Commit 91e4fb57 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_erp5: Add tests for Authentication Policy works for other types of Logins

parent eeb964a1
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (C) 2013-2019 Nexedi SA and Contributors.
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
# option) any later version, as published by the Free Software Foundation.
#
# You can also Link and Combine this program with other software covered by
# the terms of any of the Free Software licenses or any of the Open Source
# Initiative approved licenses and Convey the resulting work. Corresponding
# source of such a combination shall include the source code for all other
# software used.
#
# This program is distributed WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See COPYING file for full licensing terms.
# See https://www.nexedi.com/licensing for rationale and options.
#
##############################################################################
from erp5.component.test.SlapOSTestCaseMixin import SlapOSTestCaseMixin
class TestSlapOSAuthenticationPolicyL(SlapOSTestCaseMixin):
def afterSetUp(self):
SlapOSTestCaseMixin.afterSetUp(self)
self.assertTrue(
self.portal.portal_preferences.isAuthenticationPolicyEnabled())
self.system_preference = self.portal.portal_preferences.getActiveSystemPreference()
self.system_preference.setPreferredMaxPasswordLifetimeDuration(0)
def _clearCache(self):
self.portal.portal_caches.clearCache(
cache_factory_list=('erp5_content_short', # for authentication cache
))
self.tic()
def _cleanUpLogin(self, login):
self.portal.system_event_module.manage_delObjects(
[x.getId() for x in self._getPasswordEventList(login)])
def _getPasswordEventList(self, login):
return [x.getObject() for x in self.portal.portal_catalog(
portal_type = 'Password Event',
default_destination_uid = login.getUid(),
sort_on = (('creation_date', 'DESC',),))]
def _notifyLoginFailureAboveMaximum(self, login):
login.notifyLoginFailure()
for _ in range(self.portal.portal_preferences.getPreferredMaxAuthenticationFailure(1)):
login.notifyLoginFailure()
self._clearCache()
def _makeLogin(