Commit 82235674 authored by Vincent Pelletier's avatar Vincent Pelletier

test: migrate to ERP5 Login authentication.

parent e3f117a8
...@@ -12,7 +12,6 @@ if person is None: ...@@ -12,7 +12,6 @@ if person is None:
title=functional_test_username) title=functional_test_username)
person.edit(reference=functional_test_username, person.edit(reference=functional_test_username,
password=howto_dict['functional_test_user_password'],
default_email_text=howto_dict['functional_test_user_email']) default_email_text=howto_dict['functional_test_user_email'])
person.validate() person.validate()
...@@ -23,6 +22,13 @@ if person is None: ...@@ -23,6 +22,13 @@ if person is None:
function='company/manager') function='company/manager')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference=functional_test_username,
password=howto_dict['functional_test_user_password'],
)
login.validate()
# XXX (lucas): These tests must be able to run on an instance without security. # XXX (lucas): These tests must be able to run on an instance without security.
for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'): for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'):
portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId()) portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId())
......
...@@ -12,7 +12,6 @@ if person is None: ...@@ -12,7 +12,6 @@ if person is None:
title=functional_test_username) title=functional_test_username)
person.edit(reference=functional_test_username, person.edit(reference=functional_test_username,
password=howto_dict['functional_test_user_password'],
default_email_text=howto_dict['functional_test_user_email']) default_email_text=howto_dict['functional_test_user_email'])
person.validate() person.validate()
...@@ -23,6 +22,13 @@ if person is None: ...@@ -23,6 +22,13 @@ if person is None:
function='company/manager') function='company/manager')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference=functional_test_username,
password=howto_dict['functional_test_user_password'],
)
login.validate()
# XXX (lucas): These tests must be able to run on an instance without security. # XXX (lucas): These tests must be able to run on an instance without security.
for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'): for role in ('Assignee', 'Assignor', 'Associate', 'Auditor', 'Owner'):
portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId()) portal.acl_users.zodb_roles.assignRoleToPrincipal(role, person.Person_getUserId())
......
...@@ -11,10 +11,15 @@ else: ...@@ -11,10 +11,15 @@ else:
person = person_module.newContent(portal_type="Person", person = person_module.newContent(portal_type="Person",
reference=user_id, reference=user_id,
id=user_id, id=user_id,
password=new_password,
default_email_text="userA@example.invalid") default_email_text="userA@example.invalid")
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference=user_id,
password=new_password,
)
login.validate()
# Make sure always a new password # Make sure always a new password
person.setPassword(new_password) person.setPassword(new_password)
......
...@@ -27,7 +27,7 @@ if not portal.person_module.has_key('test_webmaster'): ...@@ -27,7 +27,7 @@ if not portal.person_module.has_key('test_webmaster'):
else: else:
person = portal.person_module.test_webmaster person = portal.person_module.test_webmaster
person.edit(first_name='Test', last_name='Webmaster', person.edit(first_name='Test', last_name='Webmaster',
reference='test_webmaster', password='test_webmaster') reference='test_webmaster')
person.setRole('internal') person.setRole('internal')
if not len(person.objectValues(portal_type='Assignment')): if not len(person.objectValues(portal_type='Assignment')):
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
...@@ -36,6 +36,13 @@ if not len(person.objectValues(portal_type='Assignment')): ...@@ -36,6 +36,13 @@ if not len(person.objectValues(portal_type='Assignment')):
stop_date=DateTime('2990/12/31')) stop_date=DateTime('2990/12/31'))
if assignment.getValidationState() != 'open': if assignment.getValidationState() != 'open':
assignment.open() assignment.open()
if not len(person.objectValues(portal_type='ERP5 Login')):
login = person.newContent(
portal_type='ERP5 Login',
reference='test_webmaster',
password='test_webmaster',
)
login.validate()
if person.getValidationState() != 'validated': if person.getValidationState() != 'validated':
person.validate() person.validate()
......
...@@ -51,6 +51,11 @@ class TestUNGSecurity(ERP5TypeTestCase): ...@@ -51,6 +51,11 @@ class TestUNGSecurity(ERP5TypeTestCase):
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.setFunction("function/ung_user") assignment.setFunction("function/ung_user")
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='ung_user',
)
login.validate()
self.tic() self.tic()
def testERP5Site_createNewWebDocumentAsAnonymous(self): def testERP5Site_createNewWebDocumentAsAnonymous(self):
...@@ -82,6 +87,11 @@ class TestUNGSecurity(ERP5TypeTestCase): ...@@ -82,6 +87,11 @@ class TestUNGSecurity(ERP5TypeTestCase):
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.setFunction("function/ung_user") assignment.setFunction("function/ung_user")
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='ung_user2',
)
login.validate()
self.tic() self.tic()
self.loginByUserName("ung_user") self.loginByUserName("ung_user")
self.changeSkin("UNGDoc") self.changeSkin("UNGDoc")
...@@ -175,6 +185,11 @@ class TestUNGSecurity(ERP5TypeTestCase): ...@@ -175,6 +185,11 @@ class TestUNGSecurity(ERP5TypeTestCase):
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.setFunction("function/ung_user") assignment.setFunction("function/ung_user")
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='ung_user2',
)
login.validate()
self.tic() self.tic()
self.loginByUserName("ung_user") self.loginByUserName("ung_user")
self.changeSkin("UNGDoc") self.changeSkin("UNGDoc")
......
...@@ -133,10 +133,12 @@ class TestUNG(ERP5TypeTestCase): ...@@ -133,10 +133,12 @@ class TestUNG(ERP5TypeTestCase):
reference="ung_new_user") reference="ung_new_user")
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference=person.getReference()).validate()
person = portal.person_module.newContent(portal_type='Person', person = portal.person_module.newContent(portal_type='Person',
reference="ung_new_user2") reference="ung_new_user2")
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference=person.getReference()).validate()
self.tic() self.tic()
self.loginByUserName("ung_new_user") self.loginByUserName("ung_new_user")
self.changeSkin("UNGDoc") self.changeSkin("UNGDoc")
......
...@@ -52,8 +52,13 @@ class ShaSecurityMixin(object): ...@@ -52,8 +52,13 @@ class ShaSecurityMixin(object):
if person is None: if person is None:
person = self.portal.person_module.newContent(portal_type='Person') person = self.portal.person_module.newContent(portal_type='Person')
person.edit(first_name=reference, person.edit(first_name=reference,
reference=reference, reference=reference)
password=password) login = person.newContent(
portal_type='ERP5 Login',
reference=reference,
password=password,
)
login.validate()
self.tic() self.tic()
create = True create = True
......
...@@ -82,6 +82,7 @@ class TestAccounting_l10n_fr(AccountingTestCase): ...@@ -82,6 +82,7 @@ class TestAccounting_l10n_fr(AccountingTestCase):
default_email_text=self.recipient_email_address) default_email_text=self.recipient_email_address)
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference=self.username).validate()
self.tic() self.tic()
uf = self.portal.acl_users uf = self.portal.acl_users
......
...@@ -126,6 +126,7 @@ class TestBug(ERP5TypeTestCase): ...@@ -126,6 +126,7 @@ class TestBug(ERP5TypeTestCase):
start_date='1980-01-01', start_date='1980-01-01',
stop_date='2099-12-31') stop_date='2099-12-31')
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference='dummy').validate()
self.tic() self.tic()
portal_type_list = [] portal_type_list = []
for portal_type in (self.project_portal_type, for portal_type in (self.project_portal_type,
......
...@@ -50,6 +50,7 @@ class TestCertificateAuthority(ERP5TypeTestCase): ...@@ -50,6 +50,7 @@ class TestCertificateAuthority(ERP5TypeTestCase):
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
reference=login, password=login) reference=login, password=login)
person.newContent(portal_type='Assignment').open() person.newContent(portal_type='Assignment').open()
person.newContent(portal_type='ERP5 Login', reference=login).validate()
self.tic() self.tic()
return login return login
......
...@@ -1167,14 +1167,14 @@ class TestERP5Base(ERP5TypeTestCase): ...@@ -1167,14 +1167,14 @@ class TestERP5Base(ERP5TypeTestCase):
self.tic() self.tic()
# a user is created # a user is created
user = self.portal.acl_users.getUserById('user_login') user = self.portal.acl_users.getUser('user_login')
self.assertNotEquals(None, user) self.assertNotEquals(None, user)
# and this user has a preference created # and this user has a preference created
newSecurityManager(None, user.__of__(self.portal.acl_users)) newSecurityManager(None, user.__of__(self.portal.acl_users))
self.assertNotEquals(None, self.assertNotEquals(None,
self.portal.portal_catalog.getResultValue(portal_type='Preference', self.portal.portal_catalog.getResultValue(portal_type='Preference',
owner='user_login')) owner=user.getId()))
# for his assignent group # for his assignent group
self.assertEqual('group/nexedi', self.assertEqual('group/nexedi',
self.portal.portal_preferences.getPreferredSectionCategory()) self.portal.portal_preferences.getPreferredSectionCategory())
......
...@@ -227,6 +227,7 @@ class TestCommerce(ERP5TypeTestCase): ...@@ -227,6 +227,7 @@ class TestCommerce(ERP5TypeTestCase):
start_date='1972-01-01', stop_date='2999-12-31', start_date='1972-01-01', stop_date='2999-12-31',
group=group, destination_project=destination_project) group=group, destination_project=destination_project)
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference=reference).validate()
self.tic() self.tic()
#XXX: Security hack (lucas) #XXX: Security hack (lucas)
......
...@@ -303,8 +303,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -303,8 +303,7 @@ class TestERP5Credential(ERP5TypeTestCase):
self.portal.ERP5Site_activeLogin(mail_message.getReference()) self.portal.ERP5Site_activeLogin(mail_message.getReference())
self.login() self.login()
self.tic() self.tic()
person = portal_catalog.getResultValue(reference=reference, person = self.portal.acl_users.getUser(reference).getUserValue()
portal_type="Person")
assignment_list = person.objectValues(portal_type="Assignment") assignment_list = person.objectValues(portal_type="Assignment")
self.assertEqual(len(assignment_list), 1) self.assertEqual(len(assignment_list), 1)
assignment = assignment_list[0] assignment = assignment_list[0]
...@@ -380,7 +379,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -380,7 +379,7 @@ class TestERP5Credential(ERP5TypeTestCase):
last_name='Simpson', reference='homie') last_name='Simpson', reference='homie')
self.assertEqual(len(result), 1) self.assertEqual(len(result), 1)
sequence.edit(subscription_request=result[0], sequence.edit(subscription_request=result[0],
person_reference=credential_reference) login_reference=credential_reference)
def stepAcceptSubscriptionRequest(self, sequence=None, sequence_list=None, def stepAcceptSubscriptionRequest(self, sequence=None, sequence_list=None,
**kw): **kw):
...@@ -407,9 +406,9 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -407,9 +406,9 @@ class TestERP5Credential(ERP5TypeTestCase):
# check homie can log in the system # check homie can log in the system
self._assertUserExists('homie', 'secret') self._assertUserExists('homie', 'secret')
self.login('homie') self.loginByUserName('homie')
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
self.assertEqual(getSecurityManager().getUser().getIdOrUserName(), 'homie') self.assertEqual(getSecurityManager().getUser().getUserName(), 'homie')
def stepCreateCredentialUpdate(self, sequence=None, sequence_list=None, **kw): def stepCreateCredentialUpdate(self, sequence=None, sequence_list=None, **kw):
''' '''
...@@ -418,10 +417,9 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -418,10 +417,9 @@ class TestERP5Credential(ERP5TypeTestCase):
''' '''
self.login() self.login()
# get the 'homie' person object # get the 'homie' person object
person_module = self.portal.getDefaultModule('Person') result = self.portal.portal_catalog(portal_type='ERP5 Login', reference='homie')
result = person_module.searchFolder(reference='homie')
self.assertEqual(len(result), 1) self.assertEqual(len(result), 1)
homie = result[0] homie = result[0].getParentValue()
# create a credential update # create a credential update
credential_update_module = self.portal.getDefaultModule(\ credential_update_module = self.portal.getDefaultModule(\
...@@ -453,9 +451,9 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -453,9 +451,9 @@ class TestERP5Credential(ERP5TypeTestCase):
# check that informations on the person object have been updated # check that informations on the person object have been updated
person_module = self.portal.getDefaultModule('Person') person_module = self.portal.getDefaultModule('Person')
related_person_result = person_module.searchFolder(reference='homie') related_login_result = self.portal.portal_catalog(portal_type='ERP5 Login', reference='homie')
self.assertEqual(len(related_person_result), 1) self.assertEqual(len(related_login_result), 1)
related_person = related_person_result[0] related_person = related_login_result[0].getParentValue()
self.assertEqual(related_person.getLastName(), 'Simpsons') self.assertEqual(related_person.getLastName(), 'Simpsons')
self.assertEqual(related_person.getDefaultEmailText(), self.assertEqual(related_person.getDefaultEmailText(),
'homie.simpsons@fox.com') 'homie.simpsons@fox.com')
...@@ -609,7 +607,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -609,7 +607,7 @@ class TestERP5Credential(ERP5TypeTestCase):
sequence.edit(barney=person) sequence.edit(barney=person)
# check barney can log in the system # check barney can log in the system
self._assertUserExists('barney-login', 'secret') self._assertUserExists('barney-login', 'secret')
self.login('barney') self.loginByUserName('barney-login')
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
self.assertEqual(getSecurityManager().getUser().getIdOrUserName(), person.Person_getUserId()) self.assertEqual(getSecurityManager().getUser().getIdOrUserName(), person.Person_getUserId())
...@@ -658,10 +656,10 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -658,10 +656,10 @@ class TestERP5Credential(ERP5TypeTestCase):
self.portal.ERP5Site_newCredentialRecovery( self.portal.ERP5Site_newCredentialRecovery(
default_email_text=default_email_text) default_email_text=default_email_text)
def stepLoginAsCurrentPersonReference(self, sequence=None, def stepLoginAsCurrentLoginReference(self, sequence=None,
sequence_list=None, **kw): sequence_list=None, **kw):
person_reference = sequence["person_reference"] login_reference = sequence["login_reference"]
self.login(person_reference) self.loginByUserName(login_reference)
def stepCreateCredentialUpdateWithERP5Site_newCredentialUpdate(self, def stepCreateCredentialUpdateWithERP5Site_newCredentialUpdate(self,
sequence=None, sequence_list=None, **kw): sequence=None, sequence_list=None, **kw):
...@@ -863,8 +861,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -863,8 +861,7 @@ class TestERP5Credential(ERP5TypeTestCase):
def stepCheckPersonAfterSubscriptionRequest(self, sequence=None, def stepCheckPersonAfterSubscriptionRequest(self, sequence=None,
sequence_list=None, **kw): sequence_list=None, **kw):
self.login() self.login()
person = self.portal.portal_catalog.getResultValue( person = self.portal.acl_users.getUser(sequence['login_reference']).getUserValue()
reference=sequence["person_reference"], portal_type="Person")
self.assertEqual("Homer", person.getFirstName()) self.assertEqual("Homer", person.getFirstName())
self.assertEqual("Simpson", person.getLastName()) self.assertEqual("Simpson", person.getLastName())
self.assertEqual("homer.simpson@fox.com", person.getDefaultEmailText()) self.assertEqual("homer.simpson@fox.com", person.getDefaultEmailText())
...@@ -873,16 +870,14 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -873,16 +870,14 @@ class TestERP5Credential(ERP5TypeTestCase):
def stepSetAuditorRoleToCurrentPerson(self, sequence=None, def stepSetAuditorRoleToCurrentPerson(self, sequence=None,
sequence_list=None, **kw): sequence_list=None, **kw):
person_reference = sequence["person_reference"]
self.login() self.login()
person = self.portal.acl_users.getUser(person_reference).getUserValue() person = self.portal.acl_users.getUser(sequence['login_reference']).getUserValue()
person.manage_setLocalRoles(person.Person_getUserId(), ["Auditor"]) person.manage_setLocalRoles(person.Person_getUserId(), ["Auditor"])
self.logout() self.logout()
def stepCheckPersonAfterUpdatePerson(self, sequence=None, def stepCheckPersonAfterUpdatePerson(self, sequence=None,
sequence_list=None, **kw): sequence_list=None, **kw):
person = self.portal.portal_catalog.getResultValue( person = self.portal.acl_users.getUser(sequence['login_reference']).getUserValue()
reference=sequence["person_reference"], portal_type="Person")
self.assertEqual("tom", person.getFirstName()) self.assertEqual("tom", person.getFirstName())
self.assertEqual("Simpson", person.getLastName()) self.assertEqual("Simpson", person.getLastName())
self.assertEqual("tom@host.com", person.getDefaultEmailText()) self.assertEqual("tom@host.com", person.getDefaultEmailText())
...@@ -1123,8 +1118,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -1123,8 +1118,7 @@ class TestERP5Credential(ERP5TypeTestCase):
self.portal.ERP5Site_activeLogin(mail_message.getReference()) self.portal.ERP5Site_activeLogin(mail_message.getReference())
self.login() self.login()
self.tic() self.tic()
person = portal_catalog.getResultValue(reference="barney", person = self.portal.acl_users.getUser('barney').getUserValue()
portal_type="Person")
assignment_list = person.objectValues(portal_type="Assignment") assignment_list = person.objectValues(portal_type="Assignment")
self.assertNotEquals(assignment_list, []) self.assertNotEquals(assignment_list, [])
self.assertEqual(len(assignment_list), 1) self.assertEqual(len(assignment_list), 1)
...@@ -1233,7 +1227,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -1233,7 +1227,7 @@ class TestERP5Credential(ERP5TypeTestCase):
"stepCheckPersonAfterSubscriptionRequest " \ "stepCheckPersonAfterSubscriptionRequest " \
"SetAuditorRoleToCurrentPerson " \ "SetAuditorRoleToCurrentPerson " \
"SetAssigneeRoleToCurrentPersonInCredentialUpdateModule Tic " \ "SetAssigneeRoleToCurrentPersonInCredentialUpdateModule Tic " \
"LoginAsCurrentPersonReference " \ "LoginAsCurrentLoginReference " \
"CreateCredentialUpdateWithERP5Site_newCredentialUpdate Tic " \ "CreateCredentialUpdateWithERP5Site_newCredentialUpdate Tic " \
"SelectCredentialUpdate " \ "SelectCredentialUpdate " \
"AcceptCredentialUpdate Tic "\ "AcceptCredentialUpdate Tic "\
...@@ -1296,7 +1290,7 @@ class TestERP5Credential(ERP5TypeTestCase): ...@@ -1296,7 +1290,7 @@ class TestERP5Credential(ERP5TypeTestCase):
''' '''
sequence_list = SequenceList() sequence_list = SequenceList()
sequence_string = "CreatePersonWithQuestionUsingCamelCase Tic " \ sequence_string = "CreatePersonWithQuestionUsingCamelCase Tic " \
"LoginAsCurrentPersonReference " \ "LoginAsCurrentLoginReference " \
"CreateCredentialRecoveryWithSensitiveAnswer Tic " \ "CreateCredentialRecoveryWithSensitiveAnswer Tic " \
"AcceptCredentialRecovery Tic " \ "AcceptCredentialRecovery Tic " \
"CheckEmailIsSent Tic "\ "CheckEmailIsSent Tic "\
......
...@@ -67,7 +67,7 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -67,7 +67,7 @@ class TestPasswordTool(ERP5TypeTestCase):
from Products.PluggableAuthService.interfaces.plugins import\ from Products.PluggableAuthService.interfaces.plugins import\
IAuthenticationPlugin IAuthenticationPlugin
uf = self.getUserFolder() uf = self.getUserFolder()
self.assertNotEquals(uf.getUserById(login, None), None) self.assertNotEquals(uf.getUser(login), None)
for plugin_name, plugin in uf._getOb('plugins').listPlugins( for plugin_name, plugin in uf._getOb('plugins').listPlugins(
IAuthenticationPlugin ): IAuthenticationPlugin ):
if plugin.authenticateCredentials( if plugin.authenticateCredentials(
...@@ -98,10 +98,15 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -98,10 +98,15 @@ class TestPasswordTool(ERP5TypeTestCase):
""" """
person = self.portal.person_module.newContent(portal_type="Person", person = self.portal.person_module.newContent(portal_type="Person",
reference="userA", reference="userA",
password="passwordA",
default_email_text="userA@example.invalid") default_email_text="userA@example.invalid")
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='userA-login',
password='passwordA',
)
login.validate()
def stepCheckPasswordToolExists(self, sequence=None, sequence_list=None, **kw): def stepCheckPasswordToolExists(self, sequence=None, sequence_list=None, **kw):
""" """
...@@ -113,13 +118,13 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -113,13 +118,13 @@ class TestPasswordTool(ERP5TypeTestCase):
""" """
Check existence of password tool Check existence of password tool
""" """
self._assertUserExists('userA', 'passwordA') self._assertUserExists('userA-login', 'passwordA')
def stepCheckUserLoginWithNewPassword(self, sequence=None, sequence_list=None, **kw): def stepCheckUserLoginWithNewPassword(self, sequence=None, sequence_list=None, **kw):
""" """
Check existence of password tool Check existence of password tool
""" """
self._assertUserExists('userA', 'secret') self._assertUserExists('userA-login', 'secret')
def stepCheckUserNotLoginWithBadPassword(self, sequence=None, sequence_list=None, **kw): def stepCheckUserNotLoginWithBadPassword(self, sequence=None, sequence_list=None, **kw):
""" """
...@@ -137,13 +142,13 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -137,13 +142,13 @@ class TestPasswordTool(ERP5TypeTestCase):
""" """
Required a new password Required a new password
""" """
self.portal.portal_password.mailPasswordResetRequest(user_login="userA") self.portal.portal_password.mailPasswordResetRequest(user_login="userA-login")
def stepTryLostPasswordWithBadUser(self, sequence=None, sequence_list=None, **kw): def stepTryLostPasswordWithBadUser(self, sequence=None, sequence_list=None, **kw):
""" """
Required a new password Required a new password
""" """
self.portal.portal_password.mailPasswordResetRequest(user_login="userZ") self.portal.portal_password.mailPasswordResetRequest(user_login="userZ-login")
def stepCheckNoMailSent(self, sequence=None, sequence_list=None, **kw): def stepCheckNoMailSent(self, sequence=None, sequence_list=None, **kw):
""" """
...@@ -169,7 +174,7 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -169,7 +174,7 @@ class TestPasswordTool(ERP5TypeTestCase):
But random is also check by changeUserPassword, so it's the same But random is also check by changeUserPassword, so it's the same
""" """
key = self.portal.portal_password._password_request_dict.keys()[0] key = self.portal.portal_password._password_request_dict.keys()[0]
self.portal.portal_password.changeUserPassword(user_login="userA", self.portal.portal_password.changeUserPassword(user_login="userA-login",
password="secret", password="secret",
password_confirmation="secret", password_confirmation="secret",
password_key=key) password_key=key)
...@@ -183,7 +188,7 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -183,7 +188,7 @@ class TestPasswordTool(ERP5TypeTestCase):
""" """
key = self.portal.portal_password._password_request_dict.keys()[0] key = self.portal.portal_password._password_request_dict.keys()[0]
sequence.edit(key=key) sequence.edit(key=key)
self.portal.portal_password.changeUserPassword(user_login="userZ", self.portal.portal_password.changeUserPassword(user_login="userZ-login",
password="secret", password="secret",
password_confirmation="secret", password_confirmation="secret",
password_key=key) password_key=key)
...@@ -195,7 +200,7 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -195,7 +200,7 @@ class TestPasswordTool(ERP5TypeTestCase):
As we already change password, this must npot work anylonger As we already change password, this must npot work anylonger
""" """
key = sequence.get('key') key = sequence.get('key')
self.portal.portal_password.changeUserPassword(user_login="userA", self.portal.portal_password.changeUserPassword(user_login="userA-login",
password="passwordA", password="passwordA",
password_confirmation="passwordA", password_confirmation="passwordA",
password_key=key) password_key=key)
...@@ -206,7 +211,7 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -206,7 +211,7 @@ class TestPasswordTool(ERP5TypeTestCase):
""" """
Try to reset a password with bad random part Try to reset a password with bad random part
""" """
self.portal.portal_password.changeUserPassword(user_login="userA", self.portal.portal_password.changeUserPassword(user_login="userA-login",
password="secret", password="secret",
password_confirmation="secret", password_confirmation="secret",
password_key="toto") password_key="toto")
...@@ -302,108 +307,128 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -302,108 +307,128 @@ class TestPasswordTool(ERP5TypeTestCase):
def test_two_concurrent_password_reset(self): def test_two_concurrent_password_reset(self):
personA = self.portal.person_module.newContent(portal_type="Person", personA = self.portal.person_module.newContent(portal_type="Person",
reference="userA", reference="userA",
password="passwordA",
default_email_text="userA@example.invalid") default_email_text="userA@example.invalid")
assignment = personA.newContent(portal_type='Assignment') assignment = personA.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = personA.newContent(
portal_type='ERP5 Login',
reference='userA-login',
password='passwordA',
)
login.validate()
personB = self.portal.person_module.newContent(portal_type="Person", personB = self.portal.person_module.newContent(portal_type="Person",
reference="userB", reference="userB",
password="passwordB",
default_email_text="userB@example.invalid") default_email_text="userB@example.invalid")
assignment = personB.newContent(portal_type='Assignment') assignment = personB.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = personB.newContent(
portal_type='ERP5 Login',
reference='userB-login',
password='passwordB',
)
login.validate()
self.tic() self.tic()
self._assertUserExists('userA', 'passwordA') self._assertUserExists('userA-login', 'passwordA')
self._assertUserExists('userB', 'passwordB') self._assertUserExists('userB-login', 'passwordB')
self.assertEqual(0, len(self.portal.portal_password._password_request_dict)) self.assertEqual(0, len(self.portal.portal_password._password_request_dict))
self.portal.portal_password.mailPasswordResetRequest(user_login="userA") self.portal.portal_password.mailPasswordResetRequest(user_login="userA-login")
self.assertEqual(1, len(self.portal.portal_password._password_request_dict)) self.assertEqual(1, len(self.portal.portal_password._password_request_dict))
key_a = self.portal.portal_password._password_request_dict.keys()[0] key_a = self.portal.portal_password._password_request_dict.keys()[0]
self.tic() self.tic()
self.portal.portal_password.mailPasswordResetRequest(user_login="userB") self.portal.portal_password.mailPasswordResetRequest(user_login="userB-login")
possible_key_list =\ possible_key_list =\
self.portal.portal_password._password_request_dict.keys() self.portal.portal_password._password_request_dict.keys()
self.assertEqual(2, len(possible_key_list)) self.assertEqual(2, len(possible_key_list))
key_b = [k for k in possible_key_list if k != key_a][0] key_b = [k for k in possible_key_list if k != key_a][0]
self.tic() self.tic()
self._assertUserExists('userA', 'passwordA') self._assertUserExists('userA-login', 'passwordA')
self._assertUserExists('userB', 'passwordB') self._assertUserExists('userB-login', 'passwordB')
self.portal.portal_password.changeUserPassword(user_login="userA", self.portal.portal_password.changeUserPassword(user_login="userA-login",
password="newA", password="newA",
password_confirmation="newA", password_confirmation="newA",
password_key=key_a) password_key=key_a)
self.tic() self.tic()
self._assertUserExists('userA', 'newA') self._assertUserExists('userA-login', 'newA')
self._assertUserExists('userB', 'passwordB') self._assertUserExists('userB-login', 'passwordB')
self.portal.portal_password.changeUserPassword(user_login="userB", self.portal.portal_password.changeUserPassword(user_login="userB-login",
password="newB", password="newB",
password_confirmation="newB", password_confirmation="newB",
password_key=key_b) password_key=key_b)
self.tic() self.tic()
self._assertUserExists('userA', 'newA') self._assertUserExists('userA-login', 'newA')
self._assertUserExists('userB', 'newB') self._assertUserExists('userB-login', 'newB')
def test_login_with_trailing_space(self): def test_login_with_trailing_space(self):
person = self.portal.person_module.newContent(portal_type="Person", person = self.portal.person_module.newContent(portal_type="Person",
reference="userZ ", reference="userZ ",
password="passwordZ",
default_email_text="userA@example.invalid") default_email_text="userA@example.invalid")
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='userZ-login ',
password='passwordZ',
)
login.validate()
self.tic() self.tic()
self._assertUserExists('userZ ', 'passwordZ') self._assertUserExists('userZ-login ', 'passwordZ')
self.assertEqual(0, len(self.portal.portal_password._password_request_dict)) self.assertEqual(0, len(self.portal.portal_password._password_request_dict))
# No reset should be send if trailing space is not entered # No reset should be send if trailing space is not entered
self.portal.portal_password.mailPasswordResetRequest(user_login="userZ") self.portal.portal_password.mailPasswordResetRequest(user_login="userZ-login")
self.assertEqual(0, len(self.portal.portal_password._password_request_dict)) self.assertEqual(0, len(self.portal.portal_password._password_request_dict))
self.portal.portal_password.mailPasswordResetRequest(user_login="userZ ") self.portal.portal_password.mailPasswordResetRequest(user_login="userZ-login ")
self.assertEqual(1, len(self.portal.portal_password._password_request_dict)) self.assertEqual(1, len(self.portal.portal_password._password_request_dict))
key_a = self.portal.portal_password._password_request_dict.keys()[0] key_a = self.portal.portal_password._password_request_dict.keys()[0]
self.tic() self.tic()
self._assertUserExists('userZ ', 'passwordZ') self._assertUserExists('userZ-login ', 'passwordZ')
# Check that password is not changed if trailing space is not entered # Check that password is not changed if trailing space is not entered
self.portal.portal_password.changeUserPassword(user_login="userZ", self.portal.portal_password.changeUserPassword(user_login="userZ-login",
password="newZ", password="newZ",
password_confirmation="newZ", password_confirmation="newZ",
password_key=key_a) password_key=key_a)
self.tic() self.tic()
self._assertUserExists('userZ ', 'passwordZ') self._assertUserExists('userZ-login ', 'passwordZ')
# Check that password is changed if trailing space is entered # Check that password is changed if trailing space is entered
self.portal.portal_password.changeUserPassword(user_login="userZ ", self.portal.portal_password.changeUserPassword(user_login="userZ-login ",
password="newZ2", password="newZ2",
password_confirmation="newZ2", password_confirmation="newZ2",
password_key=key_a) password_key=key_a)
self.tic() self.tic()
self._assertUserExists('userZ ', 'newZ2') self._assertUserExists('userZ-login ', 'newZ2')
def test_no_email_on_person(self): def test_no_email_on_person(self):
person = self.portal.person_module.newContent(portal_type="Person", person = self.portal.person_module.newContent(portal_type="Person",
reference="user", reference="user",)
password="password",)
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='user-login',
password='password',
)
login.validate()
self.tic() self.tic()
self.logout() self.logout()
ret = self.portal.portal_password.mailPasswordResetRequest( ret = self.portal.portal_password.mailPasswordResetRequest(
user_login='user', REQUEST=self.portal.REQUEST) user_login='user-login', REQUEST=self.portal.REQUEST)
self.assertTrue("portal_status_message=User+user+does+not+have+an+email+"\ self.assertTrue("portal_status_message=User+user-login+does+not+have+an+email+"\
"address%2C+please+contact+site+administrator+directly" in str(ret)) "address%2C+please+contact+site+administrator+directly" in str(ret))
def test_acquired_email_on_person(self): def test_acquired_email_on_person(self):
...@@ -412,17 +437,22 @@ class TestPasswordTool(ERP5TypeTestCase): ...@@ -412,17 +437,22 @@ class TestPasswordTool(ERP5TypeTestCase):
default_email_text="organisation@example.com",) default_email_text="organisation@example.com",)
person = self.portal.person_module.newContent(portal_type="Person", person = self.portal.person_module.newContent(portal_type="Person",
reference="user", reference="user",
password="password",
default_career_subordination_value=organisation) default_career_subordination_value=organisation)
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference='user-login',
password='password',
)
login.validate()
self.tic() self.tic()
self._assertUserExists('user', 'password') self._assertUserExists('user-login', 'password')
self.logout() self.logout()
ret = self.portal.portal_password.mailPasswordResetRequest( ret = self.portal.portal_password.mailPasswordResetRequest(
user_login='user', REQUEST=self.portal.REQUEST) user_login='user-login', REQUEST=self.portal.REQUEST)
self.assertTrue("portal_status_message=User+user+does+not+have+an+email+"\ self.assertTrue("portal_status_message=User+user-login+does+not+have+an+email+"\
"address%2C+please+contact+site+administrator+directly" in str(ret)) "address%2C+please+contact+site+administrator+directly" in str(ret))
class TestPasswordToolWithCRM(TestPasswordTool): class TestPasswordToolWithCRM(TestPasswordTool):
......
...@@ -117,6 +117,7 @@ class TestWorklist(ERP5TypeTestCase): ...@@ -117,6 +117,7 @@ class TestWorklist(ERP5TypeTestCase):
stop_date = '01/01/2900', stop_date = '01/01/2900',
) )
assignment.open() assignment.open()
person.newContent(portal_type='ERP5 Login', reference=user_login).validate()
# Reindexing is required for the security to work # Reindexing is required for the security to work
self.tic() self.tic()
......
...@@ -150,6 +150,10 @@ class TestERP5BankingMixin(ERP5TypeTestCase): ...@@ -150,6 +150,10 @@ class TestERP5BankingMixin(ERP5TypeTestCase):
# by the assignment workflow when NuxUserGroup is used and # by the assignment workflow when NuxUserGroup is used and
# by ERP5Security PAS plugins in the context of PAS use. # by ERP5Security PAS plugins in the context of PAS use.
assignment.open() assignment.open()
person.newContent(
portal_type='ERP5 Login',
reference=user_login,
).validate()
if self.PAS_installed: if self.PAS_installed:
# reindexing is required for the security to work # reindexing is required for the security to work
......
...@@ -128,6 +128,7 @@ CREATE TABLE alternate_roles_and_users ( ...@@ -128,6 +128,7 @@ CREATE TABLE alternate_roles_and_users (
reference='user1') reference='user1')
user1_id = user1.Person_getUserId() user1_id = user1.Person_getUserId()
user1.newContent(portal_type='Assignment', group='g1').open() user1.newContent(portal_type='Assignment', group='g1').open()
user1.newContent(portal_type='ERP5 Login', reference='user1').validate()
user1.updateLocalRolesOnSecurityGroups() user1.updateLocalRolesOnSecurityGroups()
self.assertEqual(user1.__ac_local_roles__.get(user1_id), ['Auditor']) self.assertEqual(user1.__ac_local_roles__.get(user1_id), ['Auditor'])
self.assertEqual(user1.__ac_local_roles__.get('GROUP1'), ['Unknown']) self.assertEqual(user1.__ac_local_roles__.get('GROUP1'), ['Unknown'])
...@@ -136,6 +137,7 @@ CREATE TABLE alternate_roles_and_users ( ...@@ -136,6 +137,7 @@ CREATE TABLE alternate_roles_and_users (
reference='user2') reference='user2')
user2_id = user2.Person_getUserId() user2_id = user2.Person_getUserId()
user2.newContent(portal_type='Assignment', group='g1').open() user2.newContent(portal_type='Assignment', group='g1').open()
user2.newContent(portal_type='ERP5 Login', reference='user2').validate()
user2.updateLocalRolesOnSecurityGroups() user2.updateLocalRolesOnSecurityGroups()
self.assertEqual(user2.__ac_local_roles__.get(user2_id), ['Auditor']) self.assertEqual(user2.__ac_local_roles__.get(user2_id), ['Auditor'])
self.assertEqual(user2.__ac_local_roles__.get('GROUP1'), ['Unknown']) self.assertEqual(user2.__ac_local_roles__.get('GROUP1'), ['Unknown'])
......
...@@ -72,6 +72,7 @@ class TestGUISecurity(ERP5TypeTestCase): ...@@ -72,6 +72,7 @@ class TestGUISecurity(ERP5TypeTestCase):
self.assertTrue('Created Successfully' in message) self.assertTrue('Created Successfully' in message)
if not hasattr(portal.person_module, 'user'): if not hasattr(portal.person_module, 'user'):
user = portal.person_module.newContent(portal_type='Person', id='user', reference='user') user = portal.person_module.newContent(portal_type='Person', id='user', reference='user')
user.newContent(portal_type='ERP5 Login', reference='user').validate()
asg = user.newContent(portal_type='Assignment') asg = user.newContent(portal_type='Assignment')
asg.setStartDate(DateTime() - 100) asg.setStartDate(DateTime() - 100)
asg.setStopDate(DateTime() + 100) asg.setStopDate(DateTime() + 100)
......
...@@ -64,10 +64,15 @@ class TestDeferredStyle(ERP5TypeTestCase, ZopeTestCase.Functional): ...@@ -64,10 +64,15 @@ class TestDeferredStyle(ERP5TypeTestCase, ZopeTestCase.Functional):
person = person_module.newContent(id='pers', portal_type='Person', person = person_module.newContent(id='pers', portal_type='Person',
reference=self.username, reference=self.username,
first_name=self.first_name, first_name=self.first_name,
password=self.password,
default_email_text=self.recipient_email_address) default_email_text=self.recipient_email_address)
assignment = person.newContent(portal_type='Assignment') assignment = person.newContent(portal_type='Assignment')
assignment.open() assignment.open()
login = person.newContent(
portal_type='ERP5 Login',
reference=self.username,
password=self.password,
)
login.validate()
self.tic() self.tic()
def loginAsUser(self, username): def loginAsUser(self, username):
......
...@@ -30,21 +30,26 @@ ...@@ -30,21 +30,26 @@
"""Tests ERP5 User Management. """Tests ERP5 User Management.
""" """
import itertools
import transaction import transaction
import unittest import unittest
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.ERP5Type.tests.utils import createZODBPythonScript from Products.ERP5Type.tests.utils import createZODBPythonScript
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManagement import getSecurityManager from AccessControl.SecurityManagement import getSecurityManager
from AccessControl import SpecialUsers
from Products.PluggableAuthService import PluggableAuthService from Products.PluggableAuthService import PluggableAuthService
from zope.interface.verify import verifyClass from zope.interface.verify import verifyClass
from DateTime import DateTime from DateTime import DateTime
from Products import ERP5Security from Products import ERP5Security
from Products.DCWorkflow.DCWorkflow import ValidationFailed from Products.DCWorkflow.DCWorkflow import ValidationFailed
AUTO_LOGIN = object()
class TestUserManagement(ERP5TypeTestCase): class TestUserManagement(ERP5TypeTestCase):
"""Tests User Management in ERP5Security. """Tests User Management in ERP5Security.
""" """
_login_generator = itertools.count().next
def getTitle(self): def getTitle(self):
"""Title of the test.""" """Title of the test."""
...@@ -52,7 +57,7 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -52,7 +57,7 @@ class TestUserManagement(ERP5TypeTestCase):
def getBusinessTemplateList(self): def getBusinessTemplateList(self):
"""List of BT to install. """ """List of BT to install. """
return ('erp5_base',) return ('erp5_base', 'erp5_administration',)
def beforeTearDown(self): def beforeTearDown(self):
"""Clears person module and invalidate caches when tests are finished.""" """Clears person module and invalidate caches when tests are finished."""
...@@ -97,8 +102,8 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -97,8 +102,8 @@ class TestUserManagement(ERP5TypeTestCase):
user = uf.getUserById(username).__of__(uf) user = uf.getUserById(username).__of__(uf)
newSecurityManager(None, user) newSecurityManager(None, user)
def _makePerson(self, open_assignment=1, assignment_start_date=None, def _makePerson(self, login=AUTO_LOGIN, open_assignment=1, assignment_start_date=None,
assignment_stop_date=None, **kw): assignment_stop_date=None, tic=True, password='secret', **kw):
"""Creates a person in person module, and returns the object, after """Creates a person in person module, and returns the object, after
indexing is done. """ indexing is done. """
person_module = self.getPersonModule() person_module = self.getPersonModule()
...@@ -109,8 +114,17 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -109,8 +114,17 @@ class TestUserManagement(ERP5TypeTestCase):
stop_date=assignment_stop_date,) stop_date=assignment_stop_date,)
if open_assignment: if open_assignment:
assignment.open() assignment.open()
self.tic() if login is not None:
return new_person if login is AUTO_LOGIN:
login = 'login_%s' % self._login_generator()
new_person.newContent(
portal_type='ERP5 Login',
reference=login,
password=password,
).validate()
if tic:
self.tic()
return new_person.Person_getUserId(), login, password
def _assertUserExists(self, login, password): def _assertUserExists(self, login, password):
"""Checks that a user with login and password exists and can log in to the """Checks that a user with login and password exists and can log in to the
...@@ -146,125 +160,184 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -146,125 +160,184 @@ class TestUserManagement(ERP5TypeTestCase):
def test_PersonWithLoginPasswordAreUsers(self): def test_PersonWithLoginPasswordAreUsers(self):
"""Tests a person with a login & password is a valid user.""" """Tests a person with a login & password is a valid user."""
p = self._makePerson(reference='the_user', password='secret',) _, login, password = self._makePerson()
self._assertUserExists('the_user', 'secret') self._assertUserExists(login, password)
def test_PersonLoginCaseSensitive(self): def test_PersonLoginCaseSensitive(self):
"""Login/password are case sensitive.""" """Login/password are case sensitive."""
p = self._makePerson(reference='the_user', password='secret',) login = 'case_test_user'
self._assertUserExists('the_user', 'secret') _, _, password = self._makePerson(login=login)
self._assertUserDoesNotExists('the_User', 'secret') self._assertUserExists(login, password)
self._assertUserDoesNotExists('case_test_User', password)
def test_PersonLoginIsNotStripped(self): def test_PersonLoginIsNotStripped(self):
"""Make sure 'foo ', ' foo' and ' foo ' do not match user 'foo'. """ """Make sure 'foo ', ' foo' and ' foo ' do not match user 'foo'. """
p = self._makePerson(reference='foo', password='secret',) _, login, password = self._makePerson()
self._assertUserExists('foo', 'secret') self._assertUserExists(login, password)
self._assertUserDoesNotExists('foo ', 'secret') self._assertUserDoesNotExists(login + ' ', password)
self._assertUserDoesNotExists(' foo', 'secret') self._assertUserDoesNotExists(' ' + login, password)
self._assertUserDoesNotExists(' foo ', 'secret') self._assertUserDoesNotExists(' ' + login + ' ', password)
def test_PersonLoginCannotBeComposed(self): def test_PersonLoginCannotBeComposed(self):
"""Make sure ZSQLCatalog keywords cannot be used at login time""" """Make sure ZSQLCatalog keywords cannot be used at login time"""
p = self._makePerson(reference='foo', password='secret',) _, login, password = self._makePerson()
self._assertUserExists('foo', 'secret') self._assertUserExists(login, password)
self._assertUserDoesNotExists('bar', 'secret') doest_not_exist = 'bar'
self._assertUserDoesNotExists('bar OR foo', 'secret') self._assertUserDoesNotExists(doest_not_exist, password)
self._assertUserDoesNotExists(login + ' OR ' + doest_not_exist, password)
self._assertUserDoesNotExists(doest_not_exist + ' OR ' + login, password)
def test_PersonLoginQuote(self): def test_PersonLoginQuote(self):
p = self._makePerson(reference="'", password='secret',) login = "'"
self._assertUserExists("'", 'secret') _, _, password = self._makePerson(login=login)
self._assertUserExists(login, password)
login = '"'
_, _, password = self._makePerson(login=login)
self._assertUserExists(login, password)
def test_PersonLogin_OR_Keyword(self): def test_PersonLogin_OR_Keyword(self):
p = self._makePerson(reference='foo OR bar', password='secret',) base_login = 'foo'
self._assertUserExists('foo OR bar', 'secret') login = base_login + ' OR bar'
self._assertUserDoesNotExists('foo', 'secret') _, _, password = self._makePerson(login=login)
self._assertUserExists(login, password)
self._assertUserDoesNotExists(base_login, password)
def test_PersonLoginCatalogKeyWord(self): def test_PersonLoginCatalogKeyWord(self):
# use something that would turn the username in a ZSQLCatalog catalog keyword # use something that would turn the username in a ZSQLCatalog catalog keyword
p = self._makePerson(reference="foo%", password='secret',) base_login ='foo'
self._assertUserExists("foo%", 'secret') login = base_login + '%'
self._assertUserDoesNotExists("foo", 'secret') _, _, password = self._makePerson(login=login)
self._assertUserDoesNotExists("foobar", 'secret') self._assertUserExists(login, password)
self._assertUserDoesNotExists(base_login, password)
self._assertUserDoesNotExists(base_login + "bar", password)
def test_PersonLoginNGT(self): def test_PersonLoginNGT(self):
p = self._makePerson(reference='< foo', password='secret',) login = '< foo'
self._assertUserExists('< foo', 'secret') _, _, password = self._makePerson(login=login)
self._assertUserExists(login, password)
self._assertUserDoesNotExists('fo', password)
def test_PersonLoginNonAscii(self): def test_PersonLoginNonAscii(self):
"""Login can contain non ascii chars.""" """Login can contain non ascii chars."""
p = self._makePerson(reference='j\xc3\xa9', password='secret',) login = 'j\xc3\xa9'
self._assertUserExists('j\xc3\xa9', 'secret') _, _, password = self._makePerson(login=login)
self._assertUserExists(login, password)
def test_PersonWithLoginWithEmptyPasswordAreNotUsers(self): def test_PersonWithLoginWithEmptyPasswordAreNotUsers(self):
"""Tests a person with a login but no password is not a valid user.""" """Tests a person with a login but no password is not a valid user."""
self._makePerson(reference='the_user') password = None
self._assertUserDoesNotExists('the_user', None) _, login, _ = self._makePerson(password=password)
self._makePerson(reference='another_user', password='',) self._assertUserDoesNotExists(login, password)
self._assertUserDoesNotExists('another_user', '') password = ''
_, login, self._makePerson(password=password)
self._assertUserDoesNotExists(login, password)
def test_PersonWithEmptyLoginAreNotUsers(self): def test_PersonWithEmptyLoginAreNotUsers(self):
"""Tests a person with empty login & password is a valid user.""" """Tests a person with empty login & password is not a valid user."""
self._makePerson(reference='', password='secret') _, login, _ = self._makePerson()
self._assertUserDoesNotExists('', 'secret') pas_user, = self.portal.acl_users.searchUsers(login=login, exact_match=True)
pas_login, = pas_user['login_list']
login_value = self.portal.restrictedTraverse(pas_login['path'])
login_value.invalidate()
login_value.setReference('')
self.commit()
self.assertRaises(ValidationFailed, login_value.validate)
self.assertRaises(ValidationFailed, self.portal.portal_workflow.doActionFor, login_value, 'validate_action')
def test_PersonWithLoginWithNotAssignmentAreNotUsers(self): def test_PersonWithLoginWithNotAssignmentAreNotUsers(self):
"""Tests a person with a login & password and no assignment open is not a valid user.""" """Tests a person with a login & password and no assignment open is not a valid user."""
self._makePerson(reference='the_user', password='secret', open_assignment=0) _, login, password = self._makePerson(open_assignment=0)
self._assertUserDoesNotExists('the_user', 'secret') self._assertUserDoesNotExists(login, password)
def test_PersonWithSuperUserLoginCannotBeCreated(self): def _testUserNameExistsButCannotLoginAndCannotCreate(self, login):
"""Tests one cannot create person with the "super user" special login.""" self.assertTrue(self.getUserFolder().searchUsers(login=login, exact_match=True))
self.assertRaises(RuntimeError, self._makePerson, reference=ERP5Security.SUPER_USER) self._assertUserDoesNotExists(login, '')
self.assertRaises(ValidationFailed, self._makePerson, login=login)
def test_PersonWithSuperUserLogin(self): def test_PersonWithSuperUserLogin(self):
"""Tests one cannot use the "super user" special login.""" """Tests one cannot use the "super user" special login."""
self._assertUserDoesNotExists(ERP5Security.SUPER_USER, '') self._testUserNameExistsButCannotLoginAndCannotCreate(ERP5Security.SUPER_USER)
def test_searchUsers(self): def test_PersonWithAnonymousLogin(self):
p1 = self._makePerson(reference='person1') """Tests one cannot use the "anonymous user" special login."""
p2 = self._makePerson(reference='person2') self._testUserNameExistsButCannotLoginAndCannotCreate(SpecialUsers.nobody.getUserName())
self.assertEqual({'person1', 'person2'},
{x['userid'] for x in self.portal.acl_users.searchUsers(id='person')}) def test_PersonWithSystemUserLogin(self):
"""Tests one cannot use the "system user" special login."""
def test_searchUsersExactMatch(self): self._testUserNameExistsButCannotLoginAndCannotCreate(SpecialUsers.system.getUserName())
p = self._makePerson(reference='person')
p1 = self._makePerson(reference='person1') def test_searchUserId(self):
p2 = self._makePerson(reference='person2') substring = 'person_id'
self.assertEqual(['person', ], user_id_set = {substring + '1', '1' + substring}
[x['userid'] for x in for user_id in user_id_set:
self.portal.acl_users.searchUsers(id='person', exact_match=True)]) self._makePerson(reference=user_id)
self.assertEqual(
def test_MultiplePersonReference(self): user_id_set,
"""Tests that it's refused to create two Persons with same reference.""" {x['userid'] for x in self.portal.acl_users.searchUsers(id=substring, exact_match=False)},
self._makePerson(reference='new_person') )
self.assertRaises(RuntimeError, self._makePerson, reference='new_person')
def test_searchLogin(self):
substring = 'person_login'
login_set = {substring + '1', '1' + substring}
for login in login_set:
self._makePerson(login=login)
self.assertEqual(
login_set,
{x['login'] for x in self.portal.acl_users.searchUsers(login=substring, exact_match=False)},
)
def test_searchUsersIdExactMatch(self):
substring = 'person2_id'
self._makePerson(reference=substring)
self._makePerson(reference=substring + '1')
self._makePerson(reference='1' + substring)
self.assertEqual(
[substring],
[x['userid'] for x in self.portal.acl_users.searchUsers(id=substring, exact_match=True)],
)
def test_searchUsersLoginExactMatch(self):
substring = 'person2_login'
self._makePerson(login=substring)
self._makePerson(login=substring + '1')
self._makePerson(login='1' + substring)
self.assertEqual(
[substring],
[x['login'] for x in self.portal.acl_users.searchUsers(login=substring, exact_match=True)],
)
def test_MultipleUsers(self):
"""Tests that it's refused to create two Persons with same user id."""
user_id, login, _ = self._makePerson()
self.assertRaises(ValidationFailed, self._makePerson, reference=user_id)
self.assertRaises(ValidationFailed, self._makePerson, login=login)
def test_MultiplePersonReferenceWithoutCommit(self): def test_MultiplePersonReferenceWithoutCommit(self):
""" """
Tests that it's refused to create two Persons with same reference. Tests that it's refused to create two Persons with same user id.
Check if both persons are created in the same transaction Check if both persons are created in the same transaction
""" """
person_module = self.getPersonModule() person_module = self.getPersonModule()
new_person = person_module.newContent( new_person = person_module.newContent(
portal_type='Person', reference='new_person') portal_type='Person', reference='new_person')
self.assertRaises(RuntimeError, person_module.newContent, self.assertRaises(ValidationFailed, person_module.newContent,
portal_type='Person', reference='new_person') portal_type='Person', reference='new_person')
def test_MultiplePersonReferenceWithoutTic(self): def test_MultiplePersonReferenceWithoutTic(self):
""" """
Tests that it's refused to create two Persons with same reference. Tests that it's refused to create two Persons with same user id.
Check if both persons are created in 2 different transactions. Check if both persons are created in 2 different transactions.
""" """
person_module = self.getPersonModule() person_module = self.getPersonModule()
new_person = person_module.newContent( new_person = person_module.newContent(
portal_type='Person', reference='new_person') portal_type='Person', reference='new_person')
self.commit() self.commit()
self.assertRaises(RuntimeError, person_module.newContent, self.assertRaises(ValidationFailed, person_module.newContent,
portal_type='Person', reference='new_person') portal_type='Person', reference='new_person')
def test_MultiplePersonReferenceConcurrentTransaction(self): def test_MultiplePersonReferenceConcurrentTransaction(self):
""" """
Tests that it's refused to create two Persons with same reference. Tests that it's refused to create two Persons with same user id.
Check if both persons are created in 2 concurrent transactions. Check if both persons are created in 2 concurrent transactions.
For now, just verify that serialize is called on person_module. For now, just verify that serialize is called on person_module.
""" """
...@@ -292,67 +365,82 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -292,67 +365,82 @@ class TestUserManagement(ERP5TypeTestCase):
def test_PersonCopyAndPaste(self): def test_PersonCopyAndPaste(self):
"""If we copy and paste a person, login must not be copyied.""" """If we copy and paste a person, login must not be copyied."""
person = self._makePerson(reference='new_person') user_id, _, _ = self._makePerson(reference='new_person')
person_module = self.getPersonModule() user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
copy_data = person_module.manage_copyObjects([person.getId()]) user_value = self.portal.restrictedTraverse(user['path'])
changed, = person_module.manage_pasteObjects(copy_data) container = user_value.getParentValue()
self.assertNotEquals(person_module[changed['new_id']].getReference(), changed, = container.manage_pasteObjects(
person_module[changed['id']].getReference()) container.manage_copyObjects([user_value.getId()]),
)
self.assertNotEquals(
container[changed['new_id']].Person_getUserId(),
user_id,
)
def test_PreferenceTool_setNewPassword(self): def test_PreferenceTool_setNewPassword(self):
# Preference Tool has an action to change password # Preference Tool has an action to change password
pers = self._makePerson(reference='the_user', password='secret',) user_id, login, password = self._makePerson()
self.tic() self._assertUserExists(login, password)
self._assertUserExists('the_user', 'secret') pas_user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
self.loginAsUser('the_user') pas_login, = pas_user['login_list']
login = [x for x in pers.objectValues(portal_type='ERP5 Login')][0] login_value = self.portal.restrictedTraverse(pas_login['path'])
new_password = 'new' + password
self.loginAsUser(user_id)
result = self.portal.portal_preferences.PreferenceTool_setNewPassword( result = self.portal.portal_preferences.PreferenceTool_setNewPassword(
dialog_id='PreferenceTool_viewChangePasswordDialog', dialog_id='PreferenceTool_viewChangePasswordDialog',
current_password='wrong_secret', current_password='bad' + password,
new_password='new_secret', new_password=new_password,
) )
self.assertEqual(result, self.portal.absolute_url()+'/portal_preferences/PreferenceTool_viewChangePasswordDialog?portal_status_message=Current%20password%20is%20wrong.') self.assertEqual(result, self.portal.absolute_url()+'/portal_preferences/PreferenceTool_viewChangePasswordDialog?portal_status_message=Current%20password%20is%20wrong.')
self.login()
self._assertUserExists(login, password)
self._assertUserDoesNotExists(login, new_password)
self.loginAsUser(user_id)
result = self.portal.portal_preferences.PreferenceTool_setNewPassword( result = self.portal.portal_preferences.PreferenceTool_setNewPassword(
dialog_id='PreferenceTool_viewChangePasswordDialog', dialog_id='PreferenceTool_viewChangePasswordDialog',
current_password='secret', current_password=password,
new_password='new_secret', new_password=new_password,
) )
self.assertEqual(result, self.portal.absolute_url()+'/logout') self.assertEqual(result, self.portal.absolute_url()+'/logout')
self._assertUserExists('the_user', 'new_secret')
self._assertUserDoesNotExists('the_user', 'secret')
self.login()
self._assertUserExists(login, new_password)
self._assertUserDoesNotExists(login, password)
# password is not stored in plain text # password is not stored in plain text
self.assertNotEquals('new_secret', pers.getPassword()) self.assertNotEquals(new_password, self.portal.restrictedTraverse(pas_user['path']).getPassword())
def test_OpenningAssignmentClearCache(self): def test_OpenningAssignmentClearCache(self):
"""Openning an assignment for a person clear the cache automatically.""" """Openning an assignment for a person clear the cache automatically."""
pers = self._makePerson(reference='the_user', password='secret', user_id, login, password = self._makePerson(open_assignment=0)
open_assignment=0) self._assertUserDoesNotExists(login, password)
self._assertUserDoesNotExists('the_user', 'secret') user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
pers = self.portal.restrictedTraverse(user['path'])
assi = pers.newContent(portal_type='Assignment') assi = pers.newContent(portal_type='Assignment')
assi.open() assi.open()
self.commit() self.commit()
self._assertUserExists('the_user', 'secret') self._assertUserExists(login, password)
assi.close() assi.close()
self.commit() self.commit()
self._assertUserDoesNotExists('the_user', 'secret') self._assertUserDoesNotExists(login, password)
def test_PersonNotIndexedNotCached(self): def test_PersonNotIndexedNotCached(self):
pers = self._makePerson(password='secret',) user_id, login, password = self._makePerson(tic=False)
pers.setReference('the_user')
# not indexed yet # not indexed yet
self._assertUserDoesNotExists('the_user', 'secret') self._assertUserDoesNotExists(login, password)
self.tic() self.tic()
self._assertUserExists(login, password)
self._assertUserExists('the_user', 'secret')
def test_PersonNotValidNotCached(self): def test_PersonNotValidNotCached(self):
pers = self._makePerson(reference='the_user', password='other',) user_id, login, password = self._makePerson()
self._assertUserDoesNotExists('the_user', 'secret') password += '2'
pers.setPassword('secret') pas_user, = self.portal.acl_users.searchUsers(login=login, exact_match=True)
self._assertUserExists('the_user', 'secret') pas_login, = pas_user['login_list']
self._assertUserDoesNotExists(login, password)
self.portal.restrictedTraverse(pas_login['path']).setPassword(password)
self._assertUserExists(login, password)
def test_PersonLoginMigration(self): def test_PersonLoginMigration(self):
self.portal.acl_users.manage_addProduct['ERP5Security'].addERP5UserManager('erp5_users') self.portal.acl_users.manage_addProduct['ERP5Security'].addERP5UserManager('erp5_users')
...@@ -363,6 +451,7 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -363,6 +451,7 @@ class TestUserManagement(ERP5TypeTestCase):
pers = self.portal.person_module.newContent( pers = self.portal.person_module.newContent(
portal_type='Person', portal_type='Person',
reference='the_user', reference='the_user',
reference=None,
) )
pers.newContent( pers.newContent(
portal_type='Assignment', portal_type='Assignment',
...@@ -376,6 +465,7 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -376,6 +465,7 @@ class TestUserManagement(ERP5TypeTestCase):
self.tic() self.tic()
self._assertUserExists('the_user', 'secret') self._assertUserExists('the_user', 'secret')
self.assertEqual(pers.getPassword(), None) self.assertEqual(pers.getPassword(), None)
self.assertEqual(pers.Person_getUserId(), 'the_user')
login = pers.objectValues(portal_type='ERP5 Login')[0] login = pers.objectValues(portal_type='ERP5 Login')[0]
login.setPassword('secret2') login.setPassword('secret2')
self.portal.portal_caches.clearAllCache() self.portal.portal_caches.clearAllCache()
...@@ -397,85 +487,99 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -397,85 +487,99 @@ class TestUserManagement(ERP5TypeTestCase):
def test_AssignmentWithDate(self): def test_AssignmentWithDate(self):
"""Tests a person with an assignment with correct date is a valid user.""" """Tests a person with an assignment with correct date is a valid user."""
date = DateTime() date = DateTime()
p = self._makePerson(reference='the_user', password='secret', _, login, password = self._makePerson(
assignment_start_date=date-5, assignment_start_date=date - 5,
assignment_stop_date=date+5) assignment_stop_date=date + 5,
self._assertUserExists('the_user', 'secret') )
self._assertUserExists(login, password)
def test_AssignmentWithBadStartDate(self): def test_AssignmentWithBadStartDate(self):
"""Tests a person with an assignment with bad start date is not a valid user.""" """Tests a person with an assignment with bad start date is not a valid user."""
date = DateTime() date = DateTime()
p = self._makePerson(reference='the_user', password='secret', _, login, password = self._makePerson(
assignment_start_date=date+1, assignment_start_date=date + 1,
assignment_stop_date=date+5) assignment_stop_date=date + 5,
self._assertUserDoesNotExists('the_user', 'secret') )
self._assertUserDoesNotExists(login, password)
def test_AssignmentWithBadStopDate(self): def test_AssignmentWithBadStopDate(self):
"""Tests a person with an assignment with bad stop date is not a valid user.""" """Tests a person with an assignment with bad stop date is not a valid user."""
date = DateTime() date = DateTime()
p = self._makePerson(reference='the_user', password='secret', _, login, password = self._makePerson(
assignment_start_date=date-5, assignment_start_date=date - 5,
assignment_stop_date=date-1) assignment_stop_date=date - 1,
self._assertUserDoesNotExists('the_user', 'secret') )
self._assertUserDoesNotExists(login, password)
def test_DeletedPersonIsNotUser(self): def test_DeletedPersonIsNotUser(self):
p = self._makePerson(reference='the_user', password='secret') user_id, login, password = self._makePerson()
self._assertUserExists('the_user', 'secret') self._assertUserExists(login, password)
acl_user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
p.delete() self.portal.restrictedTraverse(acl_user['path']).delete()
self.commit() self.commit()
self._assertUserDoesNotExists(login, password)
self._assertUserDoesNotExists('the_user', 'secret')
def test_ReallyDeletedPersonIsNotUser(self): def test_ReallyDeletedPersonIsNotUser(self):
p = self._makePerson(reference='the_user', password='secret') user_id, login, password = self._makePerson()
self._assertUserExists('the_user', 'secret') acl_user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
p = self.portal.restrictedTraverse(acl_user['path'])
self._assertUserExists(login, password)
p.getParentValue().deleteContent(p.getId()) p.getParentValue().deleteContent(p.getId())
self.commit() self.commit()
self._assertUserDoesNotExists(login, password)
self._assertUserDoesNotExists('the_user', 'secret')
def test_InvalidatedPersonIsUser(self): def test_InvalidatedPersonIsUser(self):
p = self._makePerson(reference='the_user', password='secret') user_id, login, password = self._makePerson()
self._assertUserExists('the_user', 'secret') acl_user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
p = self.portal.restrictedTraverse(acl_user['path'])
self._assertUserExists(login, password)
p.validate() p.validate()
p.invalidate() p.invalidate()
self.commit() self.commit()
self._assertUserExists(login, password)
self._assertUserExists('the_user', 'secret') def test_UserIdIsPossibleToUnset(self):
"""Make sure that it is possible to remove user id"""
def test_PersonLoginIsPossibleToUnset(self): user_id, login, password = self._makePerson()
"""Make sure that it is possible to remove reference""" acl_user, = self.portal.acl_users.searchUsers(id=user_id, exact_match=True)
person = self._makePerson(reference='foo', password='secret',) person = self.portal.restrictedTraverse(acl_user['path'])
person.setReference(None) person.setReference(None)
self.tic() self.tic()
self.assertEqual(None, person.getReference()) self.assertEqual(None, person.Person_getUserId())
def test_duplicatePersonReference(self): def test_duplicatePersonUserId(self):
person1 = self._makePerson(reference='foo', password='secret',) user_id, _, _ = self._makePerson()
self.tic() self.assertRaises(ValidationFailed, self._makePerson, reference=user_id)
self.assertRaises(RuntimeError, self._makePerson,
reference='foo', password='secret',)
def test_duplicateLoginReference(self): def test_duplicateLoginReference(self):
person1 = self._makePerson(reference='foo', password='secret',) _, login1, _ = self._makePerson()
self.tic() _, login2, _ = self._makePerson()
person2 = self._makePerson(reference='bar', password='secret',) pas_user2, = self.portal.acl_users.searchUsers(login=login2, exact_match=True)
login = person2.objectValues(portal_type='ERP5 Login')[0] pas_login2, = pas_user2['login_list']
login.invalidate() login2_value = self.portal.restrictedTraverse(pas_login2['path'])
login.setReference('foo') login2_value.invalidate()
self.assertRaises(ValidationFailed, self.portal.portal_workflow.doActionFor, login, 'validate_action') login2_value.setReference(login1)
self.commit()
def test_duplicateLoginReferenceInSameTransaction(self): self.assertRaises(ValidationFailed, login2_value.validate)
person1 = self._makePerson(reference='foo', password='secret', tic=False) self.assertRaises(ValidationFailed, self.portal.portal_workflow.doActionFor, login2_value, 'validate_action')
person2 = self._makePerson(reference='bar', password='secret', tic=False)
login = person2.newContent(portal_type='ERP5 Login') def _duplicateLoginReference(self, commit):
login = person2.objectValues(portal_type='ERP5 Login')[0] _, login1, _ = self._makePerson(tic=False)
login.invalidate() user_id2, login2, _ = self._makePerson(tic=False)
login.setReference('foo') if commit:
self.portal.portal_workflow.doActionFor(login, 'validate_action') self.commit()
# Note: cannot rely on catalog, on purpose.
person_value, = [
x for x in self.portal.person_module.objectValues()
if x.Person_getUserId() == user_id2
]
login_value, = [
x for x in person_value.objectValues(portal_type='ERP5 Login')
if x.getReference() == login2
]
login_value.invalidate()
login_value.setReference(login1)
self.portal.portal_workflow.doActionFor(login_value, 'validate_action')
result = self.portal.portal_alarms.check_duplicate_login_reference.ERP5Site_checkDuplicateLoginReferenceLogin() result = self.portal.portal_alarms.check_duplicate_login_reference.ERP5Site_checkDuplicateLoginReferenceLogin()
self.assertEqual(result, None) self.assertEqual(result, None)
self.tic() self.tic()
...@@ -483,19 +587,11 @@ class TestUserManagement(ERP5TypeTestCase): ...@@ -483,19 +587,11 @@ class TestUserManagement(ERP5TypeTestCase):
self.assertEqual(len(result.getResultList()), 1) self.assertEqual(len(result.getResultList()), 1)
self.assertEqual(result.getResultList()[0].summary, 'Logins having the same reference exist') self.assertEqual(result.getResultList()[0].summary, 'Logins having the same reference exist')
def test_duplicateLoginReferenceInSameTransaction(self):
self._duplicateLoginReference(False)
def test_duplicateLoginReferenceInAnotherTransaction(self): def test_duplicateLoginReferenceInAnotherTransaction(self):
person1 = self._makePerson(reference='foo', password='secret', tic=False) self._duplicateLoginReference(True)
person2 = self._makePerson(reference='bar', password='secret', tic=False)
self.commit()
login = person2.newContent(portal_type='ERP5 Login')
login.setReference('foo')
self.portal.portal_workflow.doActionFor(login, 'validate_action')
result = self.portal.portal_alarms.check_duplicate_login_reference.ERP5Site_checkDuplicateLoginReferenceLogin()
self.assertEqual(result, None)
self.tic()
result = self.portal.portal_alarms.check_duplicate_login_reference.ERP5Site_checkDuplicateLoginReferenceLogin()
self.assertEqual(len(result.getResultList()), 1)
self.assertEqual(result.getResultList()[0].summary, 'Logins having the same reference exist')
class TestUserManagementExternalAuthentication(TestUserManagement): class TestUserManagementExternalAuthentication(TestUserManagement):
def getTitle(self): def getTitle(self):
...@@ -522,13 +618,9 @@ class TestUserManagementExternalAuthentication(TestUserManagement): ...@@ -522,13 +618,9 @@ class TestUserManagementExternalAuthentication(TestUserManagement):
Make sure that we can grant security using a ERP5 External Authentication Plugin. Make sure that we can grant security using a ERP5 External Authentication Plugin.
""" """
reference = 'external_auth_person' _, login, _ = self._makePerson()
loginable_person = self.getPersonModule().newContent(portal_type='Person', pas_user, = self.portal.acl_users.searchUsers(login=login, exact_match=True)
reference=reference, reference = self.portal.restrictedTraverse(pas_user['path']).getReference()
password='guest')
assignment = loginable_person.newContent(portal_type='Assignment')
assignment.open()
self.tic()
base_url = self.portal.absolute_url(relative=1) base_url = self.portal.absolute_url(relative=1)
...@@ -542,7 +634,7 @@ class TestUserManagementExternalAuthentication(TestUserManagement): ...@@ -542,7 +634,7 @@ class TestUserManagementExternalAuthentication(TestUserManagement):
# self.assertTrue(response.headers['location'].endswith('login_form')) # self.assertTrue(response.headers['location'].endswith('login_form'))
# view front page we should be logged in if we use authentication key # view front page we should be logged in if we use authentication key
response = self.publish(base_url, env={self.user_id_key.replace('-', '_').upper():reference}) response = self.publish(base_url, env={self.user_id_key.replace('-', '_').upper(): login})
self.assertEqual(response.getStatus(), 200) self.assertEqual(response.getStatus(), 200)
self.assertTrue(reference in response.getBody()) self.assertTrue(reference in response.getBody())
...@@ -579,12 +671,9 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -579,12 +671,9 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
base_cat.newContent(portal_type='Category', base_cat.newContent(portal_type='Category',
id='subcat', id='subcat',
codification="%s1" % code) codification="%s1" % code)
# add another function subcategory. base_cat.newContent(portal_type='Category',
function_category = category_tool['function'] id='another_subcat',
if function_category.get('another_subcat', None) is None: codification="%s2" % code)
function_category.newContent(portal_type='Category',
id='another_subcat',
codification='F2')
self.defined_category = "group/subcat\n"\ self.defined_category = "group/subcat\n"\
"site/subcat\n"\ "site/subcat\n"\
"function/subcat" "function/subcat"
...@@ -595,13 +684,15 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -595,13 +684,15 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
self.username = 'usérn@me' self.username = 'usérn@me'
# create a user and open an assignement # create a user and open an assignement
pers = self.getPersonModule().newContent(portal_type='Person', pers = self.getPersonModule().newContent(portal_type='Person',
reference=self.username, reference=self.username)
password=self.username)
assignment = pers.newContent( portal_type='Assignment', assignment = pers.newContent( portal_type='Assignment',
group='subcat', group='subcat',
site='subcat', site='subcat',
function='subcat' ) function='subcat' )
assignment.open() assignment.open()
pers.newContent(portal_type='ERP5 Login',
reference=self.username,
password=self.username).validate()
self.person = pers self.person = pers
self.tic() self.tic()
...@@ -638,7 +729,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -638,7 +729,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
def getBusinessTemplateList(self): def getBusinessTemplateList(self):
"""List of BT to install. """ """List of BT to install. """
return ('erp5_base', 'erp5_web', 'erp5_ingestion', 'erp5_dms',) return ('erp5_base', 'erp5_web', 'erp5_ingestion', 'erp5_dms', 'erp5_administration')
def test_RolesManagerInterfaces(self): def test_RolesManagerInterfaces(self):
"""Tests group manager plugin respects interfaces.""" """Tests group manager plugin respects interfaces."""
...@@ -670,6 +761,30 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -670,6 +761,30 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
self.assertEqual(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1')) self.assertEqual(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
self.assertTrue('Assignor' in user.getRolesInContext(obj)) self.assertTrue('Assignor' in user.getRolesInContext(obj))
self.assertFalse('Assignee' in user.getRolesInContext(obj)) self.assertFalse('Assignee' in user.getRolesInContext(obj))
# check if assignment change is effective immediately
self.login()
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']"], res.body)
assignment = self.person.newContent( portal_type='Assignment',
group='subcat',
site='subcat',
function='another_subcat' )
assignment.open()
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']", "--> ['F2_G1_S1']"], res.body)
assignment.setGroup('another_subcat')
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']", "--> ['F2_G2_S1']"], res.body)
self.abort() self.abort()
def testLocalRolesGroupId(self): def testLocalRolesGroupId(self):
...@@ -722,7 +837,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -722,7 +837,7 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
"""Test dynamic role generation when an assignment defines several functions """Test dynamic role generation when an assignment defines several functions
""" """
assignment, = self.portal.portal_catalog(portal_type='Assignment', assignment, = self.portal.portal_catalog(portal_type='Assignment',
parent_reference=self.username) parent_reference=self.person.getReference())
assignment.setFunctionList(('subcat', 'another_subcat')) assignment.setFunctionList(('subcat', 'another_subcat'))
self._getTypeInfo().newContent(portal_type='Role Information', self._getTypeInfo().newContent(portal_type='Role Information',
role_name='Assignee', role_name='Assignee',
...@@ -782,6 +897,9 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -782,6 +897,9 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
assignment = loginable_person.newContent(portal_type='Assignment', assignment = loginable_person.newContent(portal_type='Assignment',
function='another_subcat') function='another_subcat')
assignment.open() assignment.open()
loginable_person.newContent(portal_type='ERP5 Login',
reference='guest',
password='guest').validate()
self.tic() self.tic()
person_module_type_information = self.getTypesTool()['Person Module'] person_module_type_information = self.getTypesTool()['Person Module']
...@@ -836,11 +954,13 @@ class TestLocalRoleManagement(ERP5TypeTestCase): ...@@ -836,11 +954,13 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
reference = 'UserReferenceTextWhichShouldBeHardToGeneratedInAnyHumanOrComputerLanguage' reference = 'UserReferenceTextWhichShouldBeHardToGeneratedInAnyHumanOrComputerLanguage'
loginable_person = self.getPersonModule().newContent(portal_type='Person', loginable_person = self.getPersonModule().newContent(portal_type='Person',
reference=reference, reference=reference)
password='guest')
assignment = loginable_person.newContent(portal_type='Assignment', assignment = loginable_person.newContent(portal_type='Assignment',
function='another_subcat') function='another_subcat')
assignment.open() assignment.open()
loginable_person.newContent(portal_type='ERP5 Login',
reference=reference,
password='guest').validate()
portal_types = portal.portal_types portal_types = portal.portal_types
for portal_type in ('Person Module', 'Person', 'Web Site Module', 'Web Site', for portal_type in ('Person Module', 'Person', 'Web Site Module', 'Web Site',
'Web Page'): 'Web Page'):
......
...@@ -471,8 +471,11 @@ class ERP5TypeTestCaseMixin(ProcessingNodeTestCase, PortalTestCase): ...@@ -471,8 +471,11 @@ class ERP5TypeTestCaseMixin(ProcessingNodeTestCase, PortalTestCase):
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
reference=reference, reference=reference,
password=password,
**person_kw) **person_kw)
login = person.newContent(portal_type='ERP5 Login',
reference=reference,
password=password)
login.validate()
return person return person
def createUserAssignment(self, user, assignment_kw): def createUserAssignment(self, user, assignment_kw):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment