Commit 9d73c472 authored by Tres Seaver's avatar Tres Seaver

Merge AccessControl.User.tests.testUser fixes from 2.12, w/ LP#142536 fix.

parent 17dc97cb
......@@ -155,6 +155,8 @@ Features Added
Bugs Fixed
++++++++++
- LP #142563: Fix ``AccessControl.User.NullUnrestrictedUserTests.__str__``.
- LP #267820: Fix bad except clause in the ``sequence_sort`` method of
the ``<dtml-in>`` tag.
......
......@@ -400,6 +400,9 @@ class NullUnrestrictedUser(SpecialUser):
def has_permission(self, permission, object):
return 0
def __str__(self):
# See https://bugs.launchpad.net/zope2/+bug/142563
return repr(self)
def readUserAccessFile(filename):
......
......@@ -10,138 +10,408 @@
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""User folder tests.
$Id$
""" Unit tests for AccessControl.User
"""
import unittest
import Testing
import Zope2
Zope2.startup()
import os, sys, base64
import transaction
from Testing.makerequest import makerequest
class BasicUserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import BasicUser
return BasicUser
def _makeOne(self, name, password, roles, domains):
return self._getTargetClass()(name, password, roles, domains)
def _makeDerived(self, **kw):
class Derived(self._getTargetClass()):
def __init__(self, **kw):
self.name = 'name'
self.password = 'password'
self.roles = ['Manager']
self.domains = []
self.__dict__.update(kw)
return Derived(**kw)
def test_ctor_is_abstract(self):
# Subclasses must override __init__, and mustn't call the base version.
self.assertRaises(NotImplementedError,
self._makeOne, 'name', 'password', ['Manager'], [])
def test_abstract_methods(self):
# Subclasses must override these methods.
derived = self._makeDerived()
self.assertRaises(NotImplementedError, derived.getUserName)
self.assertRaises(NotImplementedError, derived.getId)
self.assertRaises(NotImplementedError, derived._getPassword)
self.assertRaises(NotImplementedError, derived.getRoles)
self.assertRaises(NotImplementedError, derived.getDomains)
# TODO: def test_getRolesInContext (w/wo local, callable, aq)
# TODO: def test_authenticate (w/wo domains)
# TODO: def test_allowed (...)
# TODO: def test_has_role (w/wo str, context)
# TODO: def test_has_permission (w/wo str)
def test___len__(self):
derived = self._makeDerived()
self.assertEqual(len(derived), 1)
def test___str__(self):
derived = self._makeDerived(getUserName=lambda: 'phred')
self.assertEqual(str(derived), 'phred')
def test___repr__(self):
derived = self._makeDerived(getUserName=lambda: 'phred')
self.assertEqual(repr(derived), "<Derived 'phred'>")
class SimpleUserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import SimpleUser
return SimpleUser
def _makeOne(self, name='admin', password='123', roles=None, domains=None):
if roles is None:
roles = ['Manager']
if domains is None:
domains = []
return self._getTargetClass()(name, password, roles, domains)
def test_overrides(self):
simple = self._makeOne()
self.assertEqual(simple.getUserName(), 'admin')
self.assertEqual(simple.getId(), 'admin')
self.assertEqual(simple._getPassword(), '123')
self.assertEqual(simple.getDomains(), ())
def test_getRoles_anonymous(self):
simple = self._makeOne('Anonymous User', roles=())
self.assertEqual(simple.getRoles(), ())
def test_getRoles_non_anonymous(self):
simple = self._makeOne('phred', roles=())
self.assertEqual(simple.getRoles(), ('Authenticated',))
class SpecialUserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import SpecialUser
return SpecialUser
def _makeOne(self, name='admin', password='123', roles=None, domains=None):
if roles is None:
roles = ['Manager']
if domains is None:
domains = []
return self._getTargetClass()(name, password, roles, domains)
def test_overrides(self):
simple = self._makeOne()
self.assertEqual(simple.getUserName(), 'admin')
self.assertEqual(simple.getId(), None)
self.assertEqual(simple._getPassword(), '123')
self.assertEqual(simple.getDomains(), ())
class UnrestrictedUserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import UnrestrictedUser
return UnrestrictedUser
def _makeOne(self, name='admin', password='123', roles=None, domains=None):
if roles is None:
roles = ['Manager']
if domains is None:
domains = []
return self._getTargetClass()(name, password, roles, domains)
def test_allowed__what_not_even_god_should_do(self):
from AccessControl.PermissionRole import _what_not_even_god_should_do
unrestricted = self._makeOne()
self.failIf(unrestricted.allowed(self, _what_not_even_god_should_do))
def test_allowed_empty(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.allowed(self, ()))
def test_allowed_other(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.allowed(self, ('Manager',)))
def test_has_role_empty_no_object(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.has_role(()))
def test_has_role_empty_w_object(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.has_role((), self))
def test_has_role_other_no_object(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.has_role(('Manager',)))
def test_has_role_other_w_object(self):
unrestricted = self._makeOne()
self.failUnless(unrestricted.has_role(('Manager',), self))
class NullUnrestrictedUserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import NullUnrestrictedUser
return NullUnrestrictedUser
def _makeOne(self):
return self._getTargetClass()()
def test_overrides(self):
simple = self._makeOne()
self.assertEqual(simple.getUserName(), (None, None))
self.assertEqual(simple.getId(), None)
self.assertEqual(simple._getPassword(), (None, None))
self.assertEqual(simple.getRoles(), ())
self.assertEqual(simple.getDomains(), ())
def test_getRolesInContext(self):
null = self._makeOne()
self.assertEqual(null.getRolesInContext(self), ())
def test_authenticate(self):
null = self._makeOne()
self.failIf(null.authenticate('password', {}))
def test_allowed(self):
null = self._makeOne()
self.failIf(null.allowed(self, ()))
def test_has_role(self):
null = self._makeOne()
self.failIf(null.has_role('Authenticated'))
def test_has_role_w_object(self):
null = self._makeOne()
self.failIf(null.has_role('Authenticated', self))
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.User import BasicUserFolder, UserFolder
from AccessControl.User import User
def test_has_permission(self):
null = self._makeOne()
self.failIf(null.has_permission('View', self))
def test___repr__(self):
null = self._makeOne()
self.assertEqual(repr(null), "<NullUnrestrictedUser (None, None)>")
def test___str__(self):
# See https://bugs.launchpad.net/zope2/+bug/142563
null = self._makeOne()
self.assertEqual(str(null), "<NullUnrestrictedUser (None, None)>")
class UserTests(unittest.TestCase):
def _getTargetClass(self):
from AccessControl.User import User
return User
def _makeOne(self, name, password, roles, domains):
return self._getTargetClass()(name, password, roles, domains)
def testGetUserName(self):
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f.getUserName(), 'chris')
def testGetUserId(self):
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f.getId(), 'chris')
def testBaseUserGetIdEqualGetName(self):
# this is true for the default user type, but will not
# always be true for extended user types going forward (post-2.6)
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f.getId(), f.getUserName())
def testGetPassword(self):
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f._getPassword(), '123')
def testGetRoles(self):
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f.getRoles(), ('Manager', 'Authenticated'))
def testGetDomains(self):
f = self._makeOne('chris', '123', ['Manager'], [])
self.assertEqual(f.getDomains(), ())
def testRepr(self):
f = self._makeOne('flo', '123', ['Manager'], [])
self.assertEqual(repr(f), "<User 'flo'>")
def testReprSpecial(self):
from AccessControl.User import NullUnrestrictedUser
from AccessControl.User import nobody
from AccessControl.User import system
# NullUnrestrictedUser is used when there is no emergency user
self.assertEqual(repr(NullUnrestrictedUser()),
"<NullUnrestrictedUser (None, None)>")
self.assertEqual(repr(nobody),
"<SpecialUser 'Anonymous User'>")
self.assertEqual(repr(system),
"<UnrestrictedUser 'System Processes'>")
class UserFolderTests(unittest.TestCase):
def setUp(self):
import transaction
transaction.begin()
self.app = makerequest(Zope2.app())
try:
# Set up a user and role
self.uf = UserFolder().__of__(self.app)
self.uf._doAddUser('user1', 'secret', ['role1'], [])
self.app._addRole('role1')
self.app.manage_role('role1', ['View'])
# Set up a published object accessible to user
self.app.addDTMLMethod('doc', file='')
self.app.doc.manage_permission('View', ['role1'], acquire=0)
# Rig the REQUEST so it looks like we traversed to doc
self.app.REQUEST.set('PUBLISHED', self.app.doc)
self.app.REQUEST.set('PARENTS', [self.app])
self.app.REQUEST.steps = ['doc']
self.basic = 'Basic %s' % base64.encodestring('user1:secret')
except:
self.tearDown()
raise
def tearDown(self):
import transaction
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
def login(self, name):
user = self.uf.getUserById(name)
user = user.__of__(self.uf)
def _getTargetClass(self):
from AccessControl.User import UserFolder
return UserFolder
def _makeOne(self, app=None):
if app is None:
app = self._makeApp()
uf = self._getTargetClass()().__of__(app)
uf._doAddUser('user1', 'secret', ['role1'], [])
return uf
def _makeApp(self):
from Testing.makerequest import makerequest
from Testing.ZopeTestCase import ZopeLite
app = makerequest(ZopeLite.app())
# Set up a user and role
app._addRole('role1')
app.manage_role('role1', ['View'])
# Set up a published object accessible to user
app.addDTMLMethod('doc', file='')
app.doc.manage_permission('View', ['role1'], acquire=0)
# Rig the REQUEST so it looks like we traversed to doc
app.REQUEST.set('PUBLISHED', app.doc)
app.REQUEST.set('PARENTS', [app])
app.REQUEST.steps = ['doc']
return app
def _makeBasicAuthToken(self, creds='user1:secret'):
import base64
return 'Basic %s' % base64.encodestring(creds)
def _login(self, uf, name):
from AccessControl.SecurityManagement import newSecurityManager
user = uf.getUserById(name)
user = user.__of__(uf)
newSecurityManager(None, user)
def test_z3interfaces(self):
def test_class_conforms_to_IStandardUserFolder(self):
from AccessControl.interfaces import IStandardUserFolder
from AccessControl.User import UserFolder
from zope.interface.verify import verifyClass
verifyClass(IStandardUserFolder, UserFolder)
verifyClass(IStandardUserFolder, self._getTargetClass())
def testGetUser(self):
self.failIfEqual(self.uf.getUser('user1'), None)
uf = self._makeOne()
self.failIfEqual(uf.getUser('user1'), None)
def testGetBadUser(self):
self.assertEqual(self.uf.getUser('user2'), None)
uf = self._makeOne()
self.assertEqual(uf.getUser('user2'), None)
def testGetUserById(self):
self.failIfEqual(self.uf.getUserById('user1'), None)
uf = self._makeOne()
self.failIfEqual(uf.getUserById('user1'), None)
def testGetBadUserById(self):
self.assertEqual(self.uf.getUserById('user2'), None)
uf = self._makeOne()
self.assertEqual(uf.getUserById('user2'), None)
def testGetUsers(self):
users = self.uf.getUsers()
uf = self._makeOne()
users = uf.getUsers()
self.failUnless(users)
self.assertEqual(users[0].getUserName(), 'user1')
def testGetUserNames(self):
names = self.uf.getUserNames()
uf = self._makeOne()
names = uf.getUserNames()
self.failUnless(names)
self.assertEqual(names[0], 'user1')
def testIdentify(self):
name, password = self.uf.identify(self.basic)
uf = self._makeOne()
name, password = uf.identify(self._makeBasicAuthToken())
self.assertEqual(name, 'user1')
self.assertEqual(password, 'secret')
def testGetRoles(self):
user = self.uf.getUser('user1')
uf = self._makeOne()
user = uf.getUser('user1')
self.failUnless('role1' in user.getRoles())
def testGetRolesInContext(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
roles = user.getRolesInContext(self.app)
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_addLocalRoles('user1', ['Owner'])
roles = user.getRolesInContext(app)
self.failUnless('role1' in roles)
self.failUnless('Owner' in roles)
def testHasRole(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_role('role1', self.app))
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.has_role('role1', app))
def testHasLocalRole(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_role('Owner', self.app))
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_role('Owner', app))
def testHasPermission(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_permission('View', self.app))
self.app.manage_role('role1', ['Add Folders'])
self.failUnless(user.has_permission('Add Folders', self.app))
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.has_permission('View', app))
app.manage_role('role1', ['Add Folders'])
self.failUnless(user.has_permission('Add Folders', app))
def testHasLocalRolePermission(self):
user = self.uf.getUser('user1')
self.app.manage_role('Owner', ['Add Folders'])
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_permission('Add Folders', self.app))
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
app.manage_role('Owner', ['Add Folders'])
app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_permission('Add Folders', app))
def testAuthenticate(self):
user = self.uf.getUser('user1')
self.failUnless(user.authenticate('secret', self.app.REQUEST))
app = self._makeApp()
uf = self._makeOne(app)
user = uf.getUser('user1')
self.failUnless(user.authenticate('secret', app.REQUEST))
def testValidate(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['role1'])
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(),
['role1'])
self.failIfEqual(user, None)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithoutAuth(self):
user = self.uf.validate(self.app.REQUEST, '', ['role1'])
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, '', ['role1'])
self.assertEqual(user, None)
def testValidateWithoutRoles(self):
......@@ -152,30 +422,39 @@ class UserFolderTests(unittest.TestCase):
# really should have expected success, since the user and the
# object being checked both have the role 'role1', even though no
# roles are passed explicitly to the userfolder validate method.
user = self.uf.validate(self.app.REQUEST, self.basic)
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken())
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithEmptyRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, [])
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(), [])
self.assertEqual(user, None)
def testNotValidateWithWrongRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager'])
app = self._makeApp()
uf = self._makeOne(app)
user = uf.validate(app.REQUEST, self._makeBasicAuthToken(),
['Manager'])
self.assertEqual(user, None)
def testAllowAccessToUser(self):
self.login('user1')
try:
self.app.restrictedTraverse('doc')
except Unauthorized:
self.fail('Unauthorized')
app = self._makeApp()
uf = self._makeOne(app)
self._login(uf, 'user1')
app.restrictedTraverse('doc')
def testDenyAccessToAnonymous(self):
self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc')
from AccessControl import Unauthorized
app = self._makeApp()
self.assertRaises(Unauthorized, app.restrictedTraverse, 'doc')
def testMaxListUsers(self):
# create a folder-ish thing which contains a roleManager,
# then put an acl_users object into the folde-ish thing
from AccessControl.User import BasicUserFolder
class Folderish(BasicUserFolder):
def __init__(self, size, count):
......@@ -220,7 +499,7 @@ class UserFolderTests(unittest.TestCase):
USER_ID = 'not_yet_encrypted'
PASSWORD = 'password'
uf = UserFolder().__of__(self.app)
uf = self._makeOne()
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
......@@ -236,7 +515,7 @@ class UserFolderTests(unittest.TestCase):
USER_ID = 'already_encrypted'
PASSWORD = 'password'
uf = UserFolder().__of__(self.app)
uf = self._makeOne()
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
......@@ -247,55 +526,13 @@ class UserFolderTests(unittest.TestCase):
self.failUnless(pw_validate(user.__, PASSWORD))
class UserTests(unittest.TestCase):
def testGetUserName(self):
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f.getUserName(), 'chris')
def testGetUserId(self):
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f.getId(), 'chris')
def testBaseUserGetIdEqualGetName(self):
# this is true for the default user type, but will not
# always be true for extended user types going forward (post-2.6)
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f.getId(), f.getUserName())
def testGetPassword(self):
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f._getPassword(), '123')
def testGetRoles(self):
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f.getRoles(), ('Manager', 'Authenticated'))
def testGetDomains(self):
f = User('chris', '123', ['Manager'], [])
self.assertEqual(f.getDomains(), ())
def testRepr(self):
f = User('flo', '123', ['Manager'], [])
self.assertEqual(repr(f), "<User 'flo'>")
def testReprSpecial(self):
from AccessControl.User import NullUnrestrictedUser
from AccessControl.User import nobody
from AccessControl.User import system
# NullUnrestrictedUser is used when there is no emergency user
self.assertEqual(repr(NullUnrestrictedUser()),
"<NullUnrestrictedUser (None, None)>")
self.assertEqual(repr(nobody),
"<SpecialUser 'Anonymous User'>")
self.assertEqual(repr(system),
"<UnrestrictedUser 'System Processes'>")
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(UserFolderTests))
suite.addTest(unittest.makeSuite(BasicUserTests))
suite.addTest(unittest.makeSuite(SimpleUserTests))
suite.addTest(unittest.makeSuite(SpecialUserTests))
suite.addTest(unittest.makeSuite(UnrestrictedUserTests))
suite.addTest(unittest.makeSuite(NullUnrestrictedUserTests))
suite.addTest(unittest.makeSuite(UserTests))
suite.addTest(unittest.makeSuite(UserFolderTests))
return suite
if __name__ == '__main__':
unittest.main(defaultTest='test_suite')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment