Back to index

plone3  3.1.7
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
CMFCore.tests.test_CookieCrumbler.CookieCrumblerTests Class Reference
Inheritance diagram for CMFCore.tests.test_CookieCrumbler.CookieCrumblerTests:
Inheritance graph
[legend]
Collaboration diagram for CMFCore.tests.test_CookieCrumbler.CookieCrumblerTests:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def setUp
def tearDown
def test_z3interfaces
def testNoCookies
def testCookieLogin
def testCookieResume
def testPasswordShredding
def testCredentialsNotRevealed
def testAutoLoginRedirection
def testDisabledAutoLoginRedirection
def testNoRedirectAfterAuthenticated
def testRetryLogin
def testLoginRestoresQueryString
def testCacheHeaderAnonymous
def testCacheHeaderLoggingIn
def testCacheHeaderAuthenticated
def testCacheHeaderDisabled
def testDisableLoginDoesNotPreventPasswordShredding
def testDisableLoginDoesNotPreventPasswordShredding2
def testMidApplicationAutoLoginRedirection
def testMidApplicationAuthenticationButUnauthorized
def testRedirectOnUnauthorized
def testLoginRatherThanResume
def testCreateForms
def test_before_traverse_hooks

Private Member Functions

def _getTargetClass
def _makeOne
def _makeSite

Private Attributes

 _finally

Static Private Attributes

string _CC_ID = 'cookie_authentication'

Detailed Description

Definition at line 41 of file test_CookieCrumbler.py.


Member Function Documentation

Definition at line 45 of file test_CookieCrumbler.py.

00045 
00046     def _getTargetClass(self):
00047         from Products.CMFCore.CookieCrumbler  import CookieCrumbler
00048         return CookieCrumbler

def CMFCore.tests.test_CookieCrumbler.CookieCrumblerTests._makeOne (   self,
  args,
  kw 
) [private]

Definition at line 49 of file test_CookieCrumbler.py.

00049 
00050     def _makeOne(self, *args, **kw):
00051         return self._getTargetClass()(*args, **kw)

Here is the call graph for this function:

Definition at line 73 of file test_CookieCrumbler.py.

00073 
00074     def _makeSite(self):
00075         import base64
00076         from cStringIO import StringIO
00077         import urllib
00078 
00079         from AccessControl.User import UserFolder
00080         from OFS.Folder import Folder
00081         from OFS.DTMLMethod import DTMLMethod
00082 
00083         root = Folder()
00084         root.isTopLevelPrincipiaApplicationObject = 1  # User folder needs this
00085         root.getPhysicalPath = lambda: ()  # hack
00086         root._View_Permission = ('Anonymous',)
00087 
00088         users = UserFolder()
00089         users._setId('acl_users')
00090         users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
00091         users._doAddUser('isaac', 'pass-w', ('Son',), ())
00092         root._setObject(users.id, users)
00093 
00094         cc = self._makeOne()
00095         cc.id = self._CC_ID
00096         root._setObject(cc.id, cc)
00097 
00098         index = DTMLMethod()
00099         index.munge('This is the default view')
00100         index._setId('index_html')
00101         root._setObject(index.getId(), index)
00102 
00103         login = DTMLMethod()
00104         login.munge('Please log in first.')
00105         login._setId('login_form')
00106         root._setObject(login.getId(), login)
00107 
00108         protected = DTMLMethod()
00109         protected._View_Permission = ('Manager',)
00110         protected.munge('This is the protected view')
00111         protected._setId('protected')
00112         root._setObject(protected.getId(), protected)
00113 
00114         req = makerequest(root, StringIO())
00115         self._finally = req.close
00116 
00117         credentials = urllib.quote(
00118             base64.encodestring('abraham:pass-w').rstrip())
00119 
00120         return root, cc, req, credentials

Here is the call graph for this function:

Definition at line 52 of file test_CookieCrumbler.py.

00052 
00053     def setUp(self):
00054         from zope.component import provideHandler
00055         from zope.component.interfaces import IObjectEvent
00056         from Products.CMFCore.interfaces import ICookieCrumbler
00057         from Products.CMFCore.CookieCrumbler import handleCookieCrumblerEvent
00058 
00059         PlacelessSetup.setUp(self)
00060         self._finally = None
00061 
00062         provideHandler(handleCookieCrumblerEvent,
00063                        adapts=(ICookieCrumbler, IObjectEvent))

Definition at line 64 of file test_CookieCrumbler.py.

00064 
00065     def tearDown(self):
00066         from AccessControl.SecurityManagement import noSecurityManager
00067 
00068         if self._finally is not None:
00069             self._finally()
00070 
00071         noSecurityManager()
00072         PlacelessSetup.tearDown(self)

Definition at line 367 of file test_CookieCrumbler.py.

00367 
00368     def test_before_traverse_hooks(self):
00369         from OFS.Folder import Folder
00370         container = Folder()
00371         cc = self._makeOne()
00372         cc._setId(self._CC_ID)
00373 
00374         marker = []
00375         bt_before = getattr(container, '__before_traverse__', marker)
00376         self.failUnless(bt_before is marker)
00377 
00378         container._setObject(self._CC_ID, cc)
00379 
00380         bt_added = getattr(container, '__before_traverse__')
00381         self.assertEqual(len(bt_added.items()), 1)
00382         k, v = bt_added.items()[0]
00383         self.failUnless(k[1].startswith(self._getTargetClass().meta_type))
00384         self.assertEqual(v.name, self._CC_ID)
00385 
00386         container._delObject(self._CC_ID)
00387 
00388         bt_removed = getattr(container, '__before_traverse__')
00389         self.assertEqual(len(bt_removed.items()), 0)
00390 

Definition at line 121 of file test_CookieCrumbler.py.

00121 
00122     def test_z3interfaces(self):
00123         from zope.interface.verify import verifyClass
00124         from Products.CMFCore.interfaces import ICookieCrumbler
00125 
00126         verifyClass(ICookieCrumbler, self._getTargetClass())

Here is the call graph for this function:

Definition at line 178 of file test_CookieCrumbler.py.

00178 
00179     def testAutoLoginRedirection(self):
00180         # Redirect unauthorized anonymous users to the login page
00181         from Products.CMFCore.CookieCrumbler  import Redirect
00182 
00183         root, cc, req, credentials = self._makeSite()
00184         self.assertRaises(Redirect, req.traverse, '/protected')

Here is the call graph for this function:

Definition at line 243 of file test_CookieCrumbler.py.

00243 
00244     def testCacheHeaderAnonymous(self):
00245         # Should not set cache-control
00246         root, cc, req, credentials = self._makeSite()
00247         req.traverse('/')
00248         self.assertEqual(
00249             req.response.headers.get('cache-control', ''), '')

Here is the call graph for this function:

Definition at line 258 of file test_CookieCrumbler.py.

00258 
00259     def testCacheHeaderAuthenticated(self):
00260         # Should set cache-control
00261         root, cc, req, credentials = self._makeSite()
00262         req.cookies['__ac'] = credentials
00263         req.traverse('/')
00264         self.assertEqual(req.response['cache-control'], 'private')

Here is the call graph for this function:

Definition at line 265 of file test_CookieCrumbler.py.

00265 
00266     def testCacheHeaderDisabled(self):
00267         # Should not set cache-control
00268         root, cc, req, credentials = self._makeSite()
00269         cc.cache_header_value = ''
00270         req.cookies['__ac'] = credentials
00271         req.traverse('/')
00272         self.assertEqual(
00273             req.response.headers.get('cache-control', ''), '')

Here is the call graph for this function:

Definition at line 250 of file test_CookieCrumbler.py.

00250 
00251     def testCacheHeaderLoggingIn(self):
00252         # Should set cache-control
00253         root, cc, req, credentials = self._makeSite()
00254         req.cookies['__ac_name'] = 'abraham'
00255         req.cookies['__ac_password'] = 'pass-w'
00256         req.traverse('/')
00257         self.assertEqual(req.response['cache-control'], 'private')

Here is the call graph for this function:

Definition at line 134 of file test_CookieCrumbler.py.

00134 
00135     def testCookieLogin(self):
00136         # verify the user and auth cookie get set
00137         root, cc, req, credentials = self._makeSite()
00138 
00139         req.cookies['__ac_name'] = 'abraham'
00140         req.cookies['__ac_password'] = 'pass-w'
00141         req.traverse('/')
00142 
00143         self.failUnless(req.has_key('AUTHENTICATED_USER'))
00144         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00145                          'abraham')
00146         resp = req.response
00147         self.failUnless(resp.cookies.has_key('__ac'))
00148         self.assertEqual(resp.cookies['__ac']['value'],
00149                          credentials)
00150         self.assertEqual(resp.cookies['__ac']['path'], '/')

Here is the call graph for this function:

Definition at line 151 of file test_CookieCrumbler.py.

00151 
00152     def testCookieResume(self):
00153         # verify the cookie crumbler continues the session
00154         root, cc, req, credentials = self._makeSite()
00155         req.cookies['__ac'] = credentials
00156         req.traverse('/')
00157         self.failUnless(req.has_key('AUTHENTICATED_USER'))
00158         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00159                          'abraham')

Here is the call graph for this function:

Definition at line 350 of file test_CookieCrumbler.py.

00350 
00351     def testCreateForms(self):
00352         # Verify the factory creates the login forms.
00353         from Products.CMFCore.CookieCrumbler  import manage_addCC
00354 
00355         if 'CMFCore' in self._getTargetClass().__module__:
00356             # This test is disabled in CMFCore.
00357             return
00358 
00359         root, cc, req, credentials = self._makeSite()
00360         root._delObject('cookie_authentication')
00361         manage_addCC(root, 'login', create_forms=1)
00362         ids = root.login.objectIds()
00363         ids.sort()
00364         self.assertEqual(tuple(ids), (
00365             'index_html', 'logged_in', 'logged_out', 'login_form',
00366             'standard_login_footer', 'standard_login_header'))

Here is the call graph for this function:

Definition at line 170 of file test_CookieCrumbler.py.

00170 
00171     def testCredentialsNotRevealed(self):
00172         # verify the credentials are shredded before the app gets the request
00173         root, cc, req, credentials = self._makeSite()
00174         req.cookies['__ac'] = credentials
00175         self.failUnless(req.has_key('__ac'))
00176         req.traverse('/')
00177         self.failIf( req.has_key('__ac'))

Here is the call graph for this function:

Definition at line 185 of file test_CookieCrumbler.py.

00185 
00186     def testDisabledAutoLoginRedirection(self):
00187         # When disable_cookie_login__ is set, don't redirect.
00188         from zExceptions.unauthorized import Unauthorized
00189 
00190         root, cc, req, credentials = self._makeSite()
00191         req['disable_cookie_login__'] = 1
00192         self.assertRaises(Unauthorized, req.traverse, '/protected')
00193 

Here is the call graph for this function:

Definition at line 274 of file test_CookieCrumbler.py.

00274 
00275     def testDisableLoginDoesNotPreventPasswordShredding(self):
00276         # Even if disable_cookie_login__ is set, read the cookies
00277         # anyway to avoid revealing the password to the app.
00278         # (disable_cookie_login__ does not mean disable cookie
00279         # authentication, it only means disable the automatic redirect
00280         # to the login page.)
00281         root, cc, req, credentials = self._makeSite()
00282         req.cookies['__ac_name'] = 'abraham'
00283         req.cookies['__ac_password'] = 'pass-w'
00284         req['disable_cookie_login__'] = 1
00285         req.traverse('/')
00286         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00287                          'abraham')
00288         # Here is the real test: the password should have been shredded.
00289         self.failIf( req.has_key('__ac_password'))

Here is the call graph for this function:

Definition at line 290 of file test_CookieCrumbler.py.

00290 
00291     def testDisableLoginDoesNotPreventPasswordShredding2(self):
00292         root, cc, req, credentials = self._makeSite()
00293         req.cookies['__ac'] = credentials
00294         req['disable_cookie_login__'] = 1
00295         req.traverse('/')
00296         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00297                          'abraham')
00298         self.failIf( req.has_key('__ac'))

Here is the call graph for this function:

Definition at line 336 of file test_CookieCrumbler.py.

00336 
00337     def testLoginRatherThanResume(self):
00338         # When the user presents both a session resume and new
00339         # credentials, choose the new credentials (so that it's
00340         # possible to log in without logging out)
00341         root, cc, req, credentials = self._makeSite()
00342         req.cookies['__ac_name'] = 'isaac'
00343         req.cookies['__ac_password'] = 'pass-w'
00344         req.cookies['__ac'] = credentials
00345         req.traverse('/')
00346 
00347         self.failUnless(req.has_key('AUTHENTICATED_USER'))
00348         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00349                          'isaac')

Here is the call graph for this function:

Definition at line 224 of file test_CookieCrumbler.py.

00224 
00225     def testLoginRestoresQueryString(self):
00226         # When redirecting for login, the came_from form field should
00227         # include the submitted URL as well as the query string.
00228         import urllib
00229         from Products.CMFCore.CookieCrumbler  import Redirect
00230 
00231         root, cc, req, credentials = self._makeSite()
00232         req['PATH_INFO'] = '/protected'
00233         req['QUERY_STRING'] = 'a:int=1&x:string=y'
00234         try:
00235             req.traverse('/protected')
00236         except Redirect, s:
00237             if hasattr(s, 'args'):
00238                 s = s.args[0]
00239             to_find = urllib.quote('/protected?' + req['QUERY_STRING'])
00240             self.failUnless(s.find(to_find) >= 0, s)
00241         else:
00242             self.fail('Did not redirect')

Here is the call graph for this function:

Definition at line 312 of file test_CookieCrumbler.py.

