Back to index

plone3  3.1.7
Public Member Functions | Private Member Functions | Static Private Attributes
PluggableAuthService.tests.test_PluggableAuthService.PluggableAuthServiceTests Class Reference
Inheritance diagram for PluggableAuthService.tests.test_PluggableAuthService.PluggableAuthServiceTests:
Inheritance graph
[legend]
Collaboration diagram for PluggableAuthService.tests.test_PluggableAuthService.PluggableAuthServiceTests:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def tearDown
def test_empty
def test_checkBeforeTraverse
def test__extractUserIds_simple
def test__extractUserIds_one_extractor_two_authenticators
def test__extractUserIds_two_extractors_two_authenticators
def test__extractUserIds_broken_extractor_before_good_extractor
def test__extractUserIds_broken_extractor_after_good_extractor
def test__extractUserIds_authenticate_emergency_user_with_broken_extractor
def test__extractUserIds_broken_authenticator_before_good_authenticator
def test__extractUserIds_broken_authenticator_after_good_authenticator
def test__extractUserIds_authenticate_emergency_user_with_broken_authenticator
def test__extractUserIds_emergency_user_always_wins
def test__getObjectContext_no_steps
def test__getObjectContext_simple
def test__getObjectContext_acquired_from_folder
def test__getObjectContext_acquired_from_root
def test__getObjectContext_acquired_from_rc
def test__verifyUser_no_plugins
def test__verifyUser_one_plugin
def test__verifyUser_more_plugins
def test__verifyUser_login
def test__verifyUser_login_userid
def test__findUser_no_plugins
def test__findEmergencyUser_no_plugins
def test__findUser_with_userfactory_plugin
def test__findUser_with_plugins
def test__findUser_with_groups
def test__findUser_with_groups_ignoring_one
def test__authorizeUser_force_ok
def test__authorizeUser_force_no_way
def test__authorizeUser_use_ZSP_implied_roles_OK
def test__authorizeUser_use_ZSP_implied_roles_fail
def test__authorizeUser_use_ZSP_implied_roles_mgr
def test__authorizeUser_use_ZSP_explicit_roles_OK
def test__authorizeUser_use_ZSP_explicit_roles_fail
def test__authorizeUser_use_ZSP_explicit_roles_mgr
def test_getUser_no_plugins
def test_getUser_with_plugins
def test_getUser_with_uniquifying_plugins
def test_getUser_id_and_name
def test_simple_getUserGroups_with_Groupplugin
def test_validate_simple_unauth
def test_validate_simple_anonymous
def test_validate_simple_authenticated
def test_validate_with_anonymous_factory
def testAllowGroupsAttribute
def test__setObject_no_ownership_fixup
def test__delOb_unregisters_plugin
def test_searchGroups
def test_searchPrincipals
def test_searchPrincipalsWithSuperEnumerator
def test_no_challenger
def test_challenge
def test_daisy_chain_challenge
def test_challenge_multi_protocols
def test_dont_call_challenge_twice
def test_logout

Private Member Functions

def _getTargetClass
def _makeOne
def _makePlugins
def _makeTree
def _makeUserEnumerator
def _makeGroupEnumerator
def _makeSuperEnumerator
def _makeGroupPlugin
def _makeChallengePlugin

Static Private Attributes

 _oldSecurityPolicy = None

Detailed Description

Definition at line 390 of file test_PluggableAuthService.py.


Member Function Documentation

Definition at line 403 of file test_PluggableAuthService.py.

00403 
00404     def _getTargetClass( self ):
00405 
00406         from Products.PluggableAuthService.PluggableAuthService \
00407             import PluggableAuthService
00408 
00409         return PluggableAuthService

Definition at line 484 of file test_PluggableAuthService.py.

00484 
00485     def _makeChallengePlugin(self, id, klass):
00486         from Products.PluggableAuthService.interfaces.plugins \
00487              import IChallengePlugin
00488 
00489         cp = klass(id)
00490         directlyProvides( cp, IChallengePlugin )
00491         return cp

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 453 of file test_PluggableAuthService.py.

00453 
00454     def _makeGroupEnumerator( self, group_id ):
00455 
00456         from Products.PluggableAuthService.interfaces.plugins \
00457              import IGroupEnumerationPlugin
00458 
00459         enumerator = DummyGroupEnumerator( group_id )
00460         directlyProvides( enumerator, IGroupEnumerationPlugin )
00461 
00462         return enumerator

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 476 of file test_PluggableAuthService.py.

00476 
00477     def _makeGroupPlugin(self, id, groups=()):
00478         from Products.PluggableAuthService.interfaces.plugins \
00479              import IGroupsPlugin
00480 
00481         gp = DummyGroupPlugin(id, groups=groups)
00482         directlyProvides( gp, IGroupsPlugin )
00483         return gp

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.tests.test_PluggableAuthService.PluggableAuthServiceTests._makeOne (   self,
  plugins = None,
  args,
  kw 
) [private]

Definition at line 410 of file test_PluggableAuthService.py.

00410 
00411     def _makeOne( self, plugins=None, *args, **kw ):
00412 
00413         zcuf = self._getTargetClass()( *args, **kw )
00414 
00415         if plugins is not None:
00416             zcuf._setObject( 'plugins', plugins )
00417 
00418         return zcuf

Definition at line 419 of file test_PluggableAuthService.py.

00419 
00420     def _makePlugins( self, plugin_type_info=None ):
00421 
00422         from Products.PluggableAuthService.PluggableAuthService \
00423             import _PLUGIN_TYPE_INFO
00424         from Products.PluginRegistry.PluginRegistry import PluginRegistry
00425 
00426         if plugin_type_info is None:
00427             plugin_type_info = _PLUGIN_TYPE_INFO
00428 
00429         reg = PluginRegistry( plugin_type_info=plugin_type_info )
00430         reg._setId( 'plugins' )
00431         reg._plugins = {}
00432 
00433         return reg

Definition at line 463 of file test_PluggableAuthService.py.

00463 
00464     def _makeSuperEnumerator( self, user_id, login, group_id ):
00465 
00466         from Products.PluggableAuthService.interfaces.plugins \
00467              import IUserEnumerationPlugin
00468         from Products.PluggableAuthService.interfaces.plugins \
00469              import IGroupEnumerationPlugin
00470 
00471         enumerator = DummySuperEnumerator( user_id, login, group_id )
00472         directlyProvides( enumerator
00473                         , IUserEnumerationPlugin, IGroupEnumerationPlugin )
00474 
00475         return enumerator

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 434 of file test_PluggableAuthService.py.

00434 
00435     def _makeTree( self ):
00436 
00437         rc = FauxObject( 'rc' )
00438         root = FauxRoot( 'root' ).__of__( rc )
00439         folder = FauxContainer( 'folder' ).__of__( root )
00440         object = FauxObject( 'object' ).__of__( folder )
00441 
00442         return rc, root, folder, object

Here is the caller graph for this function:

Definition at line 443 of file test_PluggableAuthService.py.

00443 
00444     def _makeUserEnumerator( self, user_id, login=None ):
00445 
00446         from Products.PluggableAuthService.interfaces.plugins \
00447              import IUserEnumerationPlugin
00448 
00449         enumerator = DummyUserEnumerator( user_id, login )
00450         directlyProvides( enumerator, IUserEnumerationPlugin )
00451 
00452         return enumerator

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 394 of file test_PluggableAuthService.py.

00394 
00395     def tearDown( self ):
00396 
00397         self._clearRequest()
00398 
00399         if self._oldSecurityPolicy is not None:
00400             setSecurityPolicy( self._oldSecurityPolicy )
00401 
00402         noSecurityManager()

Here is the call graph for this function:

Definition at line 1291 of file test_PluggableAuthService.py.

01291 
01292     def test__authorizeUser_force_no_way( self ):
01293 
01294         zcuf = self._makeOne()
01295         faux = FauxUser( 'faux' )
01296 
01297         class ParanoidSP:
01298 
01299             def validate( self
01300                         , user
01301                         , accessed
01302                         , container
01303                         , name
01304                         , value
01305                         , roles=None
01306                         ):
01307                 return 0
01308 
01309         self._oldSecurityPolicy = setSecurityPolicy( ParanoidSP() )
01310 
01311         self.failIf( zcuf._authorizeUser( faux
01312                                         , accessed=FauxObject('a')
01313                                         , container=FauxObject('c')
01314                                         , name='name'
01315                                         , value=FauxObject('v')
01316                                         , roles=()
01317                                         ) )

Definition at line 1264 of file test_PluggableAuthService.py.

01264 
01265     def test__authorizeUser_force_ok( self ):
01266 
01267         zcuf = self._makeOne()
01268         faux = FauxUser( 'faux' )
01269 
01270         class PermissiveSP:
01271 
01272             def validate( self
01273                         , user
01274                         , accessed
01275                         , container
01276                         , name
01277                         , value
01278                         , roles=None
01279                         ):
01280                 return 1
01281 
01282         self._oldSecurityPolicy = setSecurityPolicy( PermissiveSP() )
01283 
01284         self.failUnless( zcuf._authorizeUser( faux
01285                                             , accessed=FauxObject('a')
01286                                             , container=FauxObject('c')
01287                                             , name='name'
01288                                             , value=FauxObject('v')
01289                                             , roles=()
01290                                             ) )

Definition at line 1374 of file test_PluggableAuthService.py.

01374 
01375     def test__authorizeUser_use_ZSP_explicit_roles_fail( self ):
01376 
01377         zcuf = self._makeOne()
01378         faux = FauxUser( 'faux' )
01379         object = FauxObject( 'object' )
01380 
01381         self.failIf( zcuf._authorizeUser( faux
01382                                         , accessed=FauxObject('a')
01383                                         , container=FauxObject('c')
01384                                         , name='name'
01385                                         , value=object
01386                                         , roles=('Manager',)
01387                                         ) )

Definition at line 1388 of file test_PluggableAuthService.py.

01388 
01389     def test__authorizeUser_use_ZSP_explicit_roles_mgr( self ):
01390 
01391         zcuf = self._makeOne()
01392         mgr = FauxUser( 'mgr', roles=( 'Manager', ) )
01393         object = FauxObject( 'object' )
01394 
01395         self.failUnless( zcuf._authorizeUser( mgr
01396                                             , accessed=FauxObject('a')
01397                                             , container=FauxObject('c')
01398                                             , name='name'
01399                                             , value=object
01400                                             , roles=('Manager',)
01401                                             ) )

Definition at line 1360 of file test_PluggableAuthService.py.

01360 
01361     def test__authorizeUser_use_ZSP_explicit_roles_OK( self ):
01362 
01363         zcuf = self._makeOne()
01364         faux = FauxUser( 'faux' )
01365         object = FauxObject( 'object' )
01366 
01367         self.failUnless( zcuf._authorizeUser( faux
01368                                             , accessed=FauxObject('a')
01369                                             , container=FauxObject('c')
01370                                             , name='name'
01371                                             , value=object
01372                                             , roles=('Anonymous',)
01373                                             ) )

Definition at line 1332 of file test_PluggableAuthService.py.

01332 
01333     def test__authorizeUser_use_ZSP_implied_roles_fail( self ):
01334 
01335         zcuf = self._makeOne()
01336         faux = FauxUser( 'faux' )
01337         object = FauxObject( 'object' )
01338         object.__roles__ = ( 'Manager', )
01339 
01340         self.failIf( zcuf._authorizeUser( faux
01341                                         , accessed=FauxObject('a')
01342                                         , container=FauxObject('c')
01343                                         , name='name'
01344                                         , value=object
01345                                         ) )

Definition at line 1346 of file test_PluggableAuthService.py.

01346 
01347     def test__authorizeUser_use_ZSP_implied_roles_mgr( self ):
01348 
01349         zcuf = self._makeOne()
01350         mgr = FauxUser( 'mgr', roles=( 'Manager', ) )
01351         object = FauxObject( 'object' )
01352         object.__roles__ = ( 'Manager', )
01353 
01354         self.failUnless( zcuf._authorizeUser( mgr
01355                                             , accessed=FauxObject('a')
01356                                             , container=FauxObject('c')
01357                                             , name='name'
01358                                             , value=object
01359                                             ) )

Definition at line 1318 of file test_PluggableAuthService.py.

01318 
01319     def test__authorizeUser_use_ZSP_implied_roles_OK( self ):
01320 
01321         zcuf = self._makeOne()
01322         faux = FauxUser( 'faux' )
01323         object = FauxObject( 'object' )
01324         object.__roles__ = ( 'Anonymous', )
01325 
01326         self.failUnless( zcuf._authorizeUser( faux
01327                                             , accessed=FauxObject('a')
01328                                             , container=FauxObject('c')
01329                                             , name='name'
01330                                             , value=object
01331                                             ) )

Definition at line 1735 of file test_PluggableAuthService.py.

01735 
01736     def test__delOb_unregisters_plugin( self ):
01737 
01738         from Products.PluggableAuthService.interfaces.plugins \
01739             import IExtractionPlugin, \
01740                    IAuthenticationPlugin, \
01741                    IUserEnumerationPlugin
01742 
01743         plugins = self._makePlugins()
01744         zcuf = self._makeOne( plugins )
01745 
01746         login = DummyPlugin()
01747         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01748         login.extractCredentials = _extractLogin
01749         login.authenticateCredentials = _authLogin
01750         zcuf._setObject( 'login', login )
01751 
01752         foo = DummyPlugin()
01753         directlyProvides( foo, IUserEnumerationPlugin )
01754         foo.enumerateUsers = lambda id: id == 'foo' or None
01755 
01756         zcuf._setObject( 'foo', foo )
01757 
01758         plugins = zcuf._getOb( 'plugins' )
01759         plugins.activatePlugin( IExtractionPlugin, 'login' )
01760         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01761         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01762 
01763         self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
01764         self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
01765         self.failUnless( plugins.listPlugins( IUserEnumerationPlugin ) )
01766 
01767         zcuf._delOb( 'foo' )
01768 
01769         self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
01770         self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
01771         self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
01772 
01773         zcuf._delOb( 'login' )
01774 
01775         self.failIf( plugins.listPlugins( IExtractionPlugin ) )
01776         self.failIf( plugins.listPlugins( IAuthenticationPlugin ) )
01777         self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )

Definition at line 812 of file test_PluggableAuthService.py.

00812 
00813     def test__extractUserIds_authenticate_emergency_user_with_broken_authenticator( self ):
00814 
00815         from Products.PluggableAuthService.interfaces.plugins \
00816             import IExtractionPlugin, IAuthenticationPlugin
00817 
00818         from AccessControl.User import UnrestrictedUser
00819 
00820         from Products.PluggableAuthService import PluggableAuthService
00821 
00822         old_eu = PluggableAuthService.emergency_user
00823 
00824         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00825 
00826         PluggableAuthService.emergency_user = eu
00827 
00828         try:
00829             plugins = self._makePlugins()
00830             zcuf = self._makeOne( plugins )
00831 
00832             login = DummyPlugin()
00833             directlyProvides( login, IExtractionPlugin )
00834 
00835             # Make the first attempt at emergency user authentication fail
00836             # (but not the extractor itself).
00837             login.extractCredentials = lambda req: {'login': '', 'password': ''}
00838 
00839             zcuf._setObject( 'login', login )
00840 
00841             borked = DummyPlugin()
00842             directlyProvides( borked, IAuthenticationPlugin )
00843             borked.authenticateCredentials = lambda creds: creds['nonesuch']
00844 
00845             zcuf._setObject( 'borked', borked )
00846 
00847             plugins = zcuf._getOb( 'plugins' )
00848 
00849             plugins.activatePlugin( IExtractionPlugin, 'login' )
00850             plugins.activatePlugin( IAuthenticationPlugin, 'borked' )
00851 
00852             request = self._makeRequest( form={ 'login' : eu.getUserName()
00853                                               , 'password' : eu._getPassword() } )
00854 
00855             user_ids = zcuf._extractUserIds( request=request
00856                                            , plugins=zcuf.plugins
00857                                            )
00858 
00859             self.assertEqual( len( user_ids ), 1 )
00860             self.assertEqual( user_ids[0][0], 'foo' )
00861         finally:
00862             PluggableAuthService.emergency_user = old_eu

Definition at line 697 of file test_PluggableAuthService.py.

00697 
00698     def test__extractUserIds_authenticate_emergency_user_with_broken_extractor( self ):
00699 
00700         from Products.PluggableAuthService.interfaces.plugins \
00701             import IExtractionPlugin, IAuthenticationPlugin
00702 
00703         from AccessControl.User import UnrestrictedUser
00704 
00705         from Products.PluggableAuthService import PluggableAuthService
00706 
00707         old_eu = PluggableAuthService.emergency_user
00708 
00709         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00710 
00711         PluggableAuthService.emergency_user = eu
00712 
00713         try:
00714             plugins = self._makePlugins()
00715             zcuf = self._makeOne( plugins )
00716 
00717             borked = DummyPlugin()
00718             directlyProvides( borked, IExtractionPlugin )
00719             borked.extractCredentials = lambda req: 'abc'
00720 
00721             zcuf._setObject( 'borked', borked )
00722 
00723             plugins = zcuf._getOb( 'plugins' )
00724 
00725             plugins.activatePlugin( IExtractionPlugin, 'borked' )
00726 
00727             request = self._makeRequest( form={ 'login' : eu.getUserName()
00728                                               , 'password' : eu._getPassword() } )
00729 
00730             user_ids = zcuf._extractUserIds( request=request
00731                                            , plugins=zcuf.plugins
00732                                            )
00733 
00734             self.assertEqual( len( user_ids ), 1 )
00735             self.assertEqual( user_ids[0][0], 'foo' )
00736         finally:
00737             PluggableAuthService.emergency_user = old_eu

Definition at line 775 of file test_PluggableAuthService.py.

00775 
00776     def test__extractUserIds_broken_authenticator_after_good_authenticator( self ):
00777 
00778         from Products.PluggableAuthService.interfaces.plugins \
00779             import IExtractionPlugin, IAuthenticationPlugin
00780 
00781         plugins = self._makePlugins()
00782         zcuf = self._makeOne( plugins )
00783 
00784         login = DummyPlugin()
00785         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00786         login.extractCredentials = _extractLogin
00787         login.authenticateCredentials = _authLogin
00788 
00789         zcuf._setObject( 'login', login )
00790 
00791         borked = DummyPlugin()
00792         directlyProvides( borked, IAuthenticationPlugin )
00793         borked.authenticateCredentials = lambda creds: creds['nonesuch']
00794 
00795         zcuf._setObject( 'borked', borked )
00796 
00797         plugins = zcuf._getOb( 'plugins' )
00798 
00799         plugins.activatePlugin( IExtractionPlugin, 'login' )
00800         plugins.activatePlugin( IAuthenticationPlugin, 'login' )    # 1
00801         plugins.activatePlugin( IAuthenticationPlugin, 'borked' )   # 2
00802 
00803         request = self._makeRequest( form={ 'login' : 'foo'
00804                                           , 'password' : 'bar' } )
00805 
00806         user_ids = zcuf._extractUserIds( request=request
00807                                        , plugins=zcuf.plugins
00808                                        )
00809 
00810         self.assertEqual( len( user_ids ), 1 )
00811         self.assertEqual( user_ids[0][0], 'foo' )

Definition at line 738 of file test_PluggableAuthService.py.

00738 
00739     def test__extractUserIds_broken_authenticator_before_good_authenticator( self ):
00740 
00741         from Products.PluggableAuthService.interfaces.plugins \
00742             import IExtractionPlugin, IAuthenticationPlugin
00743 
00744         plugins = self._makePlugins()
00745         zcuf = self._makeOne( plugins )
00746 
00747         login = DummyPlugin()
00748         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00749         login.extractCredentials = _extractLogin
00750         login.authenticateCredentials = _authLogin
00751 
00752         zcuf._setObject( 'login', login )
00753 
00754         borked = DummyPlugin()
00755         directlyProvides( borked, IAuthenticationPlugin )
00756         borked.authenticateCredentials = lambda creds: creds['nonesuch']
00757 
00758         zcuf._setObject( 'borked', borked )
00759 
00760         plugins = zcuf._getOb( 'plugins' )
00761 
00762         plugins.activatePlugin( IExtractionPlugin, 'login' )
00763         plugins.activatePlugin( IAuthenticationPlugin, 'borked' )   # 1
00764         plugins.activatePlugin( IAuthenticationPlugin, 'login' )    # 2
00765 
00766         request = self._makeRequest( form={ 'login' : 'foo'
00767                                           , 'password' : 'bar' } )
00768 
00769         user_ids = zcuf._extractUserIds( request=request
00770                                        , plugins=zcuf.plugins
00771                                        )
00772 
00773         self.assertEqual( len( user_ids ), 1 )
00774         self.assertEqual( user_ids[0][0], 'foo' )

Definition at line 660 of file test_PluggableAuthService.py.

00660 
00661     def test__extractUserIds_broken_extractor_after_good_extractor( self ):
00662 
00663         from Products.PluggableAuthService.interfaces.plugins \
00664             import IExtractionPlugin, IAuthenticationPlugin
00665 
00666         plugins = self._makePlugins()
00667         zcuf = self._makeOne( plugins )
00668 
00669         login = DummyPlugin()
00670         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00671         login.extractCredentials = _extractLogin
00672         login.authenticateCredentials = _authLogin
00673 
00674         zcuf._setObject( 'login', login )
00675 
00676         borked = DummyPlugin()
00677         directlyProvides( borked, IExtractionPlugin )
00678         borked.extractCredentials = lambda req: 'abc'
00679 
00680         zcuf._setObject( 'borked', borked )
00681 
00682         plugins = zcuf._getOb( 'plugins' )
00683 
00684         plugins.activatePlugin( IExtractionPlugin, 'login' )    # 1
00685         plugins.activatePlugin( IExtractionPlugin, 'borked' )   # 2
00686         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00687 
00688         request = self._makeRequest( form={ 'login' : 'foo'
00689                                           , 'password' : 'bar' } )
00690 
00691         user_ids = zcuf._extractUserIds( request=request
00692                                        , plugins=zcuf.plugins
00693                                        )
00694 
00695         self.assertEqual( len( user_ids ), 1 )
00696         self.assertEqual( user_ids[0][0], 'foo' )

Definition at line 623 of file test_PluggableAuthService.py.

00623 
00624     def test__extractUserIds_broken_extractor_before_good_extractor( self ):
00625 
00626         from Products.PluggableAuthService.interfaces.plugins \
00627             import IExtractionPlugin, IAuthenticationPlugin
00628 
00629         plugins = self._makePlugins()
00630         zcuf = self._makeOne( plugins )
00631 
00632         login = DummyPlugin()
00633         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00634         login.extractCredentials = _extractLogin
00635         login.authenticateCredentials = _authLogin
00636 
00637         zcuf._setObject( 'login', login )
00638 
00639         borked = DummyPlugin()
00640         directlyProvides( borked, IExtractionPlugin )
00641         borked.extractCredentials = lambda req: 'abc'
00642 
00643         zcuf._setObject( 'borked', borked )
00644 
00645         plugins = zcuf._getOb( 'plugins' )
00646 
00647         plugins.activatePlugin( IExtractionPlugin, 'borked' )   # 1
00648         plugins.activatePlugin( IExtractionPlugin, 'login' )    # 2
00649         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00650 
00651         request = self._makeRequest( form={ 'login' : 'foo'
00652                                           , 'password' : 'bar' } )
00653 
00654         user_ids = zcuf._extractUserIds( request=request
00655                                        , plugins=zcuf.plugins
00656                                        )
00657 
00658         self.assertEqual( len( user_ids ), 1 )
00659         self.assertEqual( user_ids[0][0], 'foo' )

Definition at line 863 of file test_PluggableAuthService.py.

00863 
00864     def test__extractUserIds_emergency_user_always_wins( self ):
00865 
00866         from Products.PluggableAuthService.interfaces.plugins \
00867             import IExtractionPlugin, IAuthenticationPlugin
00868 
00869         from AccessControl.User import UnrestrictedUser
00870 
00871         from Products.PluggableAuthService import PluggableAuthService
00872 
00873         old_eu = PluggableAuthService.emergency_user
00874 
00875         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00876 
00877         PluggableAuthService.emergency_user = eu
00878 
00879         try:
00880             plugins = self._makePlugins()
00881             zcuf = self._makeOne( plugins )
00882 
00883             login = DummyPlugin()
00884             directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00885             login.extractCredentials = lambda req: {'login': 'baz', 'password': ''}
00886             login.authenticateCredentials = _authLogin
00887 
00888             zcuf._setObject( 'login', login )
00889 
00890             plugins = zcuf._getOb( 'plugins' )
00891 
00892             plugins.activatePlugin( IExtractionPlugin, 'login' )
00893             plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00894 
00895             request = self._makeRequest( form={ 'login' : eu.getUserName()
00896                                               , 'password' : eu._getPassword() } )
00897 
00898             # This should authenticate the emergency user and not 'baz'
00899             user_ids = zcuf._extractUserIds( request=request
00900                                            , plugins=zcuf.plugins
00901                                            )
00902 
00903             self.assertEqual( len( user_ids ), 1 )
00904             self.assertEqual( user_ids[0][0], 'foo' )
00905         finally:
00906             PluggableAuthService.emergency_user = old_eu

Definition at line 536 of file test_PluggableAuthService.py.

00536 
00537     def test__extractUserIds_one_extractor_two_authenticators( self ):
00538 
00539         from Products.PluggableAuthService.interfaces.plugins \
00540             import IExtractionPlugin, IAuthenticationPlugin
00541 
00542         plugins = self._makePlugins()
00543         zcuf = self._makeOne( plugins )
00544 
00545         login = DummyPlugin()
00546         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00547         login.extractCredentials = _extractLogin
00548         login.authenticateCredentials = _authLogin
00549 
00550         zcuf._setObject( 'login', login )
00551 
00552         always = DummyPlugin()
00553         directlyProvides( always, IAuthenticationPlugin )
00554         always.authenticateCredentials = lambda creds: ('baz', None)
00555 
00556         zcuf._setObject( 'always', always )
00557 
00558         plugins = zcuf._getOb( 'plugins' )
00559 
00560         plugins.activatePlugin( IExtractionPlugin, 'login' )
00561         plugins.activatePlugin( IAuthenticationPlugin, 'always' )
00562         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00563 
00564         request = self._makeRequest( form={ 'login' : 'foo'
00565                                           , 'password' : 'bar' } )
00566 
00567         user_ids = zcuf._extractUserIds( request=request
00568                                        , plugins=zcuf.plugins
00569                                        )
00570 
00571         self.assertEqual( len( user_ids ), 2 )
00572         self.assertEqual( user_ids[0][0], 'baz' )
00573         self.assertEqual( user_ids[1][0], 'foo' )

Definition at line 508 of file test_PluggableAuthService.py.

00508 
00509     def test__extractUserIds_simple( self ):
00510 
00511         from Products.PluggableAuthService.interfaces.plugins \
00512             import IExtractionPlugin, IAuthenticationPlugin
00513 
00514         plugins = self._makePlugins()
00515         zcuf = self._makeOne( plugins )
00516 
00517         login = DummyPlugin()
00518         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00519         login.extractCredentials = _extractLogin
00520         login.authenticateCredentials = _authLogin
00521         zcuf._setObject( 'login', login )
00522 
00523         plugins = zcuf._getOb( 'plugins' )
00524         plugins.activatePlugin( IExtractionPlugin, 'login' )
00525         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00526 
00527         request = self._makeRequest( form={ 'login' : 'foo'
00528                                           , 'password' : 'bar' } )
00529 
00530         user_ids = zcuf._extractUserIds( request=request
00531                                        , plugins=zcuf.plugins
00532                                        )
00533 
00534         self.assertEqual( len( user_ids ), 1 )
00535         self.assertEqual( user_ids[0][0], 'foo' )

Definition at line 574 of file test_PluggableAuthService.py.

00574 
00575     def test__extractUserIds_two_extractors_two_authenticators( self ):
00576 
00577         from Products.PluggableAuthService.interfaces.plugins \
00578             import IExtractionPlugin, IAuthenticationPlugin
00579 
00580         plugins = self._makePlugins()
00581         zcuf = self._makeOne( plugins )
00582 
00583         login = DummyPlugin()
00584         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00585         login.extractCredentials = _extractLogin
00586         login.authenticateCredentials = _authLogin
00587 
00588         zcuf._setObject( 'login', login )
00589 
00590         extra = DummyPlugin()
00591         directlyProvides( extra, IExtractionPlugin, IAuthenticationPlugin )
00592         extra.extractCredentials = _extractExtra
00593         extra.authenticateCredentials = _authExtra
00594 
00595         zcuf._setObject( 'extra', extra )
00596 
00597         plugins = zcuf._getOb( 'plugins' )
00598 
00599         plugins.activatePlugin( IExtractionPlugin, 'extra' )
00600         plugins.activatePlugin( IExtractionPlugin, 'login' )
00601         plugins.activatePlugin( IAuthenticationPlugin, 'extra' )
00602         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00603 
00604         request = self._makeRequest( form={ 'login' : 'foo'
00605                                           , 'password' : 'bar' } )
00606 
00607         user_ids = zcuf._extractUserIds( request=request
00608                                        , plugins=zcuf.plugins
00609                                        )
00610 
00611         self.assertEqual( len( user_ids ), 1 )
00612         self.assertEqual( user_ids[0][0], 'foo' )
00613 
00614         request[ 'extra' ] = 'qux'
00615 
00616         user_ids = zcuf._extractUserIds( request=request
00617                                        , plugins=zcuf.plugins
00618                                        )
00619 
00620         self.assertEqual( len( user_ids ), 2, user_ids )
00621         self.assertEqual( user_ids[0][0], 'qux' )
00622         self.assertEqual( user_ids[1][0], 'foo' )

Definition at line 1117 of file test_PluggableAuthService.py.

01117 
01118     def test__findEmergencyUser_no_plugins( self ):
01119 
01120         from AccessControl.User import UnrestrictedUser
01121 
01122         from Products.PluggableAuthService import PluggableAuthService
01123 
01124         old_eu = PluggableAuthService.emergency_user
01125 
01126         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
01127 
01128         PluggableAuthService.emergency_user = eu
01129 
01130         plugins = self._makePlugins()
01131         zcuf = self._makeOne()
01132         zcuf._emergency_user = eu
01133         user = zcuf._findUser( plugins, 'foo' )
01134 
01135         self.assertEqual( aq_base(zcuf._getEmergencyUser()), aq_base(user) )
01136 
01137         PluggableAuthService.emergency_user = old_eu

Definition at line 1108 of file test_PluggableAuthService.py.

01108 
01109     def test__findUser_no_plugins( self ):
01110 
01111         plugins = self._makePlugins()
01112 
01113         zcuf = self._makeOne()
01114         user = zcuf._findUser( plugins, 'someone' )
01115 
01116         self.assertEqual( len( user.listPropertysheets() ), 0 )

Definition at line 1207 of file test_PluggableAuthService.py.

01207 
01208     def test__findUser_with_groups( self ):
01209 
01210         from Products.PluggableAuthService.interfaces.plugins \
01211             import IGroupsPlugin
01212 
01213         plugins = self._makePlugins()
01214         zcuf = self._makeOne( plugins )
01215 
01216         foo = DummyPlugin()
01217         directlyProvides( foo, IGroupsPlugin )
01218         foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
01219 
01220         zcuf._setObject( 'foo', foo )
01221 
01222         plugins = zcuf._getOb( 'plugins' )
01223 
01224         plugins.activatePlugin( IGroupsPlugin , 'foo' )
01225 
01226         user = zcuf._findUser( plugins, 'someone' )
01227 
01228         groups = user.getGroups()
01229         self.assertEqual( len( groups ), 2 )
01230         self.failUnless( 'group1' in groups )
01231         self.failUnless( 'group2' in groups )

Definition at line 1232 of file test_PluggableAuthService.py.

01232 
01233     def test__findUser_with_groups_ignoring_one( self ):
01234 
01235         from Products.PluggableAuthService.interfaces.plugins \
01236             import IGroupsPlugin
01237 
01238         plugins = self._makePlugins()
01239         zcuf = self._makeOne( plugins )
01240 
01241         foo = DummyPlugin()
01242         directlyProvides( foo, IGroupsPlugin )
01243         foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
01244 
01245         bar = DummyPlugin()
01246         directlyProvides( bar, IGroupsPlugin )
01247         bar.getGroupsForPrincipal = lambda user, req: ( 'group3', 'group4' )
01248 
01249         zcuf._setObject( 'foo', foo )
01250         zcuf._setObject( 'bar', bar )
01251 
01252         plugins = zcuf._getOb( 'plugins' )
01253 
01254         plugins.activatePlugin( IGroupsPlugin , 'foo' )
01255         plugins.activatePlugin( IGroupsPlugin , 'bar' )
01256 
01257         user = zcuf._findUser( plugins, 'someone' )
01258 
01259         groups = zcuf._getGroupsForPrincipal( user, plugins=plugins
01260                                             , ignore_plugins=( 'bar', ) )
01261         self.assertEqual( len( groups ), 2 )
01262         self.failIf( 'bar:group3' in groups )
01263         self.failIf( 'bar:group4' in groups )

Definition at line 1172 of file test_PluggableAuthService.py.

01172 
01173     def test__findUser_with_plugins( self ):
01174 
01175         from Products.PluggableAuthService.interfaces.plugins \
01176             import IPropertiesPlugin
01177 
01178         plugins = self._makePlugins()
01179         zcuf = self._makeOne( plugins )
01180 
01181         foo = DummyPlugin()
01182         directlyProvides( foo, IPropertiesPlugin )
01183         foo.getPropertiesForUser = lambda user, req: { 'login': user.getId() }
01184 
01185         zcuf._setObject( 'foo', foo )
01186 
01187         bar = DummyPlugin()
01188         directlyProvides( bar, IPropertiesPlugin )
01189         bar.getPropertiesForUser = lambda user, req: { 'a': 0, 'b': 'bar' }
01190 
01191         zcuf._setObject( 'bar', bar )
01192 
01193         plugins = zcuf._getOb( 'plugins' )
01194 
01195         plugins.activatePlugin( IPropertiesPlugin , 'foo' )
01196         plugins.activatePlugin( IPropertiesPlugin , 'bar' )
01197 
01198         user = zcuf._findUser( plugins, 'someone' )
01199 
01200         sheet_ids = user.listPropertysheets()
01201         self.assertEqual( len( sheet_ids ), 2 )
01202         self.failUnless( 'foo' in sheet_ids )
01203         self.failUnless( 'bar' in sheet_ids )
01204 
01205         foosheet = user[ 'foo' ]
01206         self.assertEqual( len( foosheet.propertyMap() ), 1 )

Definition at line 1138 of file test_PluggableAuthService.py.

01138 
01139     def test__findUser_with_userfactory_plugin( self ):
01140 
01141         from Products.PluggableAuthService.interfaces.plugins \
01142             import IUserFactoryPlugin
01143 
01144         plugins = self._makePlugins()
01145         zcuf = self._makeOne( plugins )
01146 
01147         bar = DummyPlugin()
01148         directlyProvides( bar, IUserFactoryPlugin )
01149 
01150         def _makeUser( user_id, name ):
01151             user = FauxUser( user_id )
01152             user._name = name
01153             return user
01154 
01155         bar.createUser = _makeUser
01156 
01157         zcuf._setObject( 'bar', bar )
01158 
01159         plugins = zcuf._getOb( 'plugins' )
01160 
01161         real_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
01162         self.failIf( real_user.__class__ is FauxUser )
01163 
01164         plugins.activatePlugin( IUserFactoryPlugin , 'bar' )
01165 
01166         faux_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
01167 
01168         self.assertEqual( faux_user.getId(), 'someone' )
01169         self.assertEqual( faux_user.getUserName(), 'to watch over me' )
01170 
01171         self.failUnless( faux_user.__class__ is FauxUser )

Definition at line 937 of file test_PluggableAuthService.py.

00937 
00938     def test__getObjectContext_acquired_from_folder( self ):
00939 
00940         zcuf = self._makeOne()
00941 
00942         rc, root, folder, object = self._makeTree()
00943 
00944         acquired_index = FauxObject( 'index_html' ).__of__( folder )
00945 
00946         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00947                                    , RESPONSE=FauxResponse()
00948                                    , PARENTS=[ object, folder, root ]
00949                                    )
00950 
00951         published = acquired_index.__of__( object )
00952 
00953         a, c, n, v = zcuf._getObjectContext( published, request )
00954 
00955         self.assertEqual( a, object )
00956         self.assertEqual( c, folder )
00957         self.assertEqual( n, 'index_html' )
00958         self.assertEqual( v, published )

Definition at line 982 of file test_PluggableAuthService.py.

00982 
00983     def test__getObjectContext_acquired_from_rc( self ):
00984 
00985         zcuf = self._makeOne()
00986 
00987         rc, root, folder, object = self._makeTree()
00988 
00989         acquired_index = FauxObject( 'index_html' ).__of__( rc )
00990 
00991         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00992                                    , RESPONSE=FauxResponse()
00993                                    , PARENTS=[ object, folder, root ]
00994                                    )
00995 
00996         published = acquired_index.__of__( object )
00997 
00998         a, c, n, v = zcuf._getObjectContext( published, request )
00999 
01000         self.assertEqual( a, object )
01001         self.assertEqual( c, root )
01002         self.assertEqual( n, 'index_html' )
01003         self.assertEqual( v, published )
01004 

Definition at line 959 of file test_PluggableAuthService.py.

00959 
00960     def test__getObjectContext_acquired_from_root( self ):
00961 
00962         zcuf = self._makeOne()
00963 
00964         rc, root, folder, object = self._makeTree()
00965 
00966         acquired_index = FauxObject( 'index_html' ).__of__( root )
00967 
00968         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00969                                    , RESPONSE=FauxResponse()
00970                                    , PARENTS=[ object, folder, root ]
00971                                    )
00972 
00973         published = acquired_index.__of__( object )
00974 
00975         a, c, n, v = zcuf._getObjectContext( published, request )
00976 
00977         self.assertEqual( a, object )
00978         self.assertEqual( c, root )
00979         self.assertEqual( n, 'index_html' )
00980         self.assertEqual( v, published )
00981 

Definition at line 907 of file test_PluggableAuthService.py.

00907 
00908     def test__getObjectContext_no_steps( self ):
00909 
00910         zcuf = self._makeOne()
00911         request = self._makeRequest( (), RESPONSE=FauxResponse() )
00912 
00913         self.assertRaises( FauxNotFoundError
00914                          , zcuf._getObjectContext, zcuf, request )

Definition at line 915 of file test_PluggableAuthService.py.

00915 
00916     def test__getObjectContext_simple( self ):
00917 
00918         zcuf = self._makeOne()
00919 
00920         rc, root, folder, object = self._makeTree()
00921 
00922         local_index = FauxObject( 'index_html' ).__of__( object )
00923 
00924         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00925                                    , RESPONSE=FauxResponse()
00926                                    , PARENTS=[ object, folder, root ]
00927                                    )
00928 
00929         published = local_index
00930 
00931         a, c, n, v = zcuf._getObjectContext( published, request )
00932 
00933         self.assertEqual( a, object )
00934         self.assertEqual( c, object )
00935         self.assertEqual( n, 'index_html' )
00936         self.assertEqual( v, published )

Definition at line 1718 of file test_PluggableAuthService.py.

01718 
01719     def test__setObject_no_ownership_fixup( self ):
01720 
01721         from AccessControl.SpecialUsers import emergency_user
01722         from OFS.Folder import Folder
01723 
01724         newSecurityManager( None, emergency_user )
01725 
01726         rc, root, folder, object = self._makeTree()
01727         zcuf = self._makeOne()
01728         folder._setObject( 'acl_users', zcuf )
01729         zcuf = folder._getOb( 'acl_users' )
01730 
01731         sub = Folder()
01732         sub._setId( 'sub' )
01733 
01734         zcuf._setObject( 'sub', sub )

Definition at line 1059 of file test_PluggableAuthService.py.

01059 
01060     def test__verifyUser_login( self ):
01061 
01062         from Products.PluggableAuthService.interfaces.plugins \
01063              import IUserEnumerationPlugin
01064 
01065         plugins = self._makePlugins()
01066         zcuf = self._makeOne( plugins )
01067 
01068         foo = self._makeUserEnumerator( 'foo' )
01069         zcuf._setObject( 'foo', foo )
01070 
01071         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01072         zcuf._setObject( 'bar', bar )
01073 
01074         plugins = zcuf._getOb( 'plugins' )
01075 
01076         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01077         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01078 
01079         self.failIf(      zcuf._verifyUser( zcuf.plugins, login='zope' ) )
01080         self.failUnless(  zcuf._verifyUser( zcuf.plugins, login='foo' ) )
01081         self.failIf(      zcuf._verifyUser( zcuf.plugins, login='bar' ) )
01082         self.failUnless(  zcuf._verifyUser( zcuf.plugins
01083                                           , login='bar@example.com' ) )

Definition at line 1084 of file test_PluggableAuthService.py.

01084 
01085     def test__verifyUser_login_userid( self ):
01086 
01087         from Products.PluggableAuthService.interfaces.plugins \
01088              import IUserEnumerationPlugin
01089 
01090         plugins = self._makePlugins()
01091         zcuf = self._makeOne( plugins )
01092 
01093         enumerator = DummyMultiUserEnumerator(
01094             'enumerator',
01095             {'id': 'foo', 'login': 'foobar'},
01096             {'id': 'bar', 'login': 'foo'})
01097         directlyProvides( enumerator, IUserEnumerationPlugin )
01098         zcuf._setObject( 'enumerator', enumerator )
01099 
01100         plugins = zcuf._getOb( 'plugins' )
01101 
01102         plugins.activatePlugin( IUserEnumerationPlugin, 'enumerator' )
01103 
01104         self.failUnless(
01105             zcuf._verifyUser(plugins, login='foo')['id'] == 'bar')
01106         self.failUnless(
01107             zcuf._verifyUser(plugins, login='foobar')['id'] == 'foo')

Definition at line 1030 of file test_PluggableAuthService.py.

01030 
01031     def test__verifyUser_more_plugins( self ):
01032 
01033         from Products.PluggableAuthService.interfaces.plugins \
01034              import IUserEnumerationPlugin
01035 
01036         plugins = self._makePlugins()
01037         zcuf = self._makeOne( plugins )
01038 
01039         foo = self._makeUserEnumerator( 'foo' )
01040         zcuf._setObject( 'foo', foo )
01041 
01042         bar = self._makeUserEnumerator( 'bar' )
01043         zcuf._setObject( 'bar', bar )
01044 
01045         qux = self._makeUserEnumerator( 'qux' )
01046         zcuf._setObject( 'qux', qux )
01047 
01048         plugins = zcuf._getOb( 'plugins' )
01049 
01050         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01051         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01052         plugins.activatePlugin( IUserEnumerationPlugin, 'qux' )
01053 
01054         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )
01055         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='foo' ) )
01056         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='bar' ) )
01057         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='baz' ) )
01058         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='qux' ) )

Definition at line 1005 of file test_PluggableAuthService.py.

01005 
01006     def test__verifyUser_no_plugins( self ):
01007 
01008         plugins = self._makePlugins()
01009         zcuf = self._makeOne( plugins )
01010 
01011         self.failIf( zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )

Definition at line 1012 of file test_PluggableAuthService.py.

01012 
01013     def test__verifyUser_one_plugin( self ):
01014 
01015         from Products.PluggableAuthService.interfaces.plugins \
01016              import IUserEnumerationPlugin
01017 
01018         plugins = self._makePlugins()
01019         zcuf = self._makeOne( plugins )
01020 
01021         foo = self._makeUserEnumerator( 'foo' )
01022         zcuf._setObject( 'foo', foo )
01023 
01024         plugins = zcuf._getOb( 'plugins' )
01025 
01026         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01027 
01028         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )
01029         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='foo' ) )

Definition at line 1861 of file test_PluggableAuthService.py.

01861 
01862     def test_challenge( self ):
01863         from Products.PluggableAuthService.interfaces.plugins \
01864              import IChallengePlugin
01865         plugins = self._makePlugins()
01866         zcuf = self._makeOne( plugins )
01867         challenger = self._makeChallengePlugin('challenger', DummyChallenger)
01868         zcuf._setObject( 'challenger', challenger )
01869         plugins = zcuf._getOb( 'plugins' )
01870         plugins.activatePlugin( IChallengePlugin, 'challenger' )
01871 
01872         response = FauxResponse()
01873         request = self._makeRequest(RESPONSE=response)
01874         zcuf.REQUEST = request
01875 
01876         # First call the userfolders before_traverse hook, to set things up:
01877         zcuf(self, request)
01878         # Call unauthorized to make sure Unauthorized is raised.
01879         self.failUnlessRaises( Unauthorized, response.unauthorized)
01880         # Since we have one challenger in play, we end up calling
01881         # PluggableAuthService._unauthorized(), which allows the
01882         # challengers to play. DummyChallenger sets '.challenger' on
01883         # response
01884         self.failUnless(isinstance(response.challenger, DummyChallenger))

Definition at line 1929 of file test_PluggableAuthService.py.

01929 
01930     def test_challenge_multi_protocols( self ):
01931         from Products.PluggableAuthService.interfaces.plugins \
01932              import IChallengePlugin
01933         plugins = self._makePlugins()
01934         zcuf = self._makeOne( plugins )
01935 
01936         dasher = self._makeChallengePlugin('dasher', DummyReindeerChallenger)
01937         dasher.protocol = "Reindeer Games Participant"
01938         zcuf._setObject( 'dasher', dasher )
01939 
01940         dancer = self._makeChallengePlugin('dancer', DummyReindeerChallenger)
01941         dancer.protocol = "Reindeer Games Participant"
01942         zcuf._setObject( 'dancer', dancer )
01943 
01944         rudolph = self._makeChallengePlugin('rudolph', DummyReindeerChallenger)
01945         rudolph.protocol = ("They never let poor Rudolph..."
01946                             " join in any Reindeer Games")
01947         zcuf._setObject( 'rudolph', rudolph )
01948 
01949         plugins = zcuf._getOb( 'plugins' )
01950         plugins.activatePlugin( IChallengePlugin, 'dasher' )
01951         plugins.activatePlugin( IChallengePlugin, 'dancer' )
01952         plugins.activatePlugin( IChallengePlugin, 'rudolph' )
01953 
01954         response = FauxResponse()
01955         request = self._makeRequest(RESPONSE=response)
01956         zcuf.REQUEST = request
01957 
01958         # First call the userfolders before_traverse hook, to set things up:
01959         zcuf(self, request)
01960 
01961         # Call unauthorized to make sure Unauthorized is raised.
01962         self.failUnlessRaises( Unauthorized, response.unauthorized)
01963 
01964         # Since we have multiple challengers in play, we end up
01965         # calling PluggableAuthService._unauthorized(), which allows
01966         # the challengers to play. However, because of the ordering of
01967         # the plugins, only "Reindeer Games Participant" challengers
01968         # will play
01969         self.assertEqual(response.reindeer_games, ['dasher', 'dancer'])

Definition at line 498 of file test_PluggableAuthService.py.

00498 
00499     def test_checkBeforeTraverse( self ):
00500 
00501         rc, root, folder, object = self._makeTree()
00502 
00503         zcuf = self._makeOne()
00504 
00505         root._setObject('acl_users', zcuf)
00506 
00507         self.assertEqual( len(root.__before_traverse__), 1)

Definition at line 1885 of file test_PluggableAuthService.py.

01885 
01886     def test_daisy_chain_challenge(self):
01887         # make sure that nested PASes each get a chance to challenge a
01888         # given response
01889         from Products.PluggableAuthService.interfaces.plugins \
01890              import IChallengePlugin
01891         rc, root, folder, object = self._makeTree()
01892         response = FauxResponse()
01893         request = self._makeRequest(RESPONSE=response)
01894         root.REQUEST =  request
01895 
01896         plugins = self._makePlugins()
01897         zcuf = self._makeOne(plugins)
01898         root._setObject( 'acl_users', zcuf )
01899         zcuf = root._getOb('acl_users')
01900 
01901         challenger = self._makeChallengePlugin('challenger', DummyChallenger)
01902         zcuf._setObject( 'challenger', challenger )
01903         zcuf.plugins.activatePlugin( IChallengePlugin, 'challenger' )
01904 
01905         # Emulate publishing traverse through the root
01906         zcuf(root, request)
01907 
01908         inner_plugins = self._makePlugins()
01909         inner_zcuf = self._makeOne(inner_plugins)
01910         folder._setObject('acl_users', inner_zcuf)
01911         inner_zcuf = folder._getOb('acl_users')
01912 
01913         bad_challenger = self._makeChallengePlugin('bad_challenger',
01914                                                    DummyBadChallenger)
01915         inner_zcuf._setObject( 'bad_challenger', bad_challenger )
01916         inner_zcuf.plugins.activatePlugin( IChallengePlugin, 'bad_challenger' )
01917 
01918         # Emulate publishing traverse through the subfolder
01919         inner_zcuf(folder, request)
01920 
01921         # Call unauthorized to make sure Unauthorized is raised.
01922         self.failUnlessRaises(Unauthorized, response.unauthorized)
01923 
01924         # Since we have two challengers in play, we end up calling
01925         # PluggableAuthService._unauthorized(), which allows the
01926         # challengers to play. DummyChallenger sets '.challenger' on
01927         # response
01928         self.failUnless(isinstance(response.challenger, DummyChallenger))

Definition at line 1970 of file test_PluggableAuthService.py.

01970 
01971     def test_dont_call_challenge_twice(self):
01972         from Products.PluggableAuthService.interfaces.plugins \
01973              import IChallengePlugin
01974         plugins = self._makePlugins()
01975         zcuf = self._makeOne( plugins )
01976 
01977         counter = self._makeChallengePlugin('counter', DummyCounterChallenger)
01978         zcuf._setObject( 'counter', counter )
01979 
01980         plugins = zcuf._getOb( 'plugins' )
01981         plugins.activatePlugin( IChallengePlugin, 'counter' )
01982 
01983         response = FauxResponse()
01984         request = self._makeRequest(RESPONSE=response)
01985         zcuf.REQUEST = request
01986 
01987         zcuf(self, request)
01988 
01989         self.failUnlessRaises(Unauthorized, response.unauthorized)
01990 
01991         self.assertEqual(counter.count, 1)

Definition at line 492 of file test_PluggableAuthService.py.

00492 
00493     def test_empty( self ):
00494 
00495         zcuf = self._makeOne()
00496 
00497         self.assertEqual( zcuf.getId(), 'acl_users' )

Definition at line 1469 of file test_PluggableAuthService.py.

01469 
01470     def test_getUser_id_and_name( self ):
01471         # Tests fetching a user by ID versus fetching by username.
01472         from Products.PluggableAuthService.interfaces.plugins \
01473              import IUserEnumerationPlugin
01474 
01475         plugins = self._makePlugins()
01476         zcuf = self._makeOne( plugins )
01477 
01478         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01479         bar.identifier = 'bar/'
01480         zcuf._setObject( 'bar', bar )
01481 
01482         zcuf.plugins.activatePlugin(IUserEnumerationPlugin, 'bar')
01483         # Fetch the new user by ID and name, and check we get the same.
01484         user = zcuf.getUserById('bar/bar')
01485         self.assertEqual( user.getId(), 'bar/bar')
01486         self.assertEqual( user.getUserName(), 'bar@example.com' )
01487 
01488         user2 = zcuf.getUser('bar@example.com')
01489         self.assertEqual( user2.getId(), 'bar/bar')
01490         self.assertEqual( user2.getUserName(), 'bar@example.com' )

Definition at line 1402 of file test_PluggableAuthService.py.

01402 
01403     def test_getUser_no_plugins( self ):
01404 
01405         plugins = self._makePlugins()
01406         zcuf = self._makeOne( plugins )
01407 
01408         self.assertEqual(  zcuf.getUser( 'zope' ), None )

Definition at line 1409 of file test_PluggableAuthService.py.

01409 
01410     def test_getUser_with_plugins( self ):
01411         # XXX: This will produce insane results when uniquifiers not present
01412 
01413         from Products.PluggableAuthService.interfaces.plugins \
01414              import IUserEnumerationPlugin
01415 
01416         plugins = self._makePlugins()
01417         zcuf = self._makeOne( plugins )
01418 
01419         foo = self._makeUserEnumerator( 'foo' )
01420         zcuf._setObject( 'foo', foo )
01421 
01422         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01423         zcuf._setObject( 'bar', bar )
01424 
01425         plugins = zcuf._getOb( 'plugins' )
01426 
01427         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01428         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01429 
01430         self.assertEqual( zcuf.getUser( 'zope' ), None )
01431 
01432         user = zcuf.getUser( 'foo' )
01433         self.assertEqual( user.getId(), 'foo' )
01434 
01435         self.assertEqual( zcuf.getUser( 'who_knows' ), None )
01436 
01437         user = zcuf.getUser( 'bar@example.com' )
01438         self.assertEqual( user.getId(), 'bar' )

Definition at line 1439 of file test_PluggableAuthService.py.

01439 
01440     def test_getUser_with_uniquifying_plugins( self ):
01441         from Products.PluggableAuthService.interfaces.plugins \
01442              import IUserEnumerationPlugin
01443 
01444         plugins = self._makePlugins()
01445         zcuf = self._makeOne( plugins )
01446 
01447         foo = self._makeUserEnumerator( 'foo' )
01448         foo.identifier = 'foo/'
01449         zcuf._setObject( 'foo', foo )
01450 
01451         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01452         bar.identifier = 'bar+'
01453         zcuf._setObject( 'bar', bar )
01454 
01455         plugins = zcuf._getOb( 'plugins' )
01456 
01457         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01458         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01459 
01460         self.assertEqual( zcuf.getUser( 'zope' ), None )
01461 
01462         user = zcuf.getUser( 'foo' )
01463         self.assertEqual( user.getId(), 'foo/foo' )
01464 
01465         self.assertEqual( zcuf.getUser( 'who_knows' ), None )
01466 
01467         user = zcuf.getUser( 'bar@example.com' )
01468         self.assertEqual( user.getId(), 'bar+bar' )

Definition at line 1992 of file test_PluggableAuthService.py.

01992 
01993     def test_logout(self):
01994         from Products.PluggableAuthService.interfaces.plugins \
01995              import IExtractionPlugin, \
01996                     ICredentialsUpdatePlugin, \
01997                     ICredentialsResetPlugin
01998         plugins = self._makePlugins()
01999         zcuf = self._makeOne(plugins)
02000         creds_store = DummyCredentialsStore('creds')
02001         zcuf._setObject('creds', creds_store)
02002         creds_store = zcuf._getOb('creds')
02003 
02004         plugins = zcuf._getOb('plugins')
02005         directlyProvides( creds_store
02006                         , IExtractionPlugin
02007                         , ICredentialsUpdatePlugin
02008                         , ICredentialsResetPlugin
02009                         )
02010         plugins.activatePlugin(IExtractionPlugin, 'creds')
02011         plugins.activatePlugin(ICredentialsUpdatePlugin, 'creds')
02012         plugins.activatePlugin(ICredentialsResetPlugin, 'creds')
02013 
02014         response = FauxResponse()
02015         request = self._makeRequest(RESPONSE=response)
02016         zcuf.REQUEST = request
02017 
02018         # Put a user in the credentials store
02019         creds_store.updateCredentials(request, response, 'foo', 'bar')
02020         request['login'] = 'foo'
02021         request['HTTP_REFERER'] = ''
02022         extracted = creds_store.extractCredentials(request)
02023         self.failIf(len(extracted.keys()) == 0)
02024 
02025         # Now call the logout method - the credentials should go away
02026         newSecurityManager(None, FauxUser('foo', 'foo'))
02027         zcuf.logout(request)
02028         extracted = creds_store.extractCredentials(request)
02029         self.failUnless(len(extracted.keys()) == 0)

Definition at line 1843 of file test_PluggableAuthService.py.

01843 
01844     def test_no_challenger(self):
01845         # make sure that the response's _unauthorized gets propogated
01846         # if no challengers exist (or have fired)
01847         plugins = self._makePlugins()
01848         zcuf = self._makeOne(plugins)
01849         response = FauxResponse()
01850         request = self._makeRequest(RESPONSE=response)
01851         zcuf.REQUEST = request
01852 
01853         # First call the userfolders before_traverse hook, to set things up:
01854         zcuf(self, request)
01855         # Call unauthorized to make sure Unauthorized is raised.
01856         self.failUnlessRaises( Unauthorized, response.unauthorized)
01857         # Since no challengers are in play, we end up calling
01858         # response._unauthorized(), which sets '.challenger' on
01859         # response
01860         self.failUnless(isinstance(response.challenger, FauxResponse))

Definition at line 1778 of file test_PluggableAuthService.py.

01778 
01779     def test_searchGroups( self ):
01780 
01781         from Products.PluggableAuthService.interfaces.plugins \
01782              import IGroupEnumerationPlugin
01783 
01784         plugins = self._makePlugins()
01785         zcuf = self._makeOne( plugins )
01786 
01787         foo = self._makeGroupEnumerator( 'foo' )
01788         zcuf._setObject( 'foo', foo )
01789 
01790         plugins = zcuf._getOb( 'plugins' )
01791         plugins.activatePlugin( IGroupEnumerationPlugin, 'foo' )
01792 
01793         self.failIf(      zcuf.searchGroups( id='bar' ) )
01794         self.failUnless(  zcuf.searchGroups( id='foo' ) )
01795         self.assertEqual( len(zcuf.searchGroups( id='foo' )), 1 )

Definition at line 1796 of file test_PluggableAuthService.py.

01796 
01797     def test_searchPrincipals( self ):
01798 
01799         from Products.PluggableAuthService.interfaces.plugins \
01800              import IUserEnumerationPlugin
01801         from Products.PluggableAuthService.interfaces.plugins \
01802              import IGroupEnumerationPlugin
01803 
01804         plugins = self._makePlugins()
01805         zcuf = self._makeOne( plugins )
01806 
01807         foo = self._makeUserEnumerator( 'foo' )
01808         zcuf._setObject( 'foo', foo )
01809         foobar = self._makeGroupEnumerator( 'foobar' )
01810         zcuf._setObject( 'foobar', foobar )
01811 
01812         plugins = zcuf._getOb( 'plugins' )
01813         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01814         plugins.activatePlugin( IGroupEnumerationPlugin, 'foobar' )
01815 
01816         self.failIf( zcuf.searchPrincipals( id='zope' ) )
01817         self.failUnless( len( zcuf.searchPrincipals( id='foo' )
01818                             ) == 2 )

Definition at line 1819 of file test_PluggableAuthService.py.

01819 
01820     def test_searchPrincipalsWithSuperEnumerator( self ):
01821 
01822         from Products.PluggableAuthService.interfaces.plugins \
01823              import IUserEnumerationPlugin
01824         from Products.PluggableAuthService.interfaces.plugins \
01825              import IGroupEnumerationPlugin
01826 
01827         plugins = self._makePlugins()
01828         zcuf = self._makeOne( plugins )
01829 
01830         s00per = self._makeSuperEnumerator( 'user', 'login', 'group' )
01831         zcuf._setObject( 's00per', s00per )
01832 
01833         plugins = zcuf._getOb( 'plugins' )
01834         plugins.activatePlugin( IUserEnumerationPlugin, 's00per' )
01835         plugins.activatePlugin( IGroupEnumerationPlugin, 's00per' )
01836 
01837         self.failIf(      zcuf.searchPrincipals( id='zope' ) )
01838         self.failUnless(
01839             len( zcuf.searchPrincipals(id='user')) == 1 )
01840         self.failUnless(
01841             len( zcuf.searchPrincipals(id='group')) == 1 )
01842 

Definition at line 1491 of file test_PluggableAuthService.py.

01491 
01492     def test_simple_getUserGroups_with_Groupplugin(self):
01493 
01494         from Products.PluggableAuthService.interfaces.plugins \
01495              import IGroupsPlugin
01496 
01497         default_groups = ('Group A', 'Group B')
01498         plugins = self._makePlugins()
01499         zcuf = self._makeOne(plugins)
01500         faux = FauxUser('faux')
01501 
01502         foo = self._makeGroupPlugin('foo', groups=default_groups)
01503         zcuf._setObject('foo', foo)
01504 
01505         plugins = zcuf._getOb('plugins')
01506 
01507         plugins.activatePlugin(IGroupsPlugin, 'foo')
01508 
01509         groups = foo.getGroupsForPrincipal(faux)
01510         for g in groups:
01511             self.assert_(g in default_groups)
01512 
01513         faux._addGroups(groups)
01514 
01515         self.assert_('Group A' in faux.getGroups())
01516         self.assert_('Group B' in faux.getGroups())

Definition at line 1563 of file test_PluggableAuthService.py.

01563 
01564     def test_validate_simple_anonymous( self ):
01565 
01566         from AccessControl.SpecialUsers import nobody
01567 
01568         from Products.PluggableAuthService.interfaces.plugins \
01569             import IExtractionPlugin, \
01570                    IAuthenticationPlugin, \
01571                    IUserEnumerationPlugin
01572 
01573         plugins = self._makePlugins()
01574         zcuf = self._makeOne( plugins )
01575 
01576         login = DummyPlugin()
01577         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01578         login.extractCredentials = _extractLogin
01579         login.authenticateCredentials = _authLogin
01580         zcuf._setObject( 'login', login )
01581 
01582         foo = DummyPlugin()
01583         directlyProvides( foo, IUserEnumerationPlugin )
01584         foo.enumerateUsers = lambda id: id == 'foo' or None
01585 
01586         zcuf._setObject( 'foo', foo )
01587 
01588         plugins = zcuf._getOb( 'plugins' )
01589         plugins.activatePlugin( IExtractionPlugin, 'login' )
01590         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01591         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01592 
01593         rc, root, folder, object = self._makeTree()
01594 
01595         index = FauxObject( 'index_html' )
01596         index.__roles__ = ( 'Anonymous', )
01597         acquired_index = index.__of__( root ).__of__( object )
01598 
01599         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01600                                    , RESPONSE=FauxResponse()
01601                                    , PARENTS=[ object, folder, root ]
01602                                    , PUBLISHED=acquired_index
01603                                    , form={}
01604                                    )
01605 
01606 
01607         wrapped = zcuf.__of__( root )
01608         validated = wrapped.validate( request )
01609         self.assertEqual( validated.getUserName(), nobody.getUserName() )

Definition at line 1610 of file test_PluggableAuthService.py.

01610 
01611     def test_validate_simple_authenticated( self ):
01612 
01613         from Products.PluggableAuthService.interfaces.plugins \
01614             import IExtractionPlugin, \
01615                    IAuthenticationPlugin, \
01616                    IUserEnumerationPlugin, \
01617                    IRolesPlugin
01618 
01619         plugins = self._makePlugins()
01620         zcuf = self._makeOne( plugins )
01621 
01622         login = DummyPlugin()
01623         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01624         login.extractCredentials = _extractLogin
01625         login.authenticateCredentials = _authLogin
01626         zcuf._setObject( 'login', login )
01627 
01628         olivier = DummyPlugin()
01629         directlyProvides( olivier, IUserEnumerationPlugin, IRolesPlugin )
01630         olivier.enumerateUsers = lambda id: id == 'foo' or None
01631         olivier.getRolesForPrincipal = lambda user, req: (
01632                      user.getId() == 'olivier' and ( 'Hamlet', ) or () )
01633 
01634         zcuf._setObject( 'olivier', olivier )
01635 
01636         plugins = zcuf._getOb( 'plugins' )
01637         plugins.activatePlugin( IExtractionPlugin, 'login' )
01638         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01639         plugins.activatePlugin( IUserEnumerationPlugin, 'olivier' )
01640         plugins.activatePlugin( IRolesPlugin, 'olivier' )
01641 
01642         rc, root, folder, object = self._makeTree()
01643 
01644         index = FauxObject( 'index_html' )
01645         index.__roles__ = ( 'Hamlet', )
01646         acquired_index = index.__of__( root ).__of__( object )
01647 
01648         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01649                                    , RESPONSE=FauxResponse()
01650                                    , PARENTS=[ object, folder, root ]
01651                                    , PUBLISHED=acquired_index.__of__( object )
01652                                    , form={ 'login' : 'olivier'
01653                                           , 'password' : 'arras'
01654                                           }
01655                                    )
01656 
01657 
01658         wrapped = zcuf.__of__( root )
01659 
01660         validated = wrapped.validate( request )
01661         self.assertEqual( validated.getUserName(), 'olivier' )

Definition at line 1517 of file test_PluggableAuthService.py.

01517 
01518     def test_validate_simple_unauth( self ):
01519 
01520         from Products.PluggableAuthService.interfaces.plugins \
01521             import IExtractionPlugin, \
01522                    IAuthenticationPlugin, \
01523                    IUserEnumerationPlugin
01524 
01525         plugins = self._makePlugins()
01526         zcuf = self._makeOne( plugins )
01527 
01528         login = DummyPlugin()
01529         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01530         login.extractCredentials = _extractLogin
01531         login.authenticateCredentials = _authLogin
01532         zcuf._setObject( 'login', login )
01533 
01534         foo = DummyPlugin()
01535         directlyProvides( foo, IUserEnumerationPlugin )
01536         foo.enumerateUsers = lambda id: id == 'foo' or None
01537 
01538         zcuf._setObject( 'foo', foo )
01539 
01540         plugins = zcuf._getOb( 'plugins' )
01541         plugins.activatePlugin( IExtractionPlugin, 'login' )
01542         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01543         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01544 
01545         rc, root, folder, object = self._makeTree()
01546 
01547         index = FauxObject( 'index_html' )
01548         index.__roles__ = ( 'Hamlet', )
01549         acquired_index = index.__of__( root ).__of__( object )
01550 
01551         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01552                                    , RESPONSE=FauxResponse()
01553                                    , PARENTS=[ object, folder, root ]
01554                                    , PUBLISHED=acquired_index
01555                                    , form={ 'login' : 'foo'
01556                                           , 'password' : 'bar' }
01557                                    )
01558 
01559 
01560         wrapped = zcuf.__of__( root )
01561         validated = wrapped.validate( request )
01562         self.assertEqual( validated, None )

Definition at line 1662 of file test_PluggableAuthService.py.

01662 
01663     def test_validate_with_anonymous_factory( self ):
01664 
01665         from Products.PluggableAuthService.interfaces.plugins \
01666             import IAnonymousUserFactoryPlugin
01667 
01668         def _makeAnon():
01669             user = FauxUser( None
01670                            , name='New Anonymous User'
01671                            , roles=()
01672                            , groups={ 'All People Everywhere Ever' : 1 } )
01673             return user
01674 
01675         plugins = self._makePlugins()
01676         zcuf = self._makeOne( plugins )
01677         nested = self._makeOne( plugins )
01678 
01679         anon = DummyPlugin()
01680         directlyProvides( anon, IAnonymousUserFactoryPlugin )
01681         anon.createAnonymousUser = _makeAnon
01682         zcuf._setObject( 'anon', anon )
01683 
01684         plugins = zcuf._getOb( 'plugins' )
01685         plugins.activatePlugin( IAnonymousUserFactoryPlugin, 'anon' )
01686 
01687         rc, root, folder, object = self._makeTree()
01688 
01689         index = FauxObject( 'index_html' )
01690         index.__roles__ = ( 'Anonymous', )
01691         acquired_index = index.__of__( root ).__of__( object )
01692 
01693         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01694                                    , RESPONSE=FauxResponse()
01695                                    , PARENTS=[ object, folder, root ]
01696                                    , PUBLISHED=acquired_index
01697                                    , form={}
01698                                    )
01699 
01700         root._setObject( 'acl_users', zcuf )
01701         root_users = root.acl_users
01702 
01703         root_validated = root_users.validate( request )
01704         self.assertEqual( root_validated.getUserName(), 'New Anonymous User' )
01705         self.assertEqual( root_validated.getGroups()
01706                         , [ 'All People Everywhere Ever' ] )

Definition at line 1707 of file test_PluggableAuthService.py.

01707 
01708     def testAllowGroupsAttribute(self):
01709         # Verify that __allow_groups__ gets set and removed
01710         from OFS.Folder import Folder
01711         f = Folder()
01712         zcuf = self._makeOne()
01713         f._setObject(zcuf.getId(), zcuf)
01714         self.assert_(zcuf.getId() in f.objectIds())
01715         self.assert_(aq_base(f.__allow_groups__) is aq_base(f.acl_users))
01716         f._delObject(zcuf.getId())
01717         self.assert_(not zcuf.getId() in f.objectIds())


Member Data Documentation

Definition at line 392 of file test_PluggableAuthService.py.


The documentation for this class was generated from the following file: