Source Code for Module repoze.who.plugins.tests.test_authtkt

  1  import unittest 
  2   
  3 -class TestAuthTktCookiePlugin(unittest.TestCase): 
  4      tempdir = None 
  5      _now_testing = None 
  6   
  7 -    def setUp(self): 
  8          pass 
  9   
 10 -    def tearDown(self): 
 11          if self.tempdir is not None: 
 12              import shutil 
 13              shutil.rmtree(self.tempdir) 
 14          if self._now_testing is not None: 
 15              self._setNowTesting(self._now_testing) 
 16   
 17 -    def _getTargetClass(self): 
 18          from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin 
 19          return AuthTktCookiePlugin 
 20   
 21 -    def _makeEnviron(self, kw=None): 
 22          environ = {'wsgi.version': (1,0)} 
 23          if kw is not None: 
 24              environ.update(kw) 
 25          environ['REMOTE_ADDR'] = '1.1.1.1' 
 26          environ['SERVER_NAME'] = 'localhost' 
 27          return environ 
 28   
 29 -    def _makeOne(self, *arg, **kw): 
 30          plugin = self._getTargetClass()(*arg, **kw) 
 31          return plugin 
 32   
 33 -    def _makeTicket(self, userid='userid', remote_addr='0.0.0.0', 
 34                      tokens = [], userdata='userdata', 
 35                      cookie_name='auth_tkt', secure=False, 
 36                      time=None): 
 37          from paste.auth import auth_tkt 
 38          ticket = auth_tkt.AuthTicket( 
 39              'secret', 
 40              userid, 
 41              remote_addr, 
 42              tokens=tokens, 
 43              user_data=userdata, 
 44              time=time, 
 45              cookie_name=cookie_name, 
 46              secure=secure) 
 47          return ticket.cookie_value() 
 48   
 49 -    def _setNowTesting(self, value): 
 50          from repoze.who.plugins import auth_tkt 
 51          auth_tkt._NOW_TESTING, self._now_testing = value, auth_tkt._NOW_TESTING 
 52   
 53 -    def test_implements(self): 
 54          from zope.interface.verify import verifyClass 
 55          from repoze.who.interfaces import IIdentifier 
 56          klass = self._getTargetClass() 
 57          verifyClass(IIdentifier, klass) 
 58   
 59 -    def test_identify_nocookie(self): 
 60          plugin = self._makeOne('secret') 
 61          environ = self._makeEnviron() 
 62          result = plugin.identify(environ) 
 63          self.assertEqual(result, None) 
 64           
 65 -    def test_identify_good_cookie_include_ip(self): 
 66          plugin = self._makeOne('secret', include_ip=True) 
 67          val = self._makeTicket(remote_addr='1.1.1.1') 
 68          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
 69          result = plugin.identify(environ) 
 70          self.assertEqual(len(result), 4) 
 71          self.assertEqual(result['tokens'], ['']) 
 72          self.assertEqual(result['repoze.who.userid'], 'userid') 
 73          self.assertEqual(result['userdata'], 'userdata') 
 74          self.failUnless('timestamp' in result) 
 75          self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) 
 76          self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') 
 77          self.assertEqual(environ['AUTH_TYPE'],'cookie') 
 78   
 79 -    def test_identify_good_cookie_dont_include_ip(self): 
 80          plugin = self._makeOne('secret', include_ip=False) 
 81          val = self._makeTicket() 
 82          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
 83          result = plugin.identify(environ) 
 84          self.assertEqual(len(result), 4) 
 85          self.assertEqual(result['tokens'], ['']) 
 86          self.assertEqual(result['repoze.who.userid'], 'userid') 
 87          self.assertEqual(result['userdata'], 'userdata') 
 88          self.failUnless('timestamp' in result) 
 89          self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) 
 90          self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') 
 91          self.assertEqual(environ['AUTH_TYPE'],'cookie') 
 92   
 93 -    def test_identify_good_cookie_int_useridtype(self): 
 94          plugin = self._makeOne('secret', include_ip=False) 
 95          val = self._makeTicket(userid='1', userdata='userid_type:int') 
 96          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
 97          result = plugin.identify(environ) 
 98          self.assertEqual(len(result), 4) 
 99          self.assertEqual(result['tokens'], ['']) 
100          self.assertEqual(result['repoze.who.userid'], 1) 
101          self.assertEqual(result['userdata'], 'userid_type:int') 
102          self.failUnless('timestamp' in result) 
103          self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) 
104          self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int') 
105          self.assertEqual(environ['AUTH_TYPE'],'cookie') 
106   
107 -    def test_identify_good_cookie_unknown_useridtype(self): 
108          plugin = self._makeOne('secret', include_ip=False) 
109          val = self._makeTicket(userid='userid', userdata='userid_type:unknown') 
110          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
111          result = plugin.identify(environ) 
112          self.assertEqual(len(result), 4) 
113          self.assertEqual(result['tokens'], ['']) 
114          self.assertEqual(result['repoze.who.userid'], 'userid') 
115          self.assertEqual(result['userdata'], 'userid_type:unknown') 
116          self.failUnless('timestamp' in result) 
117          self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) 
118          self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown') 
119          self.assertEqual(environ['AUTH_TYPE'],'cookie') 
120   
121 -    def test_identify_bad_cookie(self): 
122          plugin = self._makeOne('secret', include_ip=True) 
123          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'}) 
124          result = plugin.identify(environ) 
125          self.assertEqual(result, None) 
126       
127 -    def test_identify_bad_cookie_expired(self): 
128          import time 
129          plugin = self._makeOne('secret', timeout=2, reissue_time=1) 
130          val = self._makeTicket(userid='userid', time=time.time()-3) 
131          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
132          result = plugin.identify(environ) 
133          self.assertEqual(result, None) 
134   
135 -    def test_remember_creds_same(self): 
136          plugin = self._makeOne('secret') 
137          val = self._makeTicket(userid='userid') 
138          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
139          result = plugin.remember(environ, {'repoze.who.userid':'userid', 
140                                             'userdata':'userdata'}) 
141          self.assertEqual(result, None) 
142   
143 -    def test_remember_creds_different(self): 
144          plugin = self._makeOne('secret') 
145          old_val = self._makeTicket(userid='userid') 
146          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
147          new_val = self._makeTicket(userid='other', userdata='userdata') 
148          result = plugin.remember(environ, {'repoze.who.userid':'other', 
149                                             'userdata':'userdata'}) 
150          self.assertEqual(len(result), 3) 
151          self.assertEqual(result[0], 
152                           ('Set-Cookie', 
153                            'auth_tkt="%s"; Path=/' % new_val)) 
154          self.assertEqual(result[1], 
155                           ('Set-Cookie', 
156                             'auth_tkt="%s"; Path=/; Domain=localhost' 
157                              % new_val)) 
158          self.assertEqual(result[2], 
159                           ('Set-Cookie', 
160                             'auth_tkt="%s"; Path=/; Domain=.localhost' 
161                              % new_val)) 
162   
163 -    def test_remember_creds_different_include_ip(self): 
164          plugin = self._makeOne('secret', include_ip=True) 
165          old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1') 
166          environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val}) 
167          new_val = self._makeTicket(userid='other', 
168                                     userdata='userdata', 
169                                     remote_addr='1.1.1.1') 
170          result = plugin.remember(environ, {'repoze.who.userid':'other', 
171                                             'userdata':'userdata'}) 
172          self.assertEqual(len(result), 3) 
173          self.assertEqual(result[0], 
174                           ('Set-Cookie', 
175                            'auth_tkt="%s"; Path=/' % new_val)) 
176          self.assertEqual(result[1], 
177                           ('Set-Cookie', 
178                             'auth_tkt="%s"; Path=/; Domain=localhost' 
179                              % new_val)) 
180          self.assertEqual(result[2], 
181                           ('Set-Cookie', 
182                             'auth_tkt="%s"; Path=/; Domain=.localhost' 
183                              % new_val)) 
184   
185 -    def test_remember_creds_different_bad_old_cookie(self): 
186          plugin = self._makeOne('secret') 
187          old_val = 'BOGUS' 
188          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
189          new_val = self._makeTicket(userid='other', userdata='userdata') 
190          result = plugin.remember(environ, {'repoze.who.userid':'other', 
191                                             'userdata':'userdata'}) 
192          self.assertEqual(len(result), 3) 
193          self.assertEqual(result[0], 
194                           ('Set-Cookie', 
195                            'auth_tkt="%s"; Path=/' % new_val)) 
196          self.assertEqual(result[1], 
197                           ('Set-Cookie', 
198                             'auth_tkt="%s"; Path=/; Domain=localhost' 
199                              % new_val)) 
200          self.assertEqual(result[2], 
201                           ('Set-Cookie', 
202                             'auth_tkt="%s"; Path=/; Domain=.localhost' 
203                              % new_val)) 
204   
205 -    def test_remember_creds_different_with_nonstring_tokens(self): 
206          plugin = self._makeOne('secret') 
207          old_val = self._makeTicket(userid='userid') 
208          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
209          new_val = self._makeTicket(userid='other', 
210                                     userdata='userdata', 
211                                     tokens='foo,bar', 
212                                    ) 
213          result = plugin.remember(environ, {'repoze.who.userid': 'other', 
214                                             'userdata': 'userdata', 
215                                             'tokens': ['foo', 'bar'], 
216                                            }) 
217          self.assertEqual(len(result), 3) 
218          self.assertEqual(result[0], 
219                           ('Set-Cookie', 
220                            'auth_tkt="%s"; Path=/' % new_val)) 
221          self.assertEqual(result[1], 
222                           ('Set-Cookie', 
223                             'auth_tkt="%s"; Path=/; Domain=localhost' 
224                              % new_val)) 
225          self.assertEqual(result[2], 
226                           ('Set-Cookie', 
227                             'auth_tkt="%s"; Path=/; Domain=.localhost' 
228                              % new_val)) 
229   
230 -    def test_remember_creds_different_int_userid(self): 
231          plugin = self._makeOne('secret') 
232          old_val = self._makeTicket(userid='userid') 
233          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
234          new_val = self._makeTicket(userid='1', userdata='userid_type:int') 
235          result = plugin.remember(environ, {'repoze.who.userid':1, 
236                                             'userdata':''}) 
237           
238          self.assertEqual(len(result), 3) 
239          self.assertEqual(result[0], 
240                           ('Set-Cookie', 
241                            'auth_tkt="%s"; Path=/' % new_val)) 
242   
243 -    def test_remember_creds_different_long_userid(self): 
244          plugin = self._makeOne('secret') 
245          old_val = self._makeTicket(userid='userid') 
246          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
247          new_val = self._makeTicket(userid='1', userdata='userid_type:int') 
248          result = plugin.remember(environ, {'repoze.who.userid':long(1), 
249                                             'userdata':''}) 
250          self.assertEqual(len(result), 3) 
251          self.assertEqual(result[0], 
252                           ('Set-Cookie', 
253                            'auth_tkt="%s"; Path=/' % new_val)) 
254   
255 -    def test_remember_creds_different_unicode_userid(self): 
256          plugin = self._makeOne('secret') 
257          old_val = self._makeTicket(userid='userid') 
258          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
259          userid = unicode('\xc2\xa9', 'utf-8') 
260          new_val = self._makeTicket(userid=userid.encode('utf-8'), 
261                                     userdata='userid_type:unicode') 
262          result = plugin.remember(environ, {'repoze.who.userid':userid, 
263                                             'userdata':''}) 
264          self.assertEqual(type(result[0][1]), str) 
265          self.assertEqual(len(result), 3) 
266          self.assertEqual(result[0], 
267                           ('Set-Cookie', 
268                            'auth_tkt="%s"; Path=/' % new_val)) 
269   
270 -    def test_remember_creds_reissue(self): 
271          import time 
272          plugin = self._makeOne('secret', reissue_time=1) 
273          old_val = self._makeTicket(userid='userid', userdata='', 
274                                     time=time.time()-2) 
275          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) 
276          new_val = self._makeTicket(userid='userid', userdata='') 
277          result = plugin.remember(environ, {'repoze.who.userid':'userid', 
278                                             'userdata':''}) 
279          self.assertEqual(type(result[0][1]), str) 
280          self.assertEqual(len(result), 3) 
281          self.assertEqual(result[0], 
282                           ('Set-Cookie', 
283                            'auth_tkt="%s"; Path=/' % new_val)) 
284   
285 -    def test_forget(self): 
286          from datetime import datetime 
287          now = datetime(2009, 11, 5, 16, 15, 22) 
288          self._setNowTesting(now) 
289          plugin = self._makeOne('secret') 
290          environ = self._makeEnviron() 
291          headers = plugin.forget(environ, None) 
292          self.assertEqual(len(headers), 3) 
293          header = headers[0] 
294          name, value = header 
295          self.assertEqual(name, 'Set-Cookie') 
296          self.assertEqual(value, 
297                           'auth_tkt="INVALID"; Path=/; ' 
298                           'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' 
299                           ) 
300          header = headers[1] 
301          name, value = header 
302          self.assertEqual(name, 'Set-Cookie') 
303          self.assertEqual(value, 
304                           'auth_tkt="INVALID"; Path=/; Domain=localhost; ' 
305                           'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' 
306                           ) 
307          header = headers[2] 
308          name, value = header 
309          self.assertEqual(name, 'Set-Cookie') 
310          self.assertEqual(value, 
311                           'auth_tkt="INVALID"; Path=/; Domain=.localhost; ' 
312                           'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22' 
313                          ) 
314   
315 -    def test_factory_wo_secret_wo_secretfile_raises_ValueError(self): 
316          from repoze.who.plugins.auth_tkt import make_plugin 
317          self.assertRaises(ValueError, make_plugin) 
318   
319 -    def test_factory_w_secret_w_secretfile_raises_ValueError(self): 
320          from repoze.who.plugins.auth_tkt import make_plugin 
321          self.assertRaises(ValueError, make_plugin, 'secret', 'secretfile') 
322   
323 -    def test_factory_w_bad_secretfile_raises_ValueError(self): 
324          from repoze.who.plugins.auth_tkt import make_plugin 
325          self.assertRaises(ValueError, make_plugin, secretfile='nonesuch.txt') 
326   
327 -    def test_factory_w_secret(self): 
328          from repoze.who.plugins.auth_tkt import make_plugin 
329          plugin = make_plugin('secret') 
330          self.assertEqual(plugin.cookie_name, 'auth_tkt') 
331          self.assertEqual(plugin.secret, 'secret') 
332          self.assertEqual(plugin.include_ip, False) 
333          self.assertEqual(plugin.secure, False) 
334   
335 -    def test_factory_w_secretfile(self): 
336          import os 
337          from tempfile import mkdtemp 
338          from repoze.who.plugins.auth_tkt import make_plugin 
339          tempdir = self.tempdir = mkdtemp() 
340          path = os.path.join(tempdir, 'who.secret') 
341          secret = open(path, 'w') 
342          secret.write('s33kr1t\n') 
343          secret.flush() 
344          secret.close() 
345          plugin = make_plugin(secretfile=path) 
346          self.assertEqual(plugin.secret, 's33kr1t') 
347   
348 -    def test_factory_with_timeout_and_reissue_time(self): 
349          from repoze.who.plugins.auth_tkt import make_plugin 
350          plugin = make_plugin('secret', timeout=5, reissue_time=1) 
351          self.assertEqual(plugin.timeout, 5) 
352          self.assertEqual(plugin.reissue_time, 1) 
353   
354 -    def test_factory_with_userid_checker(self): 
355          from repoze.who.plugins.auth_tkt import make_plugin 
356          plugin = make_plugin( 
357              'secret', 
358              userid_checker='repoze.who.plugins.auth_tkt:make_plugin') 
359          self.assertEqual(plugin.userid_checker, make_plugin) 
360   
361 -    def test_timeout_no_reissue(self): 
362          self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1) 
363   
364 -    def test_timeout_lower_than_reissue(self): 
365          self.assertRaises(ValueError, self._makeOne, 'userid', timeout=1, 
366                            reissue_time=2) 
367   
368 -    def test_identify_with_checker_and_existing_account(self): 
369          plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) 
370          val = self._makeTicket(userid='existing') 
371          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
372          result = plugin.identify(environ) 
373          self.assertEqual(len(result), 4) 
374          self.assertEqual(result['tokens'], ['']) 
375          self.assertEqual(result['repoze.who.userid'], 'existing') 
376          self.assertEqual(result['userdata'], 'userdata') 
377          self.failUnless('timestamp' in result) 
378          self.assertEqual(environ['REMOTE_USER_TOKENS'], ['']) 
379          self.assertEqual(environ['REMOTE_USER_DATA'],'userdata') 
380          self.assertEqual(environ['AUTH_TYPE'],'cookie') 
381       
382 -    def test_identify_with_checker_and_non_existing_account(self): 
383          plugin = self._makeOne('secret', userid_checker=dummy_userid_checker) 
384          val = self._makeTicket(userid='nonexisting') 
385          environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val}) 
386          original_environ = environ.copy() 
387          result = plugin.identify(environ) 
388          self.assertEqual(result, None) 
389          # The environ must not have been modified, excuding the paste.cookies 
390          # variable: 
391          del environ['paste.cookies'] 
392          self.assertEqual(environ, original_environ) 
393   
394 -    def test_remember_max_age(self): 
395          plugin = self._makeOne('secret') 
396          environ = {'HTTP_HOST':'example.com'} 
397           
398          tkt = self._makeTicket(userid='chris', userdata='') 
399          result = plugin.remember(environ, {'repoze.who.userid':'chris', 
400                                             'max_age':'500'}) 
401           
402          name,value = result.pop(0) 
403          self.assertEqual('Set-Cookie', name) 
404          self.failUnless( 
405              value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt), 
406              value) 
407          self.failUnless('; Expires=' in value) 
408           
409          name,value = result.pop(0) 
410          self.assertEqual('Set-Cookie', name) 
411          self.failUnless( 
412              value.startswith( 
413              'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500' 
414              % tkt), value) 
415          self.failUnless('; Expires=' in value) 
416   
417          name,value = result.pop(0) 
418          self.assertEqual('Set-Cookie', name) 
419          self.failUnless( 
420              value.startswith( 
421              'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt), 
422              value) 
423          self.failUnless('; Expires=' in value) 
424   
425   
426 -def dummy_userid_checker(userid): 
427      return userid == 'existing' 
428