Back to index

plone3  3.1.7
test_CookieAuthHelper.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights
00004 # Reserved.
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 import unittest
00016 
00017 from Products.PluggableAuthService.tests.conformance \
00018      import ILoginPasswordHostExtractionPlugin_conformance
00019 from Products.PluggableAuthService.tests.conformance \
00020      import IChallengePlugin_conformance
00021 from Products.PluggableAuthService.tests.conformance \
00022      import ICredentialsUpdatePlugin_conformance
00023 from Products.PluggableAuthService.tests.conformance \
00024      import ICredentialsResetPlugin_conformance
00025 
00026 from Products.PluggableAuthService.tests.test_PluggableAuthService \
00027      import FauxRequest, FauxResponse, FauxObject, FauxRoot, FauxContainer
00028 
00029 class FauxSettableRequest(FauxRequest):
00030 
00031     def set(self, name, value):
00032         self._dict[name] = value
00033 
00034 class FauxCookieResponse(FauxResponse):
00035 
00036     def __init__(self):
00037         self.cookies = {}
00038         self.redirected = False
00039         self.status = '200'
00040         self.headers = {}
00041 
00042     def setCookie(self, cookie_name, cookie_value, path):
00043         self.cookies[(cookie_name, path)] = cookie_value
00044 
00045     def expireCookie(self, cookie_name, path):
00046         if (cookie_name, path) in self.cookies:
00047             del self.cookies[(cookie_name, path)]
00048 
00049     def redirect(self, location, status=302, lock=0):
00050         self.status = status
00051         self.headers['Location'] = location
00052 
00053 class CookieAuthHelperTests( unittest.TestCase
00054                            , ILoginPasswordHostExtractionPlugin_conformance
00055                            , IChallengePlugin_conformance
00056                            , ICredentialsResetPlugin_conformance
00057                            ):
00058 
00059     def _getTargetClass( self ):
00060 
00061         from Products.PluggableAuthService.plugins.CookieAuthHelper \
00062             import CookieAuthHelper
00063 
00064         return CookieAuthHelper
00065 
00066     def _makeOne( self, id='test', *args, **kw ):
00067 
00068         return self._getTargetClass()( id=id, *args, **kw )
00069 
00070     def _makeTree( self ):
00071 
00072         rc = FauxObject( 'rc' )
00073         root = FauxRoot( 'root' ).__of__( rc )
00074         folder = FauxContainer( 'folder' ).__of__( root )
00075         object = FauxObject( 'object' ).__of__( folder )
00076 
00077         return rc, root, folder, object
00078 
00079     def test_extractCredentials_no_creds( self ):
00080 
00081         helper = self._makeOne()
00082         response = FauxCookieResponse()
00083         request = FauxRequest(RESPONSE=response)
00084 
00085         self.assertEqual( helper.extractCredentials( request ), {} )
00086 
00087     def test_extractCredentials_with_form_creds( self ):
00088 
00089         helper = self._makeOne()
00090         response = FauxCookieResponse()
00091         request = FauxSettableRequest(__ac_name='foo',
00092                                       __ac_password='b:ar',
00093                                       RESPONSE=response)
00094 
00095         self.assertEqual(len(response.cookies), 0)
00096         self.assertEqual(helper.extractCredentials(request),
00097                         {'login': 'foo',
00098                          'password': 'b:ar',
00099                          'remote_host': '',
00100                          'remote_address': ''})
00101         self.assertEqual(len(response.cookies), 0)
00102 
00103     def test_extractCredentials_with_deleted_cookie(self):
00104         # http://www.zope.org/Collectors/PAS/43
00105         # Edge case: The ZPublisher sets a cookie's value to "deleted"
00106         # in the current request if expireCookie is called. If we hit
00107         # extractCredentials in the same request after this, it would 
00108         # blow up trying to deal with the invalid cookie value.
00109         helper = self._makeOne()
00110         response = FauxCookieResponse()
00111         req_data = { helper.cookie_name : 'deleted'
00112                    , 'RESPONSE' : response
00113                    }
00114         request = FauxSettableRequest(**req_data)
00115         self.assertEqual(len(response.cookies), 0)
00116 
00117         self.assertEqual(helper.extractCredentials(request), {})
00118 
00119     def test_challenge( self ):
00120         from zExceptions import Unauthorized
00121         rc, root, folder, object = self._makeTree()
00122         response = FauxCookieResponse()
00123         request = FauxRequest(RESPONSE=response)
00124         root.REQUEST = request
00125 
00126         helper = self._makeOne().__of__(root)
00127 
00128         helper.challenge(request, response)
00129         self.assertEqual(response.status, 302)
00130         self.assertEqual(len(response.headers), 1)
00131 
00132 
00133     def test_resetCredentials( self ):
00134         helper = self._makeOne()
00135         response = FauxCookieResponse()
00136         request = FauxRequest(RESPONSE=response)
00137 
00138         helper.resetCredentials(request, response)
00139         self.assertEqual(len(response.cookies), 0)
00140 
00141     def test_loginWithoutCredentialsUpdate( self ):
00142         helper = self._makeOne()
00143         response = FauxCookieResponse()
00144         request = FauxSettableRequest( __ac_name='foo'
00145                                      , __ac_password='bar'
00146                                      , RESPONSE=response
00147                                      )
00148         request.form['came_from'] = ''
00149         helper.REQUEST = request
00150 
00151         helper.login()
00152         self.assertEqual(len(response.cookies), 0)
00153 
00154     def test_extractCredentials_from_cookie_with_colon_in_password(self): 
00155         # http://www.zope.org/Collectors/PAS/51
00156         # Passwords with ":" characters broke authentication
00157         from base64 import encodestring 
00158 
00159         helper = self._makeOne() 
00160         response = FauxCookieResponse() 
00161         request = FauxSettableRequest(RESPONSE=response) 
00162 
00163         cookie_str = '%s:%s' % ('foo'.encode('hex'), 'b:ar'.encode('hex'))
00164         cookie_val = encodestring(cookie_str)
00165         cookie_val = cookie_val.rstrip() 
00166         request.set(helper.cookie_name, cookie_val) 
00167 
00168         self.assertEqual(helper.extractCredentials(request), 
00169                         {'login': 'foo', 
00170                          'password': 'b:ar', 
00171                          'remote_host': '', 
00172                          'remote_address': ''}) 
00173 
00174 
00175 if __name__ == "__main__":
00176     unittest.main()
00177 
00178 def test_suite():
00179     return unittest.TestSuite((
00180         unittest.makeSuite( CookieAuthHelperTests ),
00181         ))
00182