Back to index

plone3  3.1.7
Public Member Functions
CMFPlone.tests.testCSRFProtection.AuthenticatorTestCase Class Reference

List of all members.

Public Member Functions

def afterSetUp
def test_KeyManager
def checkAuthenticator
def test_PloneTool_setMemberProperties
def test_PloneTool_changeOwnershipOf
def test_PloneTool_acquireLocalRoles
def test_PloneTool_deleteObjectsByPaths
def test_PloneTool_transitionObjectsByPaths
def test_PloneTool_renameObjectsByPaths
def test_plone_session_manage_clearSecrets
def test_plone_session_manage_createNewSecret
def test_RegistrationTool_addMember
def test_RegistrationTool_editMember
def test_MembershipTool_setPassword
def test_MembershipTool_deleteMemberArea
def test_MembershipTool_setLocalRoles
def test_MembershipTool_deleteLocalRoles
def test_MembershipTool_deleteMembers
def test_GroupData_addMember
def test_GroupData_removeMember
def test_userFolderAddUser
def test_userFolderEditUser
def test_userFolderDelUsers

Detailed Description

Definition at line 11 of file testCSRFProtection.py.


Member Function Documentation

Definition at line 13 of file testCSRFProtection.py.

00013 
00014     def afterSetUp(self):
00015         self.setRoles(('Manager',))

Here is the call graph for this function:

def CMFPlone.tests.testCSRFProtection.AuthenticatorTestCase.checkAuthenticator (   self,
  path,
  query = '',
  status = 200 
)

Definition at line 19 of file testCSRFProtection.py.

00019 
00020     def checkAuthenticator(self, path, query='', status=200):
00021         credentials = '%s:%s' % (ptc.default_user, ptc.default_password)
00022         path = '/' + self.portal.absolute_url(relative=True) + path
00023         data = StringIO(query)
00024         # without authenticator...
00025         response = self.publish(path=path, basic=credentials, env={},
00026                                 request_method='POST', stdin=data)
00027         self.assertEqual(response.getStatus(), 403)
00028         # with authenticator...
00029         tag = AuthenticatorView('context', 'request').authenticator()
00030         token = tag.split('"')[5]
00031         data = StringIO(query + '&_authenticator=%s' % token)
00032         response = self.publish(path=path, basic=credentials, env={},
00033                                 request_method='POST', stdin=data)
00034         self.assertEqual(response.getStatus(), status)

Here is the caller graph for this function:

Definition at line 112 of file testCSRFProtection.py.

00112 
00113     def test_GroupData_addMember(self):
00114         member = self.portal.portal_membership.getMemberById
00115         self.failIf('Administrators' in member(ptc.default_user).getGroups())
00116         self.checkAuthenticator('/prefs_user_membership_edit',
00117             'userid=%s&add:list=Administrators' % ptc.default_user, status=302)
00118         self.failUnless('Administrators' in member(ptc.default_user).getGroups())

Here is the call graph for this function:

Definition at line 119 of file testCSRFProtection.py.

00119 
00120     def test_GroupData_removeMember(self):
00121         group = self.portal.portal_groups.getGroupById('Reviewers')
00122         group.addMember(ptc.default_user)
00123         member = self.portal.portal_membership.getMemberById
00124         self.failUnless('Reviewers' in member(ptc.default_user).getGroups())
00125         self.checkAuthenticator('/prefs_user_membership_edit',
00126             'userid=%s&delete:list=Reviewers' % ptc.default_user, status=302)
00127         self.failIf('Reviewers' in member(ptc.default_user).getGroups())

Here is the call graph for this function:

Definition at line 16 of file testCSRFProtection.py.

00016 
00017     def test_KeyManager(self):
00018         self.failUnless(queryUtility(IKeyManager), 'key manager not found')

Definition at line 104 of file testCSRFProtection.py.

00104 
00105     def test_MembershipTool_deleteLocalRoles(self):
00106         self.checkAuthenticator('/folder_localrole_delete',
00107             'member_ids:list=%s' % ptc.default_user, status=302)

Here is the call graph for this function:

Definition at line 95 of file testCSRFProtection.py.

00095 
00096     def test_MembershipTool_deleteMemberArea(self):
00097         self.checkAuthenticator('/portal_membership/deleteMemberArea',
00098             'member_id=%s' % ptc.default_user)

Here is the call graph for this function:

Definition at line 108 of file testCSRFProtection.py.

00108 
00109     def test_MembershipTool_deleteMembers(self):
00110         self.checkAuthenticator('/portal_membership/deleteMembers',
00111             'member_ids:list=%s' % ptc.default_user)

Here is the call graph for this function:

Definition at line 99 of file testCSRFProtection.py.

00099 
00100     def test_MembershipTool_setLocalRoles(self):
00101         self.checkAuthenticator('/folder_localrole_add',
00102             'member_ids:list=%s&member_roles:list=Manager' % ptc.default_user,
00103             status=302)

Here is the call graph for this function:

Definition at line 91 of file testCSRFProtection.py.

