From 4cf2d3f65a3b614f5135e253b563b34d6b96d3a8 Mon Sep 17 00:00:00 2001 From: Vincent Desmares <vincentd@nexedi.com> Date: Tue, 19 Aug 2008 15:34:28 +0000 Subject: [PATCH] Add a new unittest for testing the Cookie generation with long login/password git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@23042 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Type/tests/testCookieCrumbler.py | 101 +++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 product/ERP5Type/tests/testCookieCrumbler.py diff --git a/product/ERP5Type/tests/testCookieCrumbler.py b/product/ERP5Type/tests/testCookieCrumbler.py new file mode 100644 index 0000000000..da9021e6e4 --- /dev/null +++ b/product/ERP5Type/tests/testCookieCrumbler.py @@ -0,0 +1,101 @@ +############################################################################## +# +# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved. +# +# This software is subject to the provisions of the Zope Public License, +# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED +# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS +# FOR A PARTICULAR PURPOSE. +# +############################################################################## + +import base64 +from cStringIO import StringIO +import unittest +import urllib + +from OFS.DTMLMethod import DTMLMethod +from OFS.Folder import Folder +from zExceptions.unauthorized import Unauthorized +from AccessControl.User import UserFolder +from AccessControl.SecurityManagement import noSecurityManager +from ZPublisher.HTTPRequest import HTTPRequest +from ZPublisher.HTTPResponse import HTTPResponse + +from Products.CMFCore.CookieCrumbler \ + import CookieCrumbler, manage_addCC, Redirect + +from Products.CMFCore.tests.testCookieCrumbler import makerequest +from Products.CMFCore.tests.testCookieCrumbler import CookieCrumblerTests + +class ERP5CookieCrumblerTests (CookieCrumblerTests): + """ Modify original CMFCore Cookie Crumbler unit test to test long login """ + + def setUp(self): + root = Folder() + self.root = root + root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this + root.getPhysicalPath = lambda: () # hack + root._View_Permission = ('Anonymous',) + + users = UserFolder() + users._setId('acl_users') + users._doAddUser('abraham', 'pass-w', ('Patriarch',), ()) + users._doAddUser('isaac', 'pass-w', ('Son',), ()) + users._doAddUser('abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm', + 'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww', + ('Son',), ()) + root._setObject(users.id, users) + + cc = CookieCrumbler() + cc.id = 'cookie_authentication' + root._setObject(cc.id, cc) + self.cc = getattr(root, cc.id) + + index = DTMLMethod() + index.munge('This is the default view') + index._setId('index_html') + root._setObject(index.getId(), index) + + login = DTMLMethod() + login.munge('Please log in first.') + login._setId('login_form') + root._setObject(login.getId(), login) + + protected = DTMLMethod() + protected._View_Permission = ('Manager',) + protected.munge('This is the protected view') + protected._setId('protected') + root._setObject(protected.getId(), protected) + + self.responseOut = StringIO() + self.req = makerequest(root, self.responseOut) + + self.credentials = urllib.quote( + base64.encodestring('abraham:pass-w').replace('\012', '')) + + def testCookieLongLogin(self): + # verify the user and auth cookie get set + long_name = 'abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm' + long_pass = 'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww' + self.req.cookies['__ac_name'] = long_name + self.req.cookies['__ac_password'] = long_pass + self.req.traverse('/') + + self.assert_(self.req.has_key('AUTHENTICATED_USER')) + self.assertEqual(self.req['AUTHENTICATED_USER'].getUserName(), + 'abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm') + resp = self.req.response + self.assert_(resp.cookies.has_key('__ac')) + self.credentials = base64.encodestring('%s:%s' % (long_name, long_pass)).replace('\012', '') + self.assertEqual(resp.cookies['__ac']['value'], + self.credentials) + self.assertEqual(resp.cookies['__ac']['path'], '/') + +def test_suite(): + return unittest.makeSuite(ERP5CookieCrumblerTests) + +if __name__ == '__main__': + unittest.main(defaultTest='test_suite') -- 2.30.9