00312 
00313     def testMidApplicationAuthenticationButUnauthorized(self):
00314         # Don't redirect already-authenticated users to the login page,
00315         # even when Unauthorized happens in the middle of the app.
00316         from zExceptions.unauthorized import Unauthorized
00317 
00318         root, cc, req, credentials = self._makeSite()
00319         req.cookies['__ac'] = credentials
00320         req.traverse('/')
00321         try:
00322             raise Unauthorized
00323         except:
00324             req.response.exception()
00325             self.assertEqual(req.response.status, 401)

Here is the call graph for this function:

Definition at line 299 of file test_CookieCrumbler.py.

00299 
00300     def testMidApplicationAutoLoginRedirection(self):
00301         # Redirect anonymous users to login page if Unauthorized
00302         # occurs in the middle of the app
00303         from zExceptions.unauthorized import Unauthorized
00304 
00305         root, cc, req, credentials = self._makeSite()
00306         req.traverse('/')
00307         try:
00308             raise Unauthorized
00309         except:
00310             req.response.exception()
00311             self.assertEqual(req.response.status, 302)

Here is the call graph for this function:

Definition at line 127 of file test_CookieCrumbler.py.

00127 
00128     def testNoCookies(self):
00129         # verify the cookie crumbler doesn't break when no cookies are given
00130         root, cc, req, credentials = self._makeSite()
00131         req.traverse('/')
00132         self.assertEqual(req['AUTHENTICATED_USER'].getUserName(),
00133                          'Anonymous User')

Here is the call graph for this function:

Definition at line 194 of file test_CookieCrumbler.py.

00194 
00195     def testNoRedirectAfterAuthenticated(self):
00196         # Don't redirect already-authenticated users to the login page,
00197         # even when they try to access things they can't get.
00198         from zExceptions.unauthorized import Unauthorized
00199 
00200         root, cc, req, credentials = self._makeSite()
00201         req.cookies['__ac'] = credentials
00202         self.assertRaises(Unauthorized, req.traverse, '/protected')

Here is the call graph for this function:

Definition at line 160 of file test_CookieCrumbler.py.

00160 
00161     def testPasswordShredding(self):
00162         # verify the password is shredded before the app gets the request
00163         root, cc, req, credentials = self._makeSite()
00164         req.cookies['__ac_name'] = 'abraham'
00165         req.cookies['__ac_password'] = 'pass-w'
00166         self.failUnless(req.has_key('__ac_password'))
00167         req.traverse('/')
00168         self.failIf( req.has_key('__ac_password'))
00169         self.failIf( req.has_key('__ac'))

Here is the call graph for this function:

Definition at line 326 of file test_CookieCrumbler.py.

00326 
00327     def testRedirectOnUnauthorized(self):
00328         # Redirect already-authenticated users to the unauthorized
00329         # handler page if that's what the sysadmin really wants.
00330         from Products.CMFCore.CookieCrumbler  import Redirect
00331 
00332         root, cc, req, credentials = self._makeSite()
00333         cc.unauth_page = 'login_form'
00334         req.cookies['__ac'] = credentials
00335         self.assertRaises(Redirect, req.traverse, '/protected')

Here is the call graph for this function:

Definition at line 203 of file test_CookieCrumbler.py.

00203 
00204     def testRetryLogin(self):
00205         # After a failed login, CookieCrumbler should give the user an
00206         # opportunity to try to log in again.
00207         from Products.CMFCore.CookieCrumbler  import Redirect
00208 
00209         root, cc, req, credentials = self._makeSite()
00210         req.cookies['__ac_name'] = 'israel'
00211         req.cookies['__ac_password'] = 'pass-w'
00212         try:
00213             req.traverse('/protected')
00214         except Redirect, s:
00215             # Test passed
00216             if hasattr(s, 'args'):
00217                 s = s.args[0]
00218             self.failUnless(s.find('came_from=') >= 0)
00219             self.failUnless(s.find('retry=1') >= 0)
00220             self.failUnless(s.find('disable_cookie_login__=1') >= 0)
00221         else:
00222             self.fail('Did not redirect')
00223 

Here is the call graph for this function:


Member Data Documentation

string CMFCore.tests.test_CookieCrumbler.CookieCrumblerTests._CC_ID = 'cookie_authentication' [static, private]

Definition at line 43 of file test_CookieCrumbler.py.

Definition at line 59 of file test_CookieCrumbler.py.


The documentation for this class was generated from the following file: