Commit a656866d authored by Hanno Schlichting's avatar Hanno Schlichting

Move user folder tests

parent f7a1a858
...@@ -23,6 +23,8 @@ AccessControl ...@@ -23,6 +23,8 @@ AccessControl
- Remaining outside imports: - Remaining outside imports:
* OFS - as a base class for User.BaseUserFolder
* Products (in registerPermissions using it as a data container for * Products (in registerPermissions using it as a data container for
``__ac_permissions__``) - this should use a global inside the module ``__ac_permissions__``) - this should use a global inside the module
inside AccessControl. inside AccessControl.
...@@ -34,9 +36,7 @@ AccessControl ...@@ -34,9 +36,7 @@ AccessControl
- Test only dependencies: - Test only dependencies:
* OFS
* Testing * Testing
* transaction
DocumentTemplate DocumentTemplate
---------------- ----------------
......
...@@ -224,275 +224,6 @@ class NullUnrestrictedUserTests(unittest.TestCase): ...@@ -224,275 +224,6 @@ class NullUnrestrictedUserTests(unittest.TestCase):
self.assertEqual(str(null), "<NullUnrestrictedUser (None, None)>") self.assertEqual(str(null), "<NullUnrestrictedUser (None, None)>")
# TODO class Test_readUserAccessFile(unittest.TestCase)
# TODO class BasicUserFoldertests(unittest.TestCase)
class UserFolderTests(unittest.TestCase):
def setUp(self):
import transaction
transaction.begin()
def tearDown(self):
import transaction
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
transaction.abort()
def _getTargetClass(self):
from AccessControl.User import UserFolder
return UserFolder
def _makeOne(self, app=None):
if app is None:
app = self._makeApp()
uf = self._getTargetClass()().__of__(app)
uf._doAddUser('user1', 'secret', ['role1'], [])
return uf
def _makeApp(self):
from Testing.makerequest import makerequest
from Testing.ZopeTestCase import ZopeLite
app = makerequest(ZopeLite.app())
# Set up a user and role
app._addRole('role1')
app.manage_role('role1', ['View'])
# Set up a published object accessible to user
app.addDTMLMethod('doc', file='')
app.doc.manage_permission('View', ['role1'], acquire=0)
# Rig the REQUEST so it looks like we traversed to doc
app.REQUEST.set('PUBLISHED', app.doc)
app.REQUEST.set('PARENTS', [app])
app.REQUEST.steps = ['doc']
return app
def _makeBasicAuthToken(self, creds='user1:secret'):
import base64
return 'Basic %s' % base64.encodestring(creds)
def _login(self, uf, name):
from AccessControl.SecurityManagement import newSecurityManager
user = uf.getUserById(name)
user = user.__of__(uf)
newSecurityManager(None, user)
def test_class_conforms_to_IStandardUserFolder(self):
from AccessControl.interfaces import IStandardUserFolder
from zope.interface.verify import verifyClass
verifyClass(IStandardUserFolder, self._getTargetClass())
def testGetUser(self):
uf = self._makeOne()
self.failIfEqual(uf.getUser('user1'), None)
def testGetBadUser(self):
uf = self._makeOne()
self.assertEqual(uf.getUser('user2'), None)
def testGetUserById(self):
uf = self._makeOne()
self.failIfEqual(uf.getUserById('user1'), None)
def testGetBadUserById(self):
uf = self._makeOne()
self.assertEqual(uf.getUserById('user2'), None)
def testGetUsers(self):
uf = self._makeOne()
users = uf.getUsers()
self.failUnless(users)
self.assertEqual(users[0].getUserName(), 'user1')
def testGetUserNames(self):
uf = self._makeOne()
names = uf.getUserNames()
self.failUnless(names)
self.assertEqual(names[0], 'user1')
def testIdentify(self):
uf = self._makeOne()
name, password = uf.identify(self._makeBasicAuthToken())
self.assertEqual(name, 'user1')
self.assertEqual(password, 'secret')
def testGetRoles(self):
uf = self._makeOne()
user = uf.getUser('user1')
self.failUnless('role1' in user.getRoles())
def testGetRolesInContext(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_addLocalRoles('user1', ['Owner'])
roles = user.getRolesInContext(app)
self.failUnless('role1' in roles)
self.failUnless('Owner' in roles)
def testHasRole(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.has_role('role1', app))
def testHasLocalRole(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_role('Owner', app))
def testHasPermission(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.has_permission('View', app))
app.manage_role('role1', ['Add Folders'])
self.failUnless(user.has_permission('Add Folders', app))
def testHasLocalRolePermission(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_role('Owner', ['Add Folders'])
app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_permission('Add Folders', app))
def testAuthenticate(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.authenticate('secret', app.REQUEST))
def testValidate(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(),
['role1'])
self.failIfEqual(user, None)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithoutAuth(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, '', ['role1'])
self.assertEqual(user, None)
def testValidateWithoutRoles(self):
# Note - calling uf.validate without specifying roles will cause
# the security machinery to determine the needed roles by looking
# at the object itself (or its container). I'm putting this note
# in to clarify because the original test expected failure but it
# really should have expected success, since the user and the
# object being checked both have the role 'role1', even though no
# roles are passed explicitly to the userfolder validate method.
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken())
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithEmptyRoles(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(), [])
self.assertEqual(user, None)
def testNotValidateWithWrongRoles(self):
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(),
['Manager'])
self.assertEqual(user, None)
def testAllowAccessToUser(self):
app = self._makeApp()
uf = self._makeOne(app)
self._login(uf, 'user1')
app.restrictedTraverse('doc')
def testDenyAccessToAnonymous(self):
from AccessControl import Unauthorized
app = self._makeApp()
self.assertRaises(Unauthorized, app.restrictedTraverse, 'doc')
def testMaxListUsers(self):
# create a folder-ish thing which contains a roleManager,
# then put an acl_users object into the folde-ish thing
from AccessControl.User import BasicUserFolder
class Folderish(BasicUserFolder):
def __init__(self, size, count):
self.maxlistusers = size
self.users = []
self.acl_users = self
self.__allow_groups__ = self
for i in xrange(count):
self.users.append("Nobody")
def getUsers(self):
return self.users
def user_names(self):
return self.getUsers()
tinyFolderOver = Folderish(15, 20)
tinyFolderUnder = Folderish(15, 10)
assert tinyFolderOver.maxlistusers == 15
assert tinyFolderUnder.maxlistusers == 15
assert len(tinyFolderOver.user_names()) == 20
assert len(tinyFolderUnder.user_names()) == 10
try:
list = tinyFolderOver.get_valid_userids()
assert 0, "Did not raise overflow error"
except OverflowError:
pass
try:
list = tinyFolderUnder.get_valid_userids()
pass
except OverflowError:
assert 0, "Raised overflow error erroneously"
def test__doAddUser_with_not_yet_encrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'not_yet_encrypted'
PASSWORD = 'password'
uf = self._makeOne()
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
uf._doAddUser(USER_ID, PASSWORD, [], [])
user = uf.getUserById(USER_ID)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_preencrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'already_encrypted'
PASSWORD = 'password'
uf = self._makeOne()
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
uf._doAddUser(USER_ID, ENCRYPTED, [], [])
user = uf.getUserById(USER_ID)
self.assertEqual(user.__, ENCRYPTED)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(BasicUserTests)) suite.addTest(unittest.makeSuite(BasicUserTests))
...@@ -500,5 +231,4 @@ def test_suite(): ...@@ -500,5 +231,4 @@ def test_suite():
suite.addTest(unittest.makeSuite(SpecialUserTests)) suite.addTest(unittest.makeSuite(SpecialUserTests))
suite.addTest(unittest.makeSuite(UnrestrictedUserTests)) suite.addTest(unittest.makeSuite(UnrestrictedUserTests))
suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests)) suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests))
suite.addTest(unittest.makeSuite(UserFolderTests))
return suite return suite
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment