Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Arnaud Véron
slapos.core
Commits
91e4fb57
Commit
91e4fb57
authored
Aug 18, 2020
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos_erp5: Add tests for Authentication Policy works for other types of Logins
parent
eeb964a1
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
407 additions
and
1 deletion
+407
-1
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSAuthenticationPolicy.py
...al_components/test.erp5.testSlapOSAuthenticationPolicy.py
+278
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSAuthenticationPolicy.xml
...l_components/test.erp5.testSlapOSAuthenticationPolicy.xml
+127
-0
master/bt5/slapos_erp5/bt/template_test_id_list
master/bt5/slapos_erp5/bt/template_test_id_list
+2
-1
No files found.
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSAuthenticationPolicy.py
0 → 100644
View file @
91e4fb57
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (C) 2013-2019 Nexedi SA and Contributors.
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
#
##############################################################################
from
erp5.component.test.SlapOSTestCaseMixin
import
SlapOSTestCaseMixin
class
TestSlapOSAuthenticationPolicyL
(
SlapOSTestCaseMixin
):
def
afterSetUp
(
self
):
SlapOSTestCaseMixin
.
afterSetUp
(
self
)
self
.
assertTrue
(
self
.
portal
.
portal_preferences
.
isAuthenticationPolicyEnabled
())
self
.
system_preference
=
self
.
portal
.
portal_preferences
.
getActiveSystemPreference
()
self
.
system_preference
.
setPreferredMaxPasswordLifetimeDuration
(
0
)
def
_clearCache
(
self
):
self
.
portal
.
portal_caches
.
clearCache
(
cache_factory_list
=
(
'erp5_content_short'
,
# for authentication cache
))
self
.
tic
()
def
_cleanUpLogin
(
self
,
login
):
self
.
portal
.
system_event_module
.
manage_delObjects
(
[
x
.
getId
()
for
x
in
self
.
_getPasswordEventList
(
login
)])
def
_getPasswordEventList
(
self
,
login
):
return
[
x
.
getObject
()
for
x
in
self
.
portal
.
portal_catalog
(
portal_type
=
'Password Event'
,
default_destination_uid
=
login
.
getUid
(),
sort_on
=
((
'creation_date'
,
'DESC'
,),))]
def
_notifyLoginFailureAboveMaximum
(
self
,
login
):
login
.
notifyLoginFailure
()
for
_
in
range
(
self
.
portal
.
portal_preferences
.
getPreferredMaxAuthenticationFailure
(
1
)):
login
.
notifyLoginFailure
()
self
.
_clearCache
()
def
_makeLogin
(
self
,
document
,
portal_type
):
login
=
document
.
newContent
(
portal_type
=
portal_type
,
reference
=
document
.
getReference
())
login
.
validate
()
return
login
def
_makeDummySoftwareInstance
(
self
):
software_instance
=
self
.
portal
.
software_instance_module
\
.
template_software_instance
.
Base_createCloneDocument
(
batch_mode
=
1
)
software_instance
=
self
.
portal
.
software_instance_module
\
.
template_software_instance
.
Base_createCloneDocument
(
batch_mode
=
1
)
software_instance
.
edit
(
title
=
self
.
generateNewSoftwareTitle
(),
reference
=
"TESTSI-%s"
%
self
.
generateNewId
()
)
return
software_instance
def
_test
(
self
,
document
,
login_portal_type
):
login
=
self
.
_makeLogin
(
document
=
document
,
portal_type
=
login_portal_type
)
self
.
_notifyLoginFailureAboveMaximum
(
login
)
self
.
assertFalse
(
login
.
isLoginBlocked
())
# Password should be ignored
login
.
setPassword
(
"%s-aA$1"
%
self
.
generateNewId
())
self
.
_clearCache
()
self
.
tic
()
return
login
def
_test_login_donot_block
(
self
,
document
,
login_portal_type
):
login
=
self
.
_test
(
document
,
login_portal_type
)
self
.
assertFalse
(
login
.
isLoginBlocked
())
def
_test_login_block_if_password_is_set
(
self
,
document
,
login_portal_type
):
login
=
self
.
_test
(
document
,
login_portal_type
)
self
.
assertTrue
(
login
.
isLoginBlocked
())
def
test_block_ERP5Login_without_password_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_login_block_if_password_is_set
(
document
=
person
,
login_portal_type
=
"ERP5 Login"
)
def
test_block_ERP5Login_without_password_on_computer
(
self
):
self
.
_test_login_block_if_password_is_set
(
document
=
self
.
_makeComputer
()[
0
],
login_portal_type
=
"ERP5 Login"
)
def
test_block_ERP5Login_without_password_on_software_instance
(
self
):
self
.
_test_login_block_if_password_is_set
(
document
=
self
.
_makeDummySoftwareInstance
(),
login_portal_type
=
"ERP5 Login"
)
def
test_block_CertificateLogin_without_password_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_login_donot_block
(
document
=
person
,
login_portal_type
=
"Certificate Login"
)
def
test_block_CertificateLogin_without_password_on_computer
(
self
):
self
.
_test_login_donot_block
(
document
=
self
.
_makeComputer
()[
0
],
login_portal_type
=
"Certificate Login"
)
def
test_block_CertificateLogin_without_password_on_software_instance
(
self
):
self
.
_test_login_donot_block
(
document
=
self
.
_makeDummySoftwareInstance
(),
login_portal_type
=
"Certificate Login"
)
def
test_block_GoogleLogin_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_login_donot_block
(
document
=
person
,
login_portal_type
=
"Google Login"
)
def
test_block_FacebookLogin_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_login_donot_block
(
document
=
person
,
login_portal_type
=
"Facebook Login"
)
def
_test_expire
(
self
,
document
,
login_portal_type
):
request
=
self
.
app
.
REQUEST
login
=
self
.
_makeLogin
(
document
=
document
,
portal_type
=
login_portal_type
)
self
.
_clearCache
()
self
.
assertFalse
(
login
.
isPasswordExpired
())
# set longer password validity interval
self
.
system_preference
.
setPreferredMaxPasswordLifetimeDuration
(
0
)
self
.
_clearCache
()
self
.
assertFalse
(
login
.
isPasswordExpired
())
self
.
assertNotIn
(
'is_user_account_password_expired'
,
request
)
# test early warning password expire notification is detected
self
.
system_preference
.
setPreferredPasswordLifetimeExpireWarningDuration
(
4
*
24
)
# password expire notification appear immediately
self
.
_clearCache
()
self
.
assertFalse
(
login
.
isPasswordExpired
())
self
.
assertNotIn
(
'is_user_account_password_expired_expire_date'
,
request
)
# test early warning password expire notification is detected
self
.
system_preference
.
setPreferredPasswordLifetimeExpireWarningDuration
(
4
*
24
-
24
)
# password expire notification appear 3 days befor time
self
.
tic
()
self
.
_clearCache
()
self
.
assertFalse
(
login
.
isPasswordExpired
())
self
.
assertNotIn
(
'is_user_account_password_expired_expire_date'
,
request
)
return
login
def
_test_expire_when_passoword_is_set
(
self
,
document
,
login_portal_type
):
login
=
self
.
_test_expire
(
document
=
document
,
login_portal_type
=
login_portal_type
)
login
.
setPassword
(
"%s-aA$1"
%
self
.
generateNewId
())
self
.
system_preference
.
setPreferredMaxPasswordLifetimeDuration
(
0
)
self
.
_clearCache
()
self
.
assertTrue
(
login
.
isPasswordExpired
())
def
_test_dont_expire_when_password_isnt_set
(
self
,
document
,
login_portal_type
):
login
=
self
.
_test_expire
(
document
=
document
,
login_portal_type
=
login_portal_type
)
login
.
setPassword
(
"%s-aA$1"
%
self
.
generateNewId
())
self
.
system_preference
.
setPreferredMaxPasswordLifetimeDuration
(
0
)
self
.
_clearCache
()
self
.
assertFalse
(
login
.
isPasswordExpired
())
def
test_expire_ERP5Login_without_password_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_expire_when_passoword_is_set
(
document
=
person
,
login_portal_type
=
"ERP5 Login"
)
def
test_expire_ERP5Login_without_password_on_computer
(
self
):
self
.
_test_expire_when_passoword_is_set
(
document
=
self
.
_makeComputer
()[
0
],
login_portal_type
=
"ERP5 Login"
)
def
test_expire_ERP5Login_without_password_on_software_instance
(
self
):
self
.
_test_expire_when_passoword_is_set
(
document
=
self
.
_makeDummySoftwareInstance
(),
login_portal_type
=
"ERP5 Login"
)
def
test_expire_CertificateLogin_without_password_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_dont_expire_when_password_isnt_set
(
document
=
person
,
login_portal_type
=
"Certificate Login"
)
def
test_expire_CertificateLogin_without_password_on_computer
(
self
):
self
.
_test_dont_expire_when_password_isnt_set
(
document
=
self
.
_makeComputer
()[
0
],
login_portal_type
=
"Certificate Login"
)
def
test_expire_CertificateLogin_without_password_on_software_instance
(
self
):
self
.
_test_dont_expire_when_password_isnt_set
(
document
=
self
.
_makeDummySoftwareInstance
(),
login_portal_type
=
"Certificate Login"
)
def
test_expire_GoogleLogin_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_dont_expire_when_password_isnt_set
(
document
=
person
,
login_portal_type
=
"Google Login"
)
def
test_expire_FacebookLogin_on_person
(
self
):
person
=
self
.
makePerson
(
user
=
0
)
person
.
edit
(
first_name
=
"SOMENAME"
,
last_name
=
"LASTNAME"
)
self
.
_test_dont_expire_when_password_isnt_set
(
document
=
person
,
login_portal_type
=
"Facebook Login"
)
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSAuthenticationPolicy.xml
0 → 100644
View file @
91e4fb57
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Test Component"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_recorded_property_dict
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
default_reference
</string>
</key>
<value>
<string>
testSlapOSAuthenticationPolicy
</string>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
test.erp5.testSlapOSAuthenticationPolicy
</string>
</value>
</item>
<item>
<key>
<string>
portal_type
</string>
</key>
<value>
<string>
Test Component
</string>
</value>
</item>
<item>
<key>
<string>
sid
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
text_content_error_message
</string>
</key>
<value>
<tuple/>
</value>
</item>
<item>
<key>
<string>
text_content_warning_message
</string>
</key>
<value>
<tuple/>
</value>
</item>
<item>
<key>
<string>
version
</string>
</key>
<value>
<string>
erp5
</string>
</value>
</item>
<item>
<key>
<string>
workflow_history
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAM=
</string>
</persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
component_validation_workflow
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAQ=
</string>
</persistent>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"4"
aka=
"AAAAAAAAAAQ="
>
<pickle>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.Workflow"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_log
</string>
</key>
<value>
<list>
<dictionary>
<item>
<key>
<string>
action
</string>
</key>
<value>
<string>
validate
</string>
</value>
</item>
<item>
<key>
<string>
validation_state
</string>
</key>
<value>
<string>
validated
</string>
</value>
</item>
</dictionary>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
master/bt5/slapos_erp5/bt/template_test_id_list
View file @
91e4fb57
...
...
@@ -5,4 +5,5 @@ test.erp5.testSlapOSERP5GroupRoleSecurity
test.erp5.testSlapOSERP5SkinSelection
test.erp5.testSlapOSERP5DefaultScenario
test.erp5.testSlapOSXHTML
test.erp5.testSlapOSCodingStyle
\ No newline at end of file
test.erp5.testSlapOSCodingStyle
test.erp5.testSlapOSAuthenticationPolicy
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment