Back to index

plone3  3.1.7
test_PluggableAuthService.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights
00004 # Reserved.
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 import unittest
00016 
00017 from Acquisition import Implicit, aq_base, aq_parent
00018 from AccessControl.SecurityManagement import newSecurityManager
00019 from AccessControl.SecurityManagement import noSecurityManager
00020 from AccessControl.SecurityManager import setSecurityPolicy
00021 from OFS.ObjectManager import ObjectManager
00022 from OFS.Folder import Folder
00023 from zExceptions import Unauthorized, Redirect
00024 
00025 from Products.PluggableAuthService.utils import directlyProvides
00026 
00027 from conformance import IUserFolder_conformance
00028 
00029 class DummyPlugin(Implicit):
00030     pass
00031 
00032 class DummyUserEnumerator( DummyPlugin ):
00033 
00034     def __init__( self, user_id, login=None ):
00035 
00036         self._user_id = self.PLUGINID = user_id
00037 
00038         if login is None:
00039             login = user_id
00040 
00041         self._login = login
00042         self.identifier = None
00043 
00044     def enumerateUsers( self, **kw ):
00045 
00046         _id = self._user_id
00047 
00048         if self.identifier is not None:
00049             _id = "%s%s" % (self.identifier, self._user_id)
00050 
00051         result = [ { 'id' : _id
00052                    , 'login' : self._login
00053                    , 'pluginid' : self.PLUGINID
00054                    } ]
00055 
00056         if kw.get( 'id' ) == _id:
00057             return tuple(result)
00058 
00059         if kw.get( 'login' ) == self._login:
00060             return tuple(result)
00061 
00062         return ()
00063 
00064 class DummyMultiUserEnumerator( DummyPlugin ):
00065 
00066     def __init__( self, pluginid, *users ):
00067 
00068         self.PLUGINID = pluginid
00069 
00070         self.users = users
00071 
00072     def enumerateUsers( self, id=None, login=None,
00073                         exact_match=False ):
00074 
00075         results = []
00076 
00077         for info in self.users:
00078             id_match = False
00079             if id:
00080                 if exact_match:
00081                     if info['id'] == id:
00082                         id_match = True
00083                 elif info['id'].find(id) != -1:
00084                     id_match = True
00085             else:
00086                 id_match = True
00087 
00088             login_match = False
00089             if login:
00090                 if exact_match:
00091                     if info['login'] == login:
00092                         login_match = True
00093                 elif info['login'].find(login) != -1:
00094                     login_match = True
00095             else:
00096                 login_match = True
00097 
00098             if id_match and login_match:
00099                 results.append(info)
00100 
00101         return tuple(results)
00102 
00103 class DummyGroupEnumerator( DummyPlugin ):
00104 
00105     def __init__( self, group_id ):
00106 
00107         self._group_id = self.PLUGINID = group_id
00108         self.identifier = None
00109 
00110     def enumerateGroups( self
00111                        , id=None
00112                        , exact_match=True
00113                        , sort_by=None
00114                        , max_results=None
00115                        , **kw
00116                        ):
00117 
00118         _id = self._group_id
00119 
00120         if self.identifier is not None:
00121             _id = "%s%s" % (self.identifier, self._group_id)
00122 
00123         result = [ { 'id' : _id
00124                    , 'pluginid' : self.PLUGINID
00125                    } ]
00126 
00127         if id:
00128             if _id.find( id ) >= 0:
00129                 return tuple(result)
00130         return ()
00131 
00132 class DummySuperEnumerator(DummyUserEnumerator, DummyGroupEnumerator):
00133 
00134     PLUGINID = 'super'
00135 
00136     def __init__(self, user_id, login, group_id):
00137         self._user_id = user_id
00138         self._login = login
00139         self._group_id = group_id
00140         self.identifier = None
00141 
00142 class DummyGroupPlugin(DummyPlugin):
00143 
00144     def __init__(self, id, groups=()):
00145 
00146         self._id = id
00147         self._groups = groups
00148 
00149     def getGroupsForPrincipal(self, user, REQUEST=None):
00150 
00151         return self._groups
00152 
00153 class DummyChallenger( DummyPlugin ):
00154 
00155     def __init__(self, id):
00156         self.id = id
00157 
00158     def challenge(self, request, response):
00159         # Mark on the faux response that we have seen it:
00160         response.challenger = self
00161         return True
00162 
00163 class DummyCredentialsStore(DummyPlugin):
00164 
00165     def __init__(self, id):
00166         self.id = id
00167         self.creds = {}
00168 
00169     def updateCredentials(self, request, response, login, password):
00170         self.creds[login] = password
00171 
00172     def resetCredentials(self, request, response):
00173         login = request['login']
00174         del self.creds[login]
00175 
00176     def extractCredentials(self, request):
00177         creds = {}
00178         login = request['login']
00179 
00180         if self.creds.get(login) is not None:
00181             creds['login'] = login
00182             creds['password'] = self.creds.get(login)
00183 
00184         return creds
00185 
00186 class DummyBadChallenger( DummyChallenger ):
00187 
00188     def challenge(self, request, response):
00189         # We don't play here.
00190         return False
00191 
00192 class DummyReindeerChallenger( DummyChallenger ):
00193 
00194     def challenge(self, request, response):
00195         reindeer_games = getattr(response, 'reindeer_games', [])
00196         reindeer_games.append(self.id)
00197         response.reindeer_games = reindeer_games
00198         return True
00199 
00200 class DummyCounterChallenger( DummyChallenger ):
00201 
00202     def __init__(self, id):
00203         self.id = id
00204         self.count = 0
00205 
00206     def challenge(self, request, response):
00207         self.count += 1
00208         return True
00209 
00210 class FauxRequest( object ):
00211 
00212     form = property(lambda self: self)
00213 
00214     def __init__( self, steps=(), **kw ):
00215 
00216         self.steps = steps
00217         self._dict = {}
00218         self._dict.update( kw )
00219         self._held = []
00220 
00221     def get( self, key, default=None ):
00222 
00223         return self._dict.get( key, default )
00224 
00225     def has_key( self, key ):
00226         return key in self._dict
00227 
00228     def _authUserPW( self ):
00229         form = self.get( 'form' )
00230         return ( form.get( 'login' ), form.get( 'password' ) )
00231 
00232     def __getitem__( self, key ):
00233 
00234         return self._dict[ key ]
00235 
00236     def __setitem__( self, key, value ):
00237 
00238         self._dict[ key ] = value
00239 
00240     def has_key( self, key ):
00241 
00242         return self._dict.has_key(key)
00243 
00244     def _hold(self, something):
00245         self._held.append(something)
00246 
00247 class FauxNotFoundError( Exception ):
00248 
00249     pass
00250 
00251 class FauxResponse:
00252 
00253     def __init__( self ):
00254         pass
00255 
00256     def notFoundError( self, message ):
00257         raise FauxNotFoundError, message
00258 
00259     def _unauthorized(self):
00260         self.challenger = self
00261 
00262     def unauthorized(self):
00263         self._unauthorized()
00264         raise Unauthorized, 'You can not do this!'
00265 
00266     def exception(self):
00267         self._unauthorized()
00268         return "An error has occurred."
00269 
00270     def redirect(self, *ignore, **ignored):
00271         pass
00272 
00273 class FauxObject( Implicit ):
00274 
00275     def __init__( self, id=None ):
00276 
00277         self._id = id
00278 
00279     def getId( self ):
00280 
00281         return self._id
00282 
00283     def __repr__( self ):
00284 
00285         return '<FauxObject: %s>' % self._id
00286 
00287     def publishable( self, *args, **kw ):
00288 
00289         return 'Args: %s\nKeywords: %s' % ( args, kw )
00290 
00291     def this(self):
00292         return self
00293 
00294 class FauxContainer( FauxObject, ObjectManager ):
00295 
00296     pass
00297 
00298 class FauxRoot( FauxContainer ):
00299 
00300     isTopLevelPrincipiaApplicationObject = 1
00301 
00302     def getPhysicalRoot( self ):
00303         return self
00304 
00305     def getPhysicalPath( self ):
00306         return ()
00307 
00308 class FauxUser( Implicit ):
00309 
00310     def __init__( self, id, name=None, roles={}, groups={} ):
00311 
00312         self._id = id
00313         self._name = name
00314         self._roles = roles
00315         self._groups = groups
00316 
00317     def getId( self ):
00318 
00319         return self._id
00320 
00321     def getUserName( self ):
00322 
00323         return self._name
00324 
00325     def getRoles( self ):
00326 
00327         return self._roles
00328 
00329     def getGroups(self):
00330 
00331         return self._groups.keys()
00332 
00333     def allowed( self, value, roles ):
00334 
00335         for role in roles:
00336             if role in self._roles:
00337                 return 1
00338 
00339         return 0
00340 
00341     def _addGroups(self, groups):
00342         for group in groups:
00343             self._groups[group] = 1
00344 
00345     def _addRoles(self, roles):
00346         for role in roles:
00347             self._roles[role] = 1
00348 
00349     def __repr__( self ):
00350 
00351         return '<FauxUser: %s>' % self._id
00352 
00353 def _extractLogin( request ):
00354 
00355     return { 'login' : request[ 'form' ].get( 'login' )
00356            , 'password' : request[ 'form' ].get( 'password' )
00357            }
00358 
00359 def _authLogin( credentials ):
00360 
00361     return (credentials[ 'login' ], credentials[ 'login' ])
00362 
00363 
00364 def _extractExtra( request ):
00365 
00366     return { 'user' : request.get( 'extra' )
00367            , 'salt' : 'pepper'
00368            }
00369 
00370 def _authExtra( credentials ):
00371 
00372     return ( credentials.get( 'salt' ) == 'pepper'
00373          and (credentials[ 'user' ], credentials[ 'user' ]) or None )
00374 
00375 class RequestCleaner:
00376 
00377     _request = None
00378 
00379     def _makeRequest( self, *args, **kw ):
00380         request = self._request = FauxRequest( *args, **kw )
00381         return request
00382 
00383     def _clearRequest( self ):
00384         if self._request is not None:
00385             self._request._held = []
00386 
00387 class PluggableAuthServiceTests( unittest.TestCase
00388                                , IUserFolder_conformance
00389                                , RequestCleaner
00390                                ):
00391 
00392     _oldSecurityPolicy = None
00393 
00394     def tearDown( self ):
00395 
00396         self._clearRequest()
00397 
00398         if self._oldSecurityPolicy is not None:
00399             setSecurityPolicy( self._oldSecurityPolicy )
00400 
00401         noSecurityManager()
00402 
00403     def _getTargetClass( self ):
00404 
00405         from Products.PluggableAuthService.PluggableAuthService \
00406             import PluggableAuthService
00407 
00408         return PluggableAuthService
00409 
00410     def _makeOne( self, plugins=None, *args, **kw ):
00411 
00412         zcuf = self._getTargetClass()( *args, **kw )
00413 
00414         if plugins is not None:
00415             zcuf._setObject( 'plugins', plugins )
00416 
00417         return zcuf
00418 
00419     def _makePlugins( self, plugin_type_info=None ):
00420 
00421         from Products.PluggableAuthService.PluggableAuthService \
00422             import _PLUGIN_TYPE_INFO
00423         from Products.PluginRegistry.PluginRegistry import PluginRegistry
00424 
00425         if plugin_type_info is None:
00426             plugin_type_info = _PLUGIN_TYPE_INFO
00427 
00428         reg = PluginRegistry( plugin_type_info=plugin_type_info )
00429         reg._setId( 'plugins' )
00430         reg._plugins = {}
00431 
00432         return reg
00433 
00434     def _makeTree( self ):
00435 
00436         rc = FauxObject( 'rc' )
00437         root = FauxRoot( 'root' ).__of__( rc )
00438         folder = FauxContainer( 'folder' ).__of__( root )
00439         object = FauxObject( 'object' ).__of__( folder )
00440 
00441         return rc, root, folder, object
00442 
00443     def _makeUserEnumerator( self, user_id, login=None ):
00444 
00445         from Products.PluggableAuthService.interfaces.plugins \
00446              import IUserEnumerationPlugin
00447 
00448         enumerator = DummyUserEnumerator( user_id, login )
00449         directlyProvides( enumerator, IUserEnumerationPlugin )
00450 
00451         return enumerator
00452 
00453     def _makeGroupEnumerator( self, group_id ):
00454 
00455         from Products.PluggableAuthService.interfaces.plugins \
00456              import IGroupEnumerationPlugin
00457 
00458         enumerator = DummyGroupEnumerator( group_id )
00459         directlyProvides( enumerator, IGroupEnumerationPlugin )
00460 
00461         return enumerator
00462 
00463     def _makeSuperEnumerator( self, user_id, login, group_id ):
00464 
00465         from Products.PluggableAuthService.interfaces.plugins \
00466              import IUserEnumerationPlugin
00467         from Products.PluggableAuthService.interfaces.plugins \
00468              import IGroupEnumerationPlugin
00469 
00470         enumerator = DummySuperEnumerator( user_id, login, group_id )
00471         directlyProvides( enumerator
00472                         , IUserEnumerationPlugin, IGroupEnumerationPlugin )
00473 
00474         return enumerator
00475 
00476     def _makeGroupPlugin(self, id, groups=()):
00477         from Products.PluggableAuthService.interfaces.plugins \
00478              import IGroupsPlugin
00479 
00480         gp = DummyGroupPlugin(id, groups=groups)
00481         directlyProvides( gp, IGroupsPlugin )
00482         return gp
00483 
00484     def _makeChallengePlugin(self, id, klass):
00485         from Products.PluggableAuthService.interfaces.plugins \
00486              import IChallengePlugin
00487 
00488         cp = klass(id)
00489         directlyProvides( cp, IChallengePlugin )
00490         return cp
00491 
00492     def test_empty( self ):
00493 
00494         zcuf = self._makeOne()
00495 
00496         self.assertEqual( zcuf.getId(), 'acl_users' )
00497 
00498     def test_checkBeforeTraverse( self ):
00499 
00500         rc, root, folder, object = self._makeTree()
00501 
00502         zcuf = self._makeOne()
00503 
00504         root._setObject('acl_users', zcuf)
00505 
00506         self.assertEqual( len(root.__before_traverse__), 1)
00507 
00508     def test__extractUserIds_simple( self ):
00509 
00510         from Products.PluggableAuthService.interfaces.plugins \
00511             import IExtractionPlugin, IAuthenticationPlugin
00512 
00513         plugins = self._makePlugins()
00514         zcuf = self._makeOne( plugins )
00515 
00516         login = DummyPlugin()
00517         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00518         login.extractCredentials = _extractLogin
00519         login.authenticateCredentials = _authLogin
00520         zcuf._setObject( 'login', login )
00521 
00522         plugins = zcuf._getOb( 'plugins' )
00523         plugins.activatePlugin( IExtractionPlugin, 'login' )
00524         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00525 
00526         request = self._makeRequest( form={ 'login' : 'foo'
00527                                           , 'password' : 'bar' } )
00528 
00529         user_ids = zcuf._extractUserIds( request=request
00530                                        , plugins=zcuf.plugins
00531                                        )
00532 
00533         self.assertEqual( len( user_ids ), 1 )
00534         self.assertEqual( user_ids[0][0], 'foo' )
00535 
00536     def test__extractUserIds_one_extractor_two_authenticators( self ):
00537 
00538         from Products.PluggableAuthService.interfaces.plugins \
00539             import IExtractionPlugin, IAuthenticationPlugin
00540 
00541         plugins = self._makePlugins()
00542         zcuf = self._makeOne( plugins )
00543 
00544         login = DummyPlugin()
00545         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00546         login.extractCredentials = _extractLogin
00547         login.authenticateCredentials = _authLogin
00548 
00549         zcuf._setObject( 'login', login )
00550 
00551         always = DummyPlugin()
00552         directlyProvides( always, IAuthenticationPlugin )
00553         always.authenticateCredentials = lambda creds: ('baz', None)
00554 
00555         zcuf._setObject( 'always', always )
00556 
00557         plugins = zcuf._getOb( 'plugins' )
00558 
00559         plugins.activatePlugin( IExtractionPlugin, 'login' )
00560         plugins.activatePlugin( IAuthenticationPlugin, 'always' )
00561         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00562 
00563         request = self._makeRequest( form={ 'login' : 'foo'
00564                                           , 'password' : 'bar' } )
00565 
00566         user_ids = zcuf._extractUserIds( request=request
00567                                        , plugins=zcuf.plugins
00568                                        )
00569 
00570         self.assertEqual( len( user_ids ), 2 )
00571         self.assertEqual( user_ids[0][0], 'baz' )
00572         self.assertEqual( user_ids[1][0], 'foo' )
00573 
00574     def test__extractUserIds_two_extractors_two_authenticators( self ):
00575 
00576         from Products.PluggableAuthService.interfaces.plugins \
00577             import IExtractionPlugin, IAuthenticationPlugin
00578 
00579         plugins = self._makePlugins()
00580         zcuf = self._makeOne( plugins )
00581 
00582         login = DummyPlugin()
00583         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00584         login.extractCredentials = _extractLogin
00585         login.authenticateCredentials = _authLogin
00586 
00587         zcuf._setObject( 'login', login )
00588 
00589         extra = DummyPlugin()
00590         directlyProvides( extra, IExtractionPlugin, IAuthenticationPlugin )
00591         extra.extractCredentials = _extractExtra
00592         extra.authenticateCredentials = _authExtra
00593 
00594         zcuf._setObject( 'extra', extra )
00595 
00596         plugins = zcuf._getOb( 'plugins' )
00597 
00598         plugins.activatePlugin( IExtractionPlugin, 'extra' )
00599         plugins.activatePlugin( IExtractionPlugin, 'login' )
00600         plugins.activatePlugin( IAuthenticationPlugin, 'extra' )
00601         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00602 
00603         request = self._makeRequest( form={ 'login' : 'foo'
00604                                           , 'password' : 'bar' } )
00605 
00606         user_ids = zcuf._extractUserIds( request=request
00607                                        , plugins=zcuf.plugins
00608                                        )
00609 
00610         self.assertEqual( len( user_ids ), 1 )
00611         self.assertEqual( user_ids[0][0], 'foo' )
00612 
00613         request[ 'extra' ] = 'qux'
00614 
00615         user_ids = zcuf._extractUserIds( request=request
00616                                        , plugins=zcuf.plugins
00617                                        )
00618 
00619         self.assertEqual( len( user_ids ), 2, user_ids )
00620         self.assertEqual( user_ids[0][0], 'qux' )
00621         self.assertEqual( user_ids[1][0], 'foo' )
00622 
00623     def test__extractUserIds_broken_extractor_before_good_extractor( self ):
00624 
00625         from Products.PluggableAuthService.interfaces.plugins \
00626             import IExtractionPlugin, IAuthenticationPlugin
00627 
00628         plugins = self._makePlugins()
00629         zcuf = self._makeOne( plugins )
00630 
00631         login = DummyPlugin()
00632         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00633         login.extractCredentials = _extractLogin
00634         login.authenticateCredentials = _authLogin
00635 
00636         zcuf._setObject( 'login', login )
00637 
00638         borked = DummyPlugin()
00639         directlyProvides( borked, IExtractionPlugin )
00640         borked.extractCredentials = lambda req: 'abc'
00641 
00642         zcuf._setObject( 'borked', borked )
00643 
00644         plugins = zcuf._getOb( 'plugins' )
00645 
00646         plugins.activatePlugin( IExtractionPlugin, 'borked' )   # 1
00647         plugins.activatePlugin( IExtractionPlugin, 'login' )    # 2
00648         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00649 
00650         request = self._makeRequest( form={ 'login' : 'foo'
00651                                           , 'password' : 'bar' } )
00652 
00653         user_ids = zcuf._extractUserIds( request=request
00654                                        , plugins=zcuf.plugins
00655                                        )
00656 
00657         self.assertEqual( len( user_ids ), 1 )
00658         self.assertEqual( user_ids[0][0], 'foo' )
00659 
00660     def test__extractUserIds_broken_extractor_after_good_extractor( self ):
00661 
00662         from Products.PluggableAuthService.interfaces.plugins \
00663             import IExtractionPlugin, IAuthenticationPlugin
00664 
00665         plugins = self._makePlugins()
00666         zcuf = self._makeOne( plugins )
00667 
00668         login = DummyPlugin()
00669         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00670         login.extractCredentials = _extractLogin
00671         login.authenticateCredentials = _authLogin
00672 
00673         zcuf._setObject( 'login', login )
00674 
00675         borked = DummyPlugin()
00676         directlyProvides( borked, IExtractionPlugin )
00677         borked.extractCredentials = lambda req: 'abc'
00678 
00679         zcuf._setObject( 'borked', borked )
00680 
00681         plugins = zcuf._getOb( 'plugins' )
00682 
00683         plugins.activatePlugin( IExtractionPlugin, 'login' )    # 1
00684         plugins.activatePlugin( IExtractionPlugin, 'borked' )   # 2
00685         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00686 
00687         request = self._makeRequest( form={ 'login' : 'foo'
00688                                           , 'password' : 'bar' } )
00689 
00690         user_ids = zcuf._extractUserIds( request=request
00691                                        , plugins=zcuf.plugins
00692                                        )
00693 
00694         self.assertEqual( len( user_ids ), 1 )
00695         self.assertEqual( user_ids[0][0], 'foo' )
00696 
00697     def test__extractUserIds_authenticate_emergency_user_with_broken_extractor( self ):
00698 
00699         from Products.PluggableAuthService.interfaces.plugins \
00700             import IExtractionPlugin, IAuthenticationPlugin
00701 
00702         from AccessControl.User import UnrestrictedUser
00703 
00704         from Products.PluggableAuthService import PluggableAuthService
00705 
00706         old_eu = PluggableAuthService.emergency_user
00707 
00708         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00709 
00710         PluggableAuthService.emergency_user = eu
00711 
00712         try:
00713             plugins = self._makePlugins()
00714             zcuf = self._makeOne( plugins )
00715 
00716             borked = DummyPlugin()
00717             directlyProvides( borked, IExtractionPlugin )
00718             borked.extractCredentials = lambda req: 'abc'
00719 
00720             zcuf._setObject( 'borked', borked )
00721 
00722             plugins = zcuf._getOb( 'plugins' )
00723 
00724             plugins.activatePlugin( IExtractionPlugin, 'borked' )
00725 
00726             request = self._makeRequest( form={ 'login' : eu.getUserName()
00727                                               , 'password' : eu._getPassword() } )
00728 
00729             user_ids = zcuf._extractUserIds( request=request
00730                                            , plugins=zcuf.plugins
00731                                            )
00732 
00733             self.assertEqual( len( user_ids ), 1 )
00734             self.assertEqual( user_ids[0][0], 'foo' )
00735         finally:
00736             PluggableAuthService.emergency_user = old_eu
00737 
00738     def test__extractUserIds_broken_authenticator_before_good_authenticator( self ):
00739 
00740         from Products.PluggableAuthService.interfaces.plugins \
00741             import IExtractionPlugin, IAuthenticationPlugin
00742 
00743         plugins = self._makePlugins()
00744         zcuf = self._makeOne( plugins )
00745 
00746         login = DummyPlugin()
00747         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00748         login.extractCredentials = _extractLogin
00749         login.authenticateCredentials = _authLogin
00750 
00751         zcuf._setObject( 'login', login )
00752 
00753         borked = DummyPlugin()
00754         directlyProvides( borked, IAuthenticationPlugin )
00755         borked.authenticateCredentials = lambda creds: creds['nonesuch']
00756 
00757         zcuf._setObject( 'borked', borked )
00758 
00759         plugins = zcuf._getOb( 'plugins' )
00760 
00761         plugins.activatePlugin( IExtractionPlugin, 'login' )
00762         plugins.activatePlugin( IAuthenticationPlugin, 'borked' )   # 1
00763         plugins.activatePlugin( IAuthenticationPlugin, 'login' )    # 2
00764 
00765         request = self._makeRequest( form={ 'login' : 'foo'
00766                                           , 'password' : 'bar' } )
00767 
00768         user_ids = zcuf._extractUserIds( request=request
00769                                        , plugins=zcuf.plugins
00770                                        )
00771 
00772         self.assertEqual( len( user_ids ), 1 )
00773         self.assertEqual( user_ids[0][0], 'foo' )
00774 
00775     def test__extractUserIds_broken_authenticator_after_good_authenticator( self ):
00776 
00777         from Products.PluggableAuthService.interfaces.plugins \
00778             import IExtractionPlugin, IAuthenticationPlugin
00779 
00780         plugins = self._makePlugins()
00781         zcuf = self._makeOne( plugins )
00782 
00783         login = DummyPlugin()
00784         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00785         login.extractCredentials = _extractLogin
00786         login.authenticateCredentials = _authLogin
00787 
00788         zcuf._setObject( 'login', login )
00789 
00790         borked = DummyPlugin()
00791         directlyProvides( borked, IAuthenticationPlugin )
00792         borked.authenticateCredentials = lambda creds: creds['nonesuch']
00793 
00794         zcuf._setObject( 'borked', borked )
00795 
00796         plugins = zcuf._getOb( 'plugins' )
00797 
00798         plugins.activatePlugin( IExtractionPlugin, 'login' )
00799         plugins.activatePlugin( IAuthenticationPlugin, 'login' )    # 1
00800         plugins.activatePlugin( IAuthenticationPlugin, 'borked' )   # 2
00801 
00802         request = self._makeRequest( form={ 'login' : 'foo'
00803                                           , 'password' : 'bar' } )
00804 
00805         user_ids = zcuf._extractUserIds( request=request
00806                                        , plugins=zcuf.plugins
00807                                        )
00808 
00809         self.assertEqual( len( user_ids ), 1 )
00810         self.assertEqual( user_ids[0][0], 'foo' )
00811 
00812     def test__extractUserIds_authenticate_emergency_user_with_broken_authenticator( self ):
00813 
00814         from Products.PluggableAuthService.interfaces.plugins \
00815             import IExtractionPlugin, IAuthenticationPlugin
00816 
00817         from AccessControl.User import UnrestrictedUser
00818 
00819         from Products.PluggableAuthService import PluggableAuthService
00820 
00821         old_eu = PluggableAuthService.emergency_user
00822 
00823         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00824 
00825         PluggableAuthService.emergency_user = eu
00826 
00827         try:
00828             plugins = self._makePlugins()
00829             zcuf = self._makeOne( plugins )
00830 
00831             login = DummyPlugin()
00832             directlyProvides( login, IExtractionPlugin )
00833 
00834             # Make the first attempt at emergency user authentication fail
00835             # (but not the extractor itself).
00836             login.extractCredentials = lambda req: {'login': '', 'password': ''}
00837 
00838             zcuf._setObject( 'login', login )
00839 
00840             borked = DummyPlugin()
00841             directlyProvides( borked, IAuthenticationPlugin )
00842             borked.authenticateCredentials = lambda creds: creds['nonesuch']
00843 
00844             zcuf._setObject( 'borked', borked )
00845 
00846             plugins = zcuf._getOb( 'plugins' )
00847 
00848             plugins.activatePlugin( IExtractionPlugin, 'login' )
00849             plugins.activatePlugin( IAuthenticationPlugin, 'borked' )
00850 
00851             request = self._makeRequest( form={ 'login' : eu.getUserName()
00852                                               , 'password' : eu._getPassword() } )
00853 
00854             user_ids = zcuf._extractUserIds( request=request
00855                                            , plugins=zcuf.plugins
00856                                            )
00857 
00858             self.assertEqual( len( user_ids ), 1 )
00859             self.assertEqual( user_ids[0][0], 'foo' )
00860         finally:
00861             PluggableAuthService.emergency_user = old_eu
00862 
00863     def test__extractUserIds_emergency_user_always_wins( self ):
00864 
00865         from Products.PluggableAuthService.interfaces.plugins \
00866             import IExtractionPlugin, IAuthenticationPlugin
00867 
00868         from AccessControl.User import UnrestrictedUser
00869 
00870         from Products.PluggableAuthService import PluggableAuthService
00871 
00872         old_eu = PluggableAuthService.emergency_user
00873 
00874         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
00875 
00876         PluggableAuthService.emergency_user = eu
00877 
00878         try:
00879             plugins = self._makePlugins()
00880             zcuf = self._makeOne( plugins )
00881 
00882             login = DummyPlugin()
00883             directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
00884             login.extractCredentials = lambda req: {'login': 'baz', 'password': ''}
00885             login.authenticateCredentials = _authLogin
00886 
00887             zcuf._setObject( 'login', login )
00888 
00889             plugins = zcuf._getOb( 'plugins' )
00890 
00891             plugins.activatePlugin( IExtractionPlugin, 'login' )
00892             plugins.activatePlugin( IAuthenticationPlugin, 'login' )
00893 
00894             request = self._makeRequest( form={ 'login' : eu.getUserName()
00895                                               , 'password' : eu._getPassword() } )
00896 
00897             # This should authenticate the emergency user and not 'baz'
00898             user_ids = zcuf._extractUserIds( request=request
00899                                            , plugins=zcuf.plugins
00900                                            )
00901 
00902             self.assertEqual( len( user_ids ), 1 )
00903             self.assertEqual( user_ids[0][0], 'foo' )
00904         finally:
00905             PluggableAuthService.emergency_user = old_eu
00906 
00907     def test__getObjectContext_no_steps( self ):
00908 
00909         zcuf = self._makeOne()
00910         request = self._makeRequest( (), RESPONSE=FauxResponse() )
00911 
00912         self.assertRaises( FauxNotFoundError
00913                          , zcuf._getObjectContext, zcuf, request )
00914 
00915     def test__getObjectContext_simple( self ):
00916 
00917         zcuf = self._makeOne()
00918 
00919         rc, root, folder, object = self._makeTree()
00920 
00921         local_index = FauxObject( 'index_html' ).__of__( object )
00922 
00923         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00924                                    , RESPONSE=FauxResponse()
00925                                    , PARENTS=[ object, folder, root ]
00926                                    )
00927 
00928         published = local_index
00929 
00930         a, c, n, v = zcuf._getObjectContext( published, request )
00931 
00932         self.assertEqual( a, object )
00933         self.assertEqual( c, object )
00934         self.assertEqual( n, 'index_html' )
00935         self.assertEqual( v, published )
00936 
00937     def test__getObjectContext_acquired_from_folder( self ):
00938 
00939         zcuf = self._makeOne()
00940 
00941         rc, root, folder, object = self._makeTree()
00942 
00943         acquired_index = FauxObject( 'index_html' ).__of__( folder )
00944 
00945         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00946                                    , RESPONSE=FauxResponse()
00947                                    , PARENTS=[ object, folder, root ]
00948                                    )
00949 
00950         published = acquired_index.__of__( object )
00951 
00952         a, c, n, v = zcuf._getObjectContext( published, request )
00953 
00954         self.assertEqual( a, object )
00955         self.assertEqual( c, folder )
00956         self.assertEqual( n, 'index_html' )
00957         self.assertEqual( v, published )
00958 
00959     def test__getObjectContext_acquired_from_root( self ):
00960 
00961         zcuf = self._makeOne()
00962 
00963         rc, root, folder, object = self._makeTree()
00964 
00965         acquired_index = FauxObject( 'index_html' ).__of__( root )
00966 
00967         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00968                                    , RESPONSE=FauxResponse()
00969                                    , PARENTS=[ object, folder, root ]
00970                                    )
00971 
00972         published = acquired_index.__of__( object )
00973 
00974         a, c, n, v = zcuf._getObjectContext( published, request )
00975 
00976         self.assertEqual( a, object )
00977         self.assertEqual( c, root )
00978         self.assertEqual( n, 'index_html' )
00979         self.assertEqual( v, published )
00980 
00981 
00982     def test__getObjectContext_acquired_from_rc( self ):
00983 
00984         zcuf = self._makeOne()
00985 
00986         rc, root, folder, object = self._makeTree()
00987 
00988         acquired_index = FauxObject( 'index_html' ).__of__( rc )
00989 
00990         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
00991                                    , RESPONSE=FauxResponse()
00992                                    , PARENTS=[ object, folder, root ]
00993                                    )
00994 
00995         published = acquired_index.__of__( object )
00996 
00997         a, c, n, v = zcuf._getObjectContext( published, request )
00998 
00999         self.assertEqual( a, object )
01000         self.assertEqual( c, root )
01001         self.assertEqual( n, 'index_html' )
01002         self.assertEqual( v, published )
01003 
01004 
01005     def test__verifyUser_no_plugins( self ):
01006 
01007         plugins = self._makePlugins()
01008         zcuf = self._makeOne( plugins )
01009 
01010         self.failIf( zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )
01011 
01012     def test__verifyUser_one_plugin( self ):
01013 
01014         from Products.PluggableAuthService.interfaces.plugins \
01015              import IUserEnumerationPlugin
01016 
01017         plugins = self._makePlugins()
01018         zcuf = self._makeOne( plugins )
01019 
01020         foo = self._makeUserEnumerator( 'foo' )
01021         zcuf._setObject( 'foo', foo )
01022 
01023         plugins = zcuf._getOb( 'plugins' )
01024 
01025         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01026 
01027         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )
01028         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='foo' ) )
01029 
01030     def test__verifyUser_more_plugins( self ):
01031 
01032         from Products.PluggableAuthService.interfaces.plugins \
01033              import IUserEnumerationPlugin
01034 
01035         plugins = self._makePlugins()
01036         zcuf = self._makeOne( plugins )
01037 
01038         foo = self._makeUserEnumerator( 'foo' )
01039         zcuf._setObject( 'foo', foo )
01040 
01041         bar = self._makeUserEnumerator( 'bar' )
01042         zcuf._setObject( 'bar', bar )
01043 
01044         qux = self._makeUserEnumerator( 'qux' )
01045         zcuf._setObject( 'qux', qux )
01046 
01047         plugins = zcuf._getOb( 'plugins' )
01048 
01049         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01050         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01051         plugins.activatePlugin( IUserEnumerationPlugin, 'qux' )
01052 
01053         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='zope' ) )
01054         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='foo' ) )
01055         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='bar' ) )
01056         self.failIf(      zcuf._verifyUser( zcuf.plugins, user_id='baz' ) )
01057         self.failUnless(  zcuf._verifyUser( zcuf.plugins, user_id='qux' ) )
01058 
01059     def test__verifyUser_login( self ):
01060 
01061         from Products.PluggableAuthService.interfaces.plugins \
01062              import IUserEnumerationPlugin
01063 
01064         plugins = self._makePlugins()
01065         zcuf = self._makeOne( plugins )
01066 
01067         foo = self._makeUserEnumerator( 'foo' )
01068         zcuf._setObject( 'foo', foo )
01069 
01070         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01071         zcuf._setObject( 'bar', bar )
01072 
01073         plugins = zcuf._getOb( 'plugins' )
01074 
01075         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01076         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01077 
01078         self.failIf(      zcuf._verifyUser( zcuf.plugins, login='zope' ) )
01079         self.failUnless(  zcuf._verifyUser( zcuf.plugins, login='foo' ) )
01080         self.failIf(      zcuf._verifyUser( zcuf.plugins, login='bar' ) )
01081         self.failUnless(  zcuf._verifyUser( zcuf.plugins
01082                                           , login='bar@example.com' ) )
01083 
01084     def test__verifyUser_login_userid( self ):
01085 
01086         from Products.PluggableAuthService.interfaces.plugins \
01087              import IUserEnumerationPlugin
01088 
01089         plugins = self._makePlugins()
01090         zcuf = self._makeOne( plugins )
01091 
01092         enumerator = DummyMultiUserEnumerator(
01093             'enumerator',
01094             {'id': 'foo', 'login': 'foobar'},
01095             {'id': 'bar', 'login': 'foo'})
01096         directlyProvides( enumerator, IUserEnumerationPlugin )
01097         zcuf._setObject( 'enumerator', enumerator )
01098 
01099         plugins = zcuf._getOb( 'plugins' )
01100 
01101         plugins.activatePlugin( IUserEnumerationPlugin, 'enumerator' )
01102 
01103         self.failUnless(
01104             zcuf._verifyUser(plugins, login='foo')['id'] == 'bar')
01105         self.failUnless(
01106             zcuf._verifyUser(plugins, login='foobar')['id'] == 'foo')
01107 
01108     def test__findUser_no_plugins( self ):
01109 
01110         plugins = self._makePlugins()
01111 
01112         zcuf = self._makeOne()
01113         user = zcuf._findUser( plugins, 'someone' )
01114 
01115         self.assertEqual( len( user.listPropertysheets() ), 0 )
01116 
01117     def test__findEmergencyUser_no_plugins( self ):
01118 
01119         from AccessControl.User import UnrestrictedUser
01120 
01121         from Products.PluggableAuthService import PluggableAuthService
01122 
01123         old_eu = PluggableAuthService.emergency_user
01124 
01125         eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
01126 
01127         PluggableAuthService.emergency_user = eu
01128 
01129         plugins = self._makePlugins()
01130         zcuf = self._makeOne()
01131         zcuf._emergency_user = eu
01132         user = zcuf._findUser( plugins, 'foo' )
01133 
01134         self.assertEqual( aq_base(zcuf._getEmergencyUser()), aq_base(user) )
01135 
01136         PluggableAuthService.emergency_user = old_eu
01137 
01138     def test__findUser_with_userfactory_plugin( self ):
01139 
01140         from Products.PluggableAuthService.interfaces.plugins \
01141             import IUserFactoryPlugin
01142 
01143         plugins = self._makePlugins()
01144         zcuf = self._makeOne( plugins )
01145 
01146         bar = DummyPlugin()
01147         directlyProvides( bar, IUserFactoryPlugin )
01148 
01149         def _makeUser( user_id, name ):
01150             user = FauxUser( user_id )
01151             user._name = name
01152             return user
01153 
01154         bar.createUser = _makeUser
01155 
01156         zcuf._setObject( 'bar', bar )
01157 
01158         plugins = zcuf._getOb( 'plugins' )
01159 
01160         real_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
01161         self.failIf( real_user.__class__ is FauxUser )
01162 
01163         plugins.activatePlugin( IUserFactoryPlugin , 'bar' )
01164 
01165         faux_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
01166 
01167         self.assertEqual( faux_user.getId(), 'someone' )
01168         self.assertEqual( faux_user.getUserName(), 'to watch over me' )
01169 
01170         self.failUnless( faux_user.__class__ is FauxUser )
01171 
01172     def test__findUser_with_plugins( self ):
01173 
01174         from Products.PluggableAuthService.interfaces.plugins \
01175             import IPropertiesPlugin
01176 
01177         plugins = self._makePlugins()
01178         zcuf = self._makeOne( plugins )
01179 
01180         foo = DummyPlugin()
01181         directlyProvides( foo, IPropertiesPlugin )
01182         foo.getPropertiesForUser = lambda user, req: { 'login': user.getId() }
01183 
01184         zcuf._setObject( 'foo', foo )
01185 
01186         bar = DummyPlugin()
01187         directlyProvides( bar, IPropertiesPlugin )
01188         bar.getPropertiesForUser = lambda user, req: { 'a': 0, 'b': 'bar' }
01189 
01190         zcuf._setObject( 'bar', bar )
01191 
01192         plugins = zcuf._getOb( 'plugins' )
01193 
01194         plugins.activatePlugin( IPropertiesPlugin , 'foo' )
01195         plugins.activatePlugin( IPropertiesPlugin , 'bar' )
01196 
01197         user = zcuf._findUser( plugins, 'someone' )
01198 
01199         sheet_ids = user.listPropertysheets()
01200         self.assertEqual( len( sheet_ids ), 2 )
01201         self.failUnless( 'foo' in sheet_ids )
01202         self.failUnless( 'bar' in sheet_ids )
01203 
01204         foosheet = user[ 'foo' ]
01205         self.assertEqual( len( foosheet.propertyMap() ), 1 )
01206 
01207     def test__findUser_with_groups( self ):
01208 
01209         from Products.PluggableAuthService.interfaces.plugins \
01210             import IGroupsPlugin
01211 
01212         plugins = self._makePlugins()
01213         zcuf = self._makeOne( plugins )
01214 
01215         foo = DummyPlugin()
01216         directlyProvides( foo, IGroupsPlugin )
01217         foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
01218 
01219         zcuf._setObject( 'foo', foo )
01220 
01221         plugins = zcuf._getOb( 'plugins' )
01222 
01223         plugins.activatePlugin( IGroupsPlugin , 'foo' )
01224 
01225         user = zcuf._findUser( plugins, 'someone' )
01226 
01227         groups = user.getGroups()
01228         self.assertEqual( len( groups ), 2 )
01229         self.failUnless( 'group1' in groups )
01230         self.failUnless( 'group2' in groups )
01231 
01232     def test__findUser_with_groups_ignoring_one( self ):
01233 
01234         from Products.PluggableAuthService.interfaces.plugins \
01235             import IGroupsPlugin
01236 
01237         plugins = self._makePlugins()
01238         zcuf = self._makeOne( plugins )
01239 
01240         foo = DummyPlugin()
01241         directlyProvides( foo, IGroupsPlugin )
01242         foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
01243 
01244         bar = DummyPlugin()
01245         directlyProvides( bar, IGroupsPlugin )
01246         bar.getGroupsForPrincipal = lambda user, req: ( 'group3', 'group4' )
01247 
01248         zcuf._setObject( 'foo', foo )
01249         zcuf._setObject( 'bar', bar )
01250 
01251         plugins = zcuf._getOb( 'plugins' )
01252 
01253         plugins.activatePlugin( IGroupsPlugin , 'foo' )
01254         plugins.activatePlugin( IGroupsPlugin , 'bar' )
01255 
01256         user = zcuf._findUser( plugins, 'someone' )
01257 
01258         groups = zcuf._getGroupsForPrincipal( user, plugins=plugins
01259                                             , ignore_plugins=( 'bar', ) )
01260         self.assertEqual( len( groups ), 2 )
01261         self.failIf( 'bar:group3' in groups )
01262         self.failIf( 'bar:group4' in groups )
01263 
01264     def test__authorizeUser_force_ok( self ):
01265 
01266         zcuf = self._makeOne()
01267         faux = FauxUser( 'faux' )
01268 
01269         class PermissiveSP:
01270 
01271             def validate( self
01272                         , user
01273                         , accessed
01274                         , container
01275                         , name
01276                         , value
01277                         , roles=None
01278                         ):
01279                 return 1
01280 
01281         self._oldSecurityPolicy = setSecurityPolicy( PermissiveSP() )
01282 
01283         self.failUnless( zcuf._authorizeUser( faux
01284                                             , accessed=FauxObject('a')
01285                                             , container=FauxObject('c')
01286                                             , name='name'
01287                                             , value=FauxObject('v')
01288                                             , roles=()
01289                                             ) )
01290 
01291     def test__authorizeUser_force_no_way( self ):
01292 
01293         zcuf = self._makeOne()
01294         faux = FauxUser( 'faux' )
01295 
01296         class ParanoidSP:
01297 
01298             def validate( self
01299                         , user
01300                         , accessed
01301                         , container
01302                         , name
01303                         , value
01304                         , roles=None
01305                         ):
01306                 return 0
01307 
01308         self._oldSecurityPolicy = setSecurityPolicy( ParanoidSP() )
01309 
01310         self.failIf( zcuf._authorizeUser( faux
01311                                         , accessed=FauxObject('a')
01312                                         , container=FauxObject('c')
01313                                         , name='name'
01314                                         , value=FauxObject('v')
01315                                         , roles=()
01316                                         ) )
01317 
01318     def test__authorizeUser_use_ZSP_implied_roles_OK( self ):
01319 
01320         zcuf = self._makeOne()
01321         faux = FauxUser( 'faux' )
01322         object = FauxObject( 'object' )
01323         object.__roles__ = ( 'Anonymous', )
01324 
01325         self.failUnless( zcuf._authorizeUser( faux
01326                                             , accessed=FauxObject('a')
01327                                             , container=FauxObject('c')
01328                                             , name='name'
01329                                             , value=object
01330                                             ) )
01331 
01332     def test__authorizeUser_use_ZSP_implied_roles_fail( self ):
01333 
01334         zcuf = self._makeOne()
01335         faux = FauxUser( 'faux' )
01336         object = FauxObject( 'object' )
01337         object.__roles__ = ( 'Manager', )
01338 
01339         self.failIf( zcuf._authorizeUser( faux
01340                                         , accessed=FauxObject('a')
01341                                         , container=FauxObject('c')
01342                                         , name='name'
01343                                         , value=object
01344                                         ) )
01345 
01346     def test__authorizeUser_use_ZSP_implied_roles_mgr( self ):
01347 
01348         zcuf = self._makeOne()
01349         mgr = FauxUser( 'mgr', roles=( 'Manager', ) )
01350         object = FauxObject( 'object' )
01351         object.__roles__ = ( 'Manager', )
01352 
01353         self.failUnless( zcuf._authorizeUser( mgr
01354                                             , accessed=FauxObject('a')
01355                                             , container=FauxObject('c')
01356                                             , name='name'
01357                                             , value=object
01358                                             ) )
01359 
01360     def test__authorizeUser_use_ZSP_explicit_roles_OK( self ):
01361 
01362         zcuf = self._makeOne()
01363         faux = FauxUser( 'faux' )
01364         object = FauxObject( 'object' )
01365 
01366         self.failUnless( zcuf._authorizeUser( faux
01367                                             , accessed=FauxObject('a')
01368                                             , container=FauxObject('c')
01369                                             , name='name'
01370                                             , value=object
01371                                             , roles=('Anonymous',)
01372                                             ) )
01373 
01374     def test__authorizeUser_use_ZSP_explicit_roles_fail( self ):
01375 
01376         zcuf = self._makeOne()
01377         faux = FauxUser( 'faux' )
01378         object = FauxObject( 'object' )
01379 
01380         self.failIf( zcuf._authorizeUser( faux
01381                                         , accessed=FauxObject('a')
01382                                         , container=FauxObject('c')
01383                                         , name='name'
01384                                         , value=object
01385                                         , roles=('Manager',)
01386                                         ) )
01387 
01388     def test__authorizeUser_use_ZSP_explicit_roles_mgr( self ):
01389 
01390         zcuf = self._makeOne()
01391         mgr = FauxUser( 'mgr', roles=( 'Manager', ) )
01392         object = FauxObject( 'object' )
01393 
01394         self.failUnless( zcuf._authorizeUser( mgr
01395                                             , accessed=FauxObject('a')
01396                                             , container=FauxObject('c')
01397                                             , name='name'
01398                                             , value=object
01399                                             , roles=('Manager',)
01400                                             ) )
01401 
01402     def test_getUser_no_plugins( self ):
01403 
01404         plugins = self._makePlugins()
01405         zcuf = self._makeOne( plugins )
01406 
01407         self.assertEqual(  zcuf.getUser( 'zope' ), None )
01408 
01409     def test_getUser_with_plugins( self ):
01410         # XXX: This will produce insane results when uniquifiers not present
01411 
01412         from Products.PluggableAuthService.interfaces.plugins \
01413              import IUserEnumerationPlugin
01414 
01415         plugins = self._makePlugins()
01416         zcuf = self._makeOne( plugins )
01417 
01418         foo = self._makeUserEnumerator( 'foo' )
01419         zcuf._setObject( 'foo', foo )
01420 
01421         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01422         zcuf._setObject( 'bar', bar )
01423 
01424         plugins = zcuf._getOb( 'plugins' )
01425 
01426         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01427         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01428 
01429         self.assertEqual( zcuf.getUser( 'zope' ), None )
01430 
01431         user = zcuf.getUser( 'foo' )
01432         self.assertEqual( user.getId(), 'foo' )
01433 
01434         self.assertEqual( zcuf.getUser( 'who_knows' ), None )
01435 
01436         user = zcuf.getUser( 'bar@example.com' )
01437         self.assertEqual( user.getId(), 'bar' )
01438 
01439     def test_getUser_with_uniquifying_plugins( self ):
01440         from Products.PluggableAuthService.interfaces.plugins \
01441              import IUserEnumerationPlugin
01442 
01443         plugins = self._makePlugins()
01444         zcuf = self._makeOne( plugins )
01445 
01446         foo = self._makeUserEnumerator( 'foo' )
01447         foo.identifier = 'foo/'
01448         zcuf._setObject( 'foo', foo )
01449 
01450         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01451         bar.identifier = 'bar+'
01452         zcuf._setObject( 'bar', bar )
01453 
01454         plugins = zcuf._getOb( 'plugins' )
01455 
01456         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01457         plugins.activatePlugin( IUserEnumerationPlugin, 'bar' )
01458 
01459         self.assertEqual( zcuf.getUser( 'zope' ), None )
01460 
01461         user = zcuf.getUser( 'foo' )
01462         self.assertEqual( user.getId(), 'foo/foo' )
01463 
01464         self.assertEqual( zcuf.getUser( 'who_knows' ), None )
01465 
01466         user = zcuf.getUser( 'bar@example.com' )
01467         self.assertEqual( user.getId(), 'bar+bar' )
01468 
01469     def test_getUser_id_and_name( self ):
01470         # Tests fetching a user by ID versus fetching by username.
01471         from Products.PluggableAuthService.interfaces.plugins \
01472              import IUserEnumerationPlugin
01473 
01474         plugins = self._makePlugins()
01475         zcuf = self._makeOne( plugins )
01476 
01477         bar = self._makeUserEnumerator( 'bar', 'bar@example.com' )
01478         bar.identifier = 'bar/'
01479         zcuf._setObject( 'bar', bar )
01480 
01481         zcuf.plugins.activatePlugin(IUserEnumerationPlugin, 'bar')
01482         # Fetch the new user by ID and name, and check we get the same.
01483         user = zcuf.getUserById('bar/bar')
01484         self.assertEqual( user.getId(), 'bar/bar')
01485         self.assertEqual( user.getUserName(), 'bar@example.com' )
01486 
01487         user2 = zcuf.getUser('bar@example.com')
01488         self.assertEqual( user2.getId(), 'bar/bar')
01489         self.assertEqual( user2.getUserName(), 'bar@example.com' )
01490 
01491     def test_simple_getUserGroups_with_Groupplugin(self):
01492 
01493         from Products.PluggableAuthService.interfaces.plugins \
01494              import IGroupsPlugin
01495 
01496         default_groups = ('Group A', 'Group B')
01497         plugins = self._makePlugins()
01498         zcuf = self._makeOne(plugins)
01499         faux = FauxUser('faux')
01500 
01501         foo = self._makeGroupPlugin('foo', groups=default_groups)
01502         zcuf._setObject('foo', foo)
01503 
01504         plugins = zcuf._getOb('plugins')
01505 
01506         plugins.activatePlugin(IGroupsPlugin, 'foo')
01507 
01508         groups = foo.getGroupsForPrincipal(faux)
01509         for g in groups:
01510             self.assert_(g in default_groups)
01511 
01512         faux._addGroups(groups)
01513 
01514         self.assert_('Group A' in faux.getGroups())
01515         self.assert_('Group B' in faux.getGroups())
01516 
01517     def test_validate_simple_unauth( self ):
01518 
01519         from Products.PluggableAuthService.interfaces.plugins \
01520             import IExtractionPlugin, \
01521                    IAuthenticationPlugin, \
01522                    IUserEnumerationPlugin
01523 
01524         plugins = self._makePlugins()
01525         zcuf = self._makeOne( plugins )
01526 
01527         login = DummyPlugin()
01528         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01529         login.extractCredentials = _extractLogin
01530         login.authenticateCredentials = _authLogin
01531         zcuf._setObject( 'login', login )
01532 
01533         foo = DummyPlugin()
01534         directlyProvides( foo, IUserEnumerationPlugin )
01535         foo.enumerateUsers = lambda id: id == 'foo' or None
01536 
01537         zcuf._setObject( 'foo', foo )
01538 
01539         plugins = zcuf._getOb( 'plugins' )
01540         plugins.activatePlugin( IExtractionPlugin, 'login' )
01541         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01542         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01543 
01544         rc, root, folder, object = self._makeTree()
01545 
01546         index = FauxObject( 'index_html' )
01547         index.__roles__ = ( 'Hamlet', )
01548         acquired_index = index.__of__( root ).__of__( object )
01549 
01550         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01551                                    , RESPONSE=FauxResponse()
01552                                    , PARENTS=[ object, folder, root ]
01553                                    , PUBLISHED=acquired_index
01554                                    , form={ 'login' : 'foo'
01555                                           , 'password' : 'bar' }
01556                                    )
01557 
01558 
01559         wrapped = zcuf.__of__( root )
01560         validated = wrapped.validate( request )
01561         self.assertEqual( validated, None )
01562 
01563     def test_validate_simple_anonymous( self ):
01564 
01565         from AccessControl.SpecialUsers import nobody
01566 
01567         from Products.PluggableAuthService.interfaces.plugins \
01568             import IExtractionPlugin, \
01569                    IAuthenticationPlugin, \
01570                    IUserEnumerationPlugin
01571 
01572         plugins = self._makePlugins()
01573         zcuf = self._makeOne( plugins )
01574 
01575         login = DummyPlugin()
01576         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01577         login.extractCredentials = _extractLogin
01578         login.authenticateCredentials = _authLogin
01579         zcuf._setObject( 'login', login )
01580 
01581         foo = DummyPlugin()
01582         directlyProvides( foo, IUserEnumerationPlugin )
01583         foo.enumerateUsers = lambda id: id == 'foo' or None
01584 
01585         zcuf._setObject( 'foo', foo )
01586 
01587         plugins = zcuf._getOb( 'plugins' )
01588         plugins.activatePlugin( IExtractionPlugin, 'login' )
01589         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01590         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01591 
01592         rc, root, folder, object = self._makeTree()
01593 
01594         index = FauxObject( 'index_html' )
01595         index.__roles__ = ( 'Anonymous', )
01596         acquired_index = index.__of__( root ).__of__( object )
01597 
01598         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01599                                    , RESPONSE=FauxResponse()
01600                                    , PARENTS=[ object, folder, root ]
01601                                    , PUBLISHED=acquired_index
01602                                    , form={}
01603                                    )
01604 
01605 
01606         wrapped = zcuf.__of__( root )
01607         validated = wrapped.validate( request )
01608         self.assertEqual( validated.getUserName(), nobody.getUserName() )
01609 
01610     def test_validate_simple_authenticated( self ):
01611 
01612         from Products.PluggableAuthService.interfaces.plugins \
01613             import IExtractionPlugin, \
01614                    IAuthenticationPlugin, \
01615                    IUserEnumerationPlugin, \
01616                    IRolesPlugin
01617 
01618         plugins = self._makePlugins()
01619         zcuf = self._makeOne( plugins )
01620 
01621         login = DummyPlugin()
01622         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01623         login.extractCredentials = _extractLogin
01624         login.authenticateCredentials = _authLogin
01625         zcuf._setObject( 'login', login )
01626 
01627         olivier = DummyPlugin()
01628         directlyProvides( olivier, IUserEnumerationPlugin, IRolesPlugin )
01629         olivier.enumerateUsers = lambda id: id == 'foo' or None
01630         olivier.getRolesForPrincipal = lambda user, req: (
01631                      user.getId() == 'olivier' and ( 'Hamlet', ) or () )
01632 
01633         zcuf._setObject( 'olivier', olivier )
01634 
01635         plugins = zcuf._getOb( 'plugins' )
01636         plugins.activatePlugin( IExtractionPlugin, 'login' )
01637         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01638         plugins.activatePlugin( IUserEnumerationPlugin, 'olivier' )
01639         plugins.activatePlugin( IRolesPlugin, 'olivier' )
01640 
01641         rc, root, folder, object = self._makeTree()
01642 
01643         index = FauxObject( 'index_html' )
01644         index.__roles__ = ( 'Hamlet', )
01645         acquired_index = index.__of__( root ).__of__( object )
01646 
01647         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01648                                    , RESPONSE=FauxResponse()
01649                                    , PARENTS=[ object, folder, root ]
01650                                    , PUBLISHED=acquired_index.__of__( object )
01651                                    , form={ 'login' : 'olivier'
01652                                           , 'password' : 'arras'
01653                                           }
01654                                    )
01655 
01656 
01657         wrapped = zcuf.__of__( root )
01658 
01659         validated = wrapped.validate( request )
01660         self.assertEqual( validated.getUserName(), 'olivier' )
01661 
01662     def test_validate_with_anonymous_factory( self ):
01663 
01664         from Products.PluggableAuthService.interfaces.plugins \
01665             import IAnonymousUserFactoryPlugin
01666 
01667         def _makeAnon():
01668             user = FauxUser( None
01669                            , name='New Anonymous User'
01670                            , roles=()
01671                            , groups={ 'All People Everywhere Ever' : 1 } )
01672             return user
01673 
01674         plugins = self._makePlugins()
01675         zcuf = self._makeOne( plugins )
01676         nested = self._makeOne( plugins )
01677 
01678         anon = DummyPlugin()
01679         directlyProvides( anon, IAnonymousUserFactoryPlugin )
01680         anon.createAnonymousUser = _makeAnon
01681         zcuf._setObject( 'anon', anon )
01682 
01683         plugins = zcuf._getOb( 'plugins' )
01684         plugins.activatePlugin( IAnonymousUserFactoryPlugin, 'anon' )
01685 
01686         rc, root, folder, object = self._makeTree()
01687 
01688         index = FauxObject( 'index_html' )
01689         index.__roles__ = ( 'Anonymous', )
01690         acquired_index = index.__of__( root ).__of__( object )
01691 
01692         request = self._makeRequest( ( 'folder', 'object', 'index_html' )
01693                                    , RESPONSE=FauxResponse()
01694                                    , PARENTS=[ object, folder, root ]
01695                                    , PUBLISHED=acquired_index
01696                                    , form={}
01697                                    )
01698 
01699         root._setObject( 'acl_users', zcuf )
01700         root_users = root.acl_users
01701 
01702         root_validated = root_users.validate( request )
01703         self.assertEqual( root_validated.getUserName(), 'New Anonymous User' )
01704         self.assertEqual( root_validated.getGroups()
01705                         , [ 'All People Everywhere Ever' ] )
01706 
01707     def testAllowGroupsAttribute(self):
01708         # Verify that __allow_groups__ gets set and removed
01709         from OFS.Folder import Folder
01710         f = Folder()
01711         zcuf = self._makeOne()
01712         f._setObject(zcuf.getId(), zcuf)
01713         self.assert_(zcuf.getId() in f.objectIds())
01714         self.assert_(aq_base(f.__allow_groups__) is aq_base(f.acl_users))
01715         f._delObject(zcuf.getId())
01716         self.assert_(not zcuf.getId() in f.objectIds())
01717 
01718     def test__setObject_no_ownership_fixup( self ):
01719 
01720         from AccessControl.SpecialUsers import emergency_user
01721         from OFS.Folder import Folder
01722 
01723         newSecurityManager( None, emergency_user )
01724 
01725         rc, root, folder, object = self._makeTree()
01726         zcuf = self._makeOne()
01727         folder._setObject( 'acl_users', zcuf )
01728         zcuf = folder._getOb( 'acl_users' )
01729 
01730         sub = Folder()
01731         sub._setId( 'sub' )
01732 
01733         zcuf._setObject( 'sub', sub )
01734 
01735     def test__delOb_unregisters_plugin( self ):
01736 
01737         from Products.PluggableAuthService.interfaces.plugins \
01738             import IExtractionPlugin, \
01739                    IAuthenticationPlugin, \
01740                    IUserEnumerationPlugin
01741 
01742         plugins = self._makePlugins()
01743         zcuf = self._makeOne( plugins )
01744 
01745         login = DummyPlugin()
01746         directlyProvides( login, IExtractionPlugin, IAuthenticationPlugin )
01747         login.extractCredentials = _extractLogin
01748         login.authenticateCredentials = _authLogin
01749         zcuf._setObject( 'login', login )
01750 
01751         foo = DummyPlugin()
01752         directlyProvides( foo, IUserEnumerationPlugin )
01753         foo.enumerateUsers = lambda id: id == 'foo' or None
01754 
01755         zcuf._setObject( 'foo', foo )
01756 
01757         plugins = zcuf._getOb( 'plugins' )
01758         plugins.activatePlugin( IExtractionPlugin, 'login' )
01759         plugins.activatePlugin( IAuthenticationPlugin, 'login' )
01760         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01761 
01762         self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
01763         self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
01764         self.failUnless( plugins.listPlugins( IUserEnumerationPlugin ) )
01765 
01766         zcuf._delOb( 'foo' )
01767 
01768         self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
01769         self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
01770         self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
01771 
01772         zcuf._delOb( 'login' )
01773 
01774         self.failIf( plugins.listPlugins( IExtractionPlugin ) )
01775         self.failIf( plugins.listPlugins( IAuthenticationPlugin ) )
01776         self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
01777 
01778     def test_searchGroups( self ):
01779 
01780         from Products.PluggableAuthService.interfaces.plugins \
01781              import IGroupEnumerationPlugin
01782 
01783         plugins = self._makePlugins()
01784         zcuf = self._makeOne( plugins )
01785 
01786         foo = self._makeGroupEnumerator( 'foo' )
01787         zcuf._setObject( 'foo', foo )
01788 
01789         plugins = zcuf._getOb( 'plugins' )
01790         plugins.activatePlugin( IGroupEnumerationPlugin, 'foo' )
01791 
01792         self.failIf(      zcuf.searchGroups( id='bar' ) )
01793         self.failUnless(  zcuf.searchGroups( id='foo' ) )
01794         self.assertEqual( len(zcuf.searchGroups( id='foo' )), 1 )
01795 
01796     def test_searchPrincipals( self ):
01797 
01798         from Products.PluggableAuthService.interfaces.plugins \
01799              import IUserEnumerationPlugin
01800         from Products.PluggableAuthService.interfaces.plugins \
01801              import IGroupEnumerationPlugin
01802 
01803         plugins = self._makePlugins()
01804         zcuf = self._makeOne( plugins )
01805 
01806         foo = self._makeUserEnumerator( 'foo' )
01807         zcuf._setObject( 'foo', foo )
01808         foobar = self._makeGroupEnumerator( 'foobar' )
01809         zcuf._setObject( 'foobar', foobar )
01810 
01811         plugins = zcuf._getOb( 'plugins' )
01812         plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
01813         plugins.activatePlugin( IGroupEnumerationPlugin, 'foobar' )
01814 
01815         self.failIf( zcuf.searchPrincipals( id='zope' ) )
01816         self.failUnless( len( zcuf.searchPrincipals( id='foo' )
01817                             ) == 2 )
01818 
01819     def test_searchPrincipalsWithSuperEnumerator( self ):
01820 
01821         from Products.PluggableAuthService.interfaces.plugins \
01822              import IUserEnumerationPlugin
01823         from Products.PluggableAuthService.interfaces.plugins \
01824              import IGroupEnumerationPlugin
01825 
01826         plugins = self._makePlugins()
01827         zcuf = self._makeOne( plugins )
01828 
01829         s00per = self._makeSuperEnumerator( 'user', 'login', 'group' )
01830         zcuf._setObject( 's00per', s00per )
01831 
01832         plugins = zcuf._getOb( 'plugins' )
01833         plugins.activatePlugin( IUserEnumerationPlugin, 's00per' )
01834         plugins.activatePlugin( IGroupEnumerationPlugin, 's00per' )
01835 
01836         self.failIf(      zcuf.searchPrincipals( id='zope' ) )
01837         self.failUnless(
01838             len( zcuf.searchPrincipals(id='user')) == 1 )
01839         self.failUnless(
01840             len( zcuf.searchPrincipals(id='group')) == 1 )
01841 
01842 
01843     def test_no_challenger(self):
01844         # make sure that the response's _unauthorized gets propogated
01845         # if no challengers exist (or have fired)
01846         plugins = self._makePlugins()
01847         zcuf = self._makeOne(plugins)
01848         response = FauxResponse()
01849         request = self._makeRequest(RESPONSE=response)
01850         zcuf.REQUEST = request
01851 
01852         # First call the userfolders before_traverse hook, to set things up:
01853         zcuf(self, request)
01854         # Call unauthorized to make sure Unauthorized is raised.
01855         self.failUnlessRaises( Unauthorized, response.unauthorized)
01856         # Since no challengers are in play, we end up calling
01857         # response._unauthorized(), which sets '.challenger' on
01858         # response
01859         self.failUnless(isinstance(response.challenger, FauxResponse))
01860 
01861     def test_challenge( self ):
01862         from Products.PluggableAuthService.interfaces.plugins \
01863              import IChallengePlugin
01864         plugins = self._makePlugins()
01865         zcuf = self._makeOne( plugins )
01866         challenger = self._makeChallengePlugin('challenger', DummyChallenger)
01867         zcuf._setObject( 'challenger', challenger )
01868         plugins = zcuf._getOb( 'plugins' )
01869         plugins.activatePlugin( IChallengePlugin, 'challenger' )
01870 
01871         response = FauxResponse()
01872         request = self._makeRequest(RESPONSE=response)
01873         zcuf.REQUEST = request
01874 
01875         # First call the userfolders before_traverse hook, to set things up:
01876         zcuf(self, request)
01877         # Call unauthorized to make sure Unauthorized is raised.
01878         self.failUnlessRaises( Unauthorized, response.unauthorized)
01879         # Since we have one challenger in play, we end up calling
01880         # PluggableAuthService._unauthorized(), which allows the
01881         # challengers to play. DummyChallenger sets '.challenger' on
01882         # response
01883         self.failUnless(isinstance(response.challenger, DummyChallenger))
01884 
01885     def test_daisy_chain_challenge(self):
01886         # make sure that nested PASes each get a chance to challenge a
01887         # given response
01888         from Products.PluggableAuthService.interfaces.plugins \
01889              import IChallengePlugin
01890         rc, root, folder, object = self._makeTree()
01891         response = FauxResponse()
01892         request = self._makeRequest(RESPONSE=response)
01893         root.REQUEST =  request
01894 
01895         plugins = self._makePlugins()
01896         zcuf = self._makeOne(plugins)
01897         root._setObject( 'acl_users', zcuf )
01898         zcuf = root._getOb('acl_users')
01899 
01900         challenger = self._makeChallengePlugin('challenger', DummyChallenger)
01901         zcuf._setObject( 'challenger', challenger )
01902         zcuf.plugins.activatePlugin( IChallengePlugin, 'challenger' )
01903 
01904         # Emulate publishing traverse through the root
01905         zcuf(root, request)
01906 
01907         inner_plugins = self._makePlugins()
01908         inner_zcuf = self._makeOne(inner_plugins)
01909         folder._setObject('acl_users', inner_zcuf)
01910         inner_zcuf = folder._getOb('acl_users')
01911 
01912         bad_challenger = self._makeChallengePlugin('bad_challenger',
01913                                                    DummyBadChallenger)
01914         inner_zcuf._setObject( 'bad_challenger', bad_challenger )
01915         inner_zcuf.plugins.activatePlugin( IChallengePlugin, 'bad_challenger' )
01916 
01917         # Emulate publishing traverse through the subfolder
01918         inner_zcuf(folder, request)
01919 
01920         # Call unauthorized to make sure Unauthorized is raised.
01921         self.failUnlessRaises(Unauthorized, response.unauthorized)
01922 
01923         # Since we have two challengers in play, we end up calling
01924         # PluggableAuthService._unauthorized(), which allows the
01925         # challengers to play. DummyChallenger sets '.challenger' on
01926         # response
01927         self.failUnless(isinstance(response.challenger, DummyChallenger))
01928 
01929     def test_challenge_multi_protocols( self ):
01930         from Products.PluggableAuthService.interfaces.plugins \
01931              import IChallengePlugin
01932         plugins = self._makePlugins()
01933         zcuf = self._makeOne( plugins )
01934 
01935         dasher = self._makeChallengePlugin('dasher', DummyReindeerChallenger)
01936         dasher.protocol = "Reindeer Games Participant"
01937         zcuf._setObject( 'dasher', dasher )
01938 
01939         dancer = self._makeChallengePlugin('dancer', DummyReindeerChallenger)
01940         dancer.protocol = "Reindeer Games Participant"
01941         zcuf._setObject( 'dancer', dancer )
01942 
01943         rudolph = self._makeChallengePlugin('rudolph', DummyReindeerChallenger)
01944         rudolph.protocol = ("They never let poor Rudolph..."
01945                             " join in any Reindeer Games")
01946         zcuf._setObject( 'rudolph', rudolph )
01947 
01948         plugins = zcuf._getOb( 'plugins' )
01949         plugins.activatePlugin( IChallengePlugin, 'dasher' )
01950         plugins.activatePlugin( IChallengePlugin, 'dancer' )
01951         plugins.activatePlugin( IChallengePlugin, 'rudolph' )
01952 
01953         response = FauxResponse()
01954         request = self._makeRequest(RESPONSE=response)
01955         zcuf.REQUEST = request
01956 
01957         # First call the userfolders before_traverse hook, to set things up:
01958         zcuf(self, request)
01959 
01960         # Call unauthorized to make sure Unauthorized is raised.
01961         self.failUnlessRaises( Unauthorized, response.unauthorized)
01962 
01963         # Since we have multiple challengers in play, we end up
01964         # calling PluggableAuthService._unauthorized(), which allows
01965         # the challengers to play. However, because of the ordering of
01966         # the plugins, only "Reindeer Games Participant" challengers
01967         # will play
01968         self.assertEqual(response.reindeer_games, ['dasher', 'dancer'])
01969 
01970     def test_dont_call_challenge_twice(self):
01971         from Products.PluggableAuthService.interfaces.plugins \
01972              import IChallengePlugin
01973         plugins = self._makePlugins()
01974         zcuf = self._makeOne( plugins )
01975 
01976         counter = self._makeChallengePlugin('counter', DummyCounterChallenger)
01977         zcuf._setObject( 'counter', counter )
01978 
01979         plugins = zcuf._getOb( 'plugins' )
01980         plugins.activatePlugin( IChallengePlugin, 'counter' )
01981 
01982         response = FauxResponse()
01983         request = self._makeRequest(RESPONSE=response)
01984         zcuf.REQUEST = request
01985 
01986         zcuf(self, request)
01987 
01988         self.failUnlessRaises(Unauthorized, response.unauthorized)
01989 
01990         self.assertEqual(counter.count, 1)
01991 
01992     def test_logout(self):
01993         from Products.PluggableAuthService.interfaces.plugins \
01994              import IExtractionPlugin, \
01995                     ICredentialsUpdatePlugin, \
01996                     ICredentialsResetPlugin
01997         plugins = self._makePlugins()
01998         zcuf = self._makeOne(plugins)
01999         creds_store = DummyCredentialsStore('creds')
02000         zcuf._setObject('creds', creds_store)
02001         creds_store = zcuf._getOb('creds')
02002 
02003         plugins = zcuf._getOb('plugins')
02004         directlyProvides( creds_store
02005                         , IExtractionPlugin
02006                         , ICredentialsUpdatePlugin
02007                         , ICredentialsResetPlugin
02008                         )
02009         plugins.activatePlugin(IExtractionPlugin, 'creds')
02010         plugins.activatePlugin(ICredentialsUpdatePlugin, 'creds')
02011         plugins.activatePlugin(ICredentialsResetPlugin, 'creds')
02012 
02013         response = FauxResponse()
02014         request = self._makeRequest(RESPONSE=response)
02015         zcuf.REQUEST = request
02016 
02017         # Put a user in the credentials store
02018         creds_store.updateCredentials(request, response, 'foo', 'bar')
02019         request['login'] = 'foo'
02020         request['HTTP_REFERER'] = ''
02021         extracted = creds_store.extractCredentials(request)
02022         self.failIf(len(extracted.keys()) == 0)
02023 
02024         # Now call the logout method - the credentials should go away
02025         newSecurityManager(None, FauxUser('foo', 'foo'))
02026         zcuf.logout(request)
02027         extracted = creds_store.extractCredentials(request)
02028         self.failUnless(len(extracted.keys()) == 0)
02029 
02030 if __name__ == "__main__":
02031     unittest.main()
02032 
02033 def test_suite():
02034     return unittest.TestSuite((
02035         unittest.makeSuite( PluggableAuthServiceTests ),
02036         ))