', wikiconfig.Config)
00034         context = wsgiapp.init(request)
00035         wsgiapp.run(context)
00036         return context
00037 
00038 
00039 class TestNoAuth(AuthTest):
00040     def testNoAuth(self):
00041         """ run a simple request, no auth, just check if it succeeds """
00042         request = self.run_request()
00043 
00044         # anon user?
00045         assert not request.user.valid
00046 
00047         appiter, status, headers = evaluate_request(request.request)
00048         # check if the request resulted in normal status, result headers and content
00049         assert status[:3] == '200'
00050         has_ct = has_v = has_cc = False
00051         for k, v in headers:
00052             if k == 'Content-Type':
00053                 assert v.startswith('text/html')
00054                 has_ct = True
00055             elif k == 'Vary':
00056                 assert 'Cookie' in v
00057                 assert 'Accept-Language' in v
00058                 has_v = True
00059             elif k == 'Cache-Control':
00060                 assert 'public' in v
00061                 has_cc = True
00062             elif k == 'Set-Cookie':
00063                 cookie = v
00064         assert has_ct
00065         assert has_v
00066         # XXX BROKEN?:
00067         #assert has_cc # cache anon user's content
00068         assert '</html>' in ''.join(appiter)
00069 
00070 class TestAnonSession(AuthTest):
00071     class Config(wikiconfig.Config):
00072         cookie_lifetime = 1, 12
00073 
00074     def testAnonSession(self):
00075         """ run some requests, no auth, check if anon sessions work """
00076         cookie = ''
00077         trail_expected = []
00078         first = True
00079         for pagename in self.PAGES:
00080             environ_overrides = {'HTTP_COOKIE': cookie}
00081             request = self.run_request(path='/%s' % pagename,
00082                                        environ_overrides=environ_overrides)
00083 
00084             # anon user?
00085             assert not request.user.valid
00086 
00087             # Do we have a session?
00088             assert request.session is not None
00089 
00090             appiter, status, headers = evaluate_request(request.request)
00091             # check if the request resulted in normal status, result headers and content
00092             assert status[:3] == '200'
00093             has_ct = has_v = has_cc = False
00094             for k, v in headers:
00095                 if k == 'Content-Type':
00096                     assert v.startswith('text/html')
00097                     has_ct = True
00098                 elif k == 'Vary':
00099                     assert 'Cookie' in v
00100                     assert 'Accept-Language' in v
00101                     has_v = True
00102                 elif k == 'Cache-Control':
00103                     assert 'private' in v
00104                     assert 'must-revalidate' in v
00105                     has_cc = True
00106                 elif k == 'Set-Cookie':
00107                     cookie = v
00108             assert has_ct
00109             assert has_v
00110             # XX BROKEN
00111             #assert not has_cc # do not cache anon user's (with session!) content
00112             assert '</html>' in ''.join(appiter)
00113 
00114             # The trail is only ever saved on the second page display
00115             # because otherwise anonymous sessions would be created
00116             # for every request, even if it never sent a cookie!
00117             # Hence, skip over the first request and only verify
00118             # the trail for the second and following.
00119             if first:
00120                 first = False
00121                 continue
00122 
00123             assert not request.session.is_new
00124 
00125             trail_expected.append(unicode(pagename))
00126 
00127             # Requested pagenames get into trail?
00128             assert 'trail' in request.session
00129             trail = request.session['trail']
00130             assert trail == trail_expected
00131 
00132 class TestHttpAuthSession(AuthTest):
00133     py.test.skip("We currently have no http auth code in moin. GivenAuth relies on the web server doing the http auth check.")
00134     class Config(wikiconfig.Config):
00135         from MoinMoin.auth.http import HttpAuth # does not exist (yet?)
00136         auth = [HttpAuth(autocreate=True)]
00137 
00138     def testHttpAuthSession(self):
00139         """ run some requests with http auth, check whether session works """
00140         username = u'HttpAuthTestUser'
00141         auth_info = u'%s:%s' % (username, u'testpass')
00142         auth_header = 'Basic %s' % auth_info.encode('base64')
00143         cookie = ''
00144         trail_expected = []
00145         first = True
00146         for pagename in self.PAGES:
00147             environ_overrides = {'HTTP_COOKIE': cookie,
00148                                  'HTTP_AUTHORIZATION': auth_header}
00149             request = self.run_request(path='/%s' % pagename,
00150                                        environ_overrides=environ_overrides)
00151 
00152             # Login worked?
00153             assert request.user.valid
00154             assert request.user.name == username
00155 
00156             # Do we have a session?
00157             assert request.session is not None
00158 
00159             appiter, status, headers = evaluate_request(request.request)
00160             # check if the request resulted in normal status, result headers and content
00161             assert status[:3] == '200'
00162             has_ct = has_v = has_cc = False
00163             for k, v in request.headers:
00164                 if k == 'Content-Type':
00165                     assert v.startswith('text/html')
00166                     has_ct = True
00167                 elif k == 'Vary':
00168                     assert 'Cookie' in v
00169                     assert 'Accept-Language' in v
00170                     has_v = True
00171                 elif k == 'Cache-Control':
00172                     assert 'private' in v
00173                     assert 'must-revalidate' in v
00174                     has_cc = True
00175                 elif k == 'Set-Cookie':
00176                     cookie = v
00177             assert has_ct
00178             assert has_v
00179             assert has_cc # do not cache logged-in user's content
00180             assert '</html>' in ''.join(appiter)
00181 
00182             # The trail is only ever saved on the second page display
00183             # because otherwise anonymous sessions would be created
00184             # for every request, even if it never sent a cookie!
00185             # Hence, skip over the first request and only verify
00186             # the trail for the second and following.
00187             if first:
00188                 first = False
00189                 continue
00190 
00191             trail_expected.append(unicode(pagename))
00192 
00193             # Requested pagenames get into trail?
00194             assert 'trail' in request.session
00195             trail = request.session['trail']
00196             assert trail == trail_expected
00197 
00198 class TestMoinAuthSession(AuthTest):
00199     class Config(wikiconfig.Config):
00200         from MoinMoin.auth import MoinAuth
00201         auth = [MoinAuth()]
00202 
00203     def testMoinAuthSession(self):
00204         """ run some requests with MoinAuth, check whether session works """
00205         from MoinMoin.user import User
00206         username = u'MoinAuthTestUser'
00207         password = u'ßecretß'
00208         User(self.request, name=username, password=password).save() # create user
00209         trail_expected = []
00210         first = True
00211         for pagename in self.PAGES:
00212             if first:
00213                 formdata = {
00214                     'name': username,
00215                     'password': password,
00216                     'login': 'login',
00217                 }
00218                 request = self.run_request(path='/%s' % pagename,
00219                                            query_string='login=login',
00220                                            method='POST', form_data=formdata)
00221             else: # not first page, use session cookie
00222                 environ_overrides = {'HTTP_COOKIE': cookie}
00223                 request = self.run_request(path='/%s' % pagename,
00224                                            environ_overrides=environ_overrides)
00225 
00226             # Login worked?
00227             assert request.user.valid
00228             assert request.user.name == username
00229 
00230             # Do we have a session?
00231             assert request.session is not None
00232 
00233             appiter, status, headers = evaluate_request(request.request)
00234             # check if the request resulted in normal status, result headers and content
00235             assert status[:3] == '200'
00236             has_ct = has_v = has_cc = False
00237             for k, v in request.headers:
00238                 if k == 'Content-Type':
00239                     assert v.startswith('text/html')
00240                     has_ct = True
00241                 elif k == 'Vary':
00242                     assert 'Cookie' in v
00243                     assert 'Accept-Language' in v
00244                     has_v = True
00245                 elif k == 'Cache-Control':
00246                     assert 'private' in v
00247                     assert 'must-revalidate' in v
00248                     has_cc = True
00249                 elif k == 'Set-Cookie':
00250                     cookie = v
00251             assert has_ct
00252             assert has_v
00253             assert has_cc # do not cache logged-in user's content
00254             assert '</html>' in ''.join(appiter)
00255 
00256             # The trail is only ever saved on the second page display
00257             # because otherwise anonymous sessions would be created
00258             # for every request, even if it never sent a cookie!
00259             # Hence, skip over the first request and only verify
00260             # the trail for the second and following.
00261             if first:
00262                 first = False
00263                 continue
00264 
00265             trail_expected.append(unicode(pagename))
00266 
00267             # Requested pagenames get into trail?
00268             assert 'trail' in request.session
00269             trail = request.session['trail']
00270             assert trail == trail_expected
00271