00091 
00092     def test_MembershipTool_setPassword(self):
00093         self.checkAuthenticator('/portal_membership/setPassword',
00094             'password=y0d4Wg')

Here is the call graph for this function:

Definition at line 74 of file testCSRFProtection.py.

00074 
00075     def test_plone_session_manage_clearSecrets(self):
00076         self.checkAuthenticator('/acl_users/session/manage_clearSecrets',
00077             status=302)

Here is the call graph for this function:

Definition at line 78 of file testCSRFProtection.py.

00078 
00079     def test_plone_session_manage_createNewSecret(self):
00080         self.checkAuthenticator('/acl_users/session/manage_createNewSecret',
00081             status=302)

Here is the call graph for this function:

Definition at line 49 of file testCSRFProtection.py.

00049 
00050     def test_PloneTool_acquireLocalRoles(self):
00051         self.checkAuthenticator('/folder_localrole_set',
00052             'use_acquisition:int=1', status=302)

Here is the call graph for this function:

Definition at line 43 of file testCSRFProtection.py.

00043 
00044     def test_PloneTool_changeOwnershipOf(self):
00045         self.assertNotEqual(self.portal.getOwner().getUserName(), ptc.default_user)
00046         self.checkAuthenticator('/change_ownership',
00047             'userid=%s' % ptc.default_user, status=302)
00048         self.assertEqual(self.portal.getOwner().getUserName(), ptc.default_user)

Here is the call graph for this function:

Definition at line 53 of file testCSRFProtection.py.

00053 
00054     def test_PloneTool_deleteObjectsByPaths(self):
00055         self.failUnless(self.portal.get('news', None))
00056         self.checkAuthenticator('/plone_utils/deleteObjectsByPaths',
00057             'paths:list=news')
00058         self.failIf(self.portal.get('news', None))

Here is the call graph for this function:

Definition at line 67 of file testCSRFProtection.py.

00067 
00068     def test_PloneTool_renameObjectsByPaths(self):
00069         self.portal.portal_types['Large Plone Folder'].global_allow = True
00070         self.failIf(self.portal.get('foo', None))
00071         self.checkAuthenticator('/plone_utils/renameObjectsByPaths',
00072             'paths:list=events&new_ids:list=foo&new_titles:list=Foo')
00073         self.failUnless(self.portal.get('foo', None))

Here is the call graph for this function:

Definition at line 35 of file testCSRFProtection.py.

00035 
00036     def test_PloneTool_setMemberProperties(self):
00037         member = self.portal.portal_membership.getMemberById
00038         email = 'john@spamfactory.com'
00039         self.assertNotEqual(member(ptc.default_user).getProperty('email'), email)
00040         self.checkAuthenticator('/prefs_user_edit',
00041             'userid=%s&email=%s' % (ptc.default_user, email))
00042         self.assertEqual(member(ptc.default_user).getProperty('email'), email)

Here is the call graph for this function:

Definition at line 59 of file testCSRFProtection.py.

00059 
00060     def test_PloneTool_transitionObjectsByPaths(self):
00061         infoFor = self.portal.portal_workflow.getInfoFor
00062         frontpage = self.portal['front-page']
00063         self.assertEqual(infoFor(frontpage, 'review_state'), 'visible')
00064         self.checkAuthenticator('/plone_utils/transitionObjectsByPaths',
00065             'workflow_action=publish&paths:list=front-page', status=302)
00066         self.assertEqual(infoFor(frontpage, 'review_state'), 'published')

Here is the call graph for this function:

Definition at line 82 of file testCSRFProtection.py.

00082 
00083     def test_RegistrationTool_addMember(self):
00084         self.checkAuthenticator('/portal_registration/addMember',
00085             'id=john&password=y0d4Wg')

Here is the call graph for this function:

Definition at line 86 of file testCSRFProtection.py.

00086 
00087     def test_RegistrationTool_editMember(self):
00088         self.checkAuthenticator('/portal_registration/editMember',
00089             'member_id=%s&password=y0d4Wg&properties.foo:record=' %
00090             ptc.default_user)

Here is the call graph for this function:

Definition at line 128 of file testCSRFProtection.py.

00128 
00129     def test_userFolderAddUser(self):
00130         self.checkAuthenticator('/acl_users/userFolderAddUser',
00131             'login=foo&password=bar&domains=&roles:list=Manager')

Here is the call graph for this function:

Definition at line 137 of file testCSRFProtection.py.

00137 
00138     def test_userFolderDelUsers(self):
00139         self.checkAuthenticator('/acl_users/userFolderDelUsers',
00140             'names:list=%s' % ptc.default_user)
00141 

Here is the call graph for this function:

Definition at line 132 of file testCSRFProtection.py.

00132 
00133     def test_userFolderEditUser(self):
00134         self.checkAuthenticator('/acl_users/userFolderEditUser',
00135             'principal_id=%s&password=bar&domains=&roles:list=Manager' %
00136             ptc.default_user)

Here is the call graph for this function:


The documentation for this class was generated from the following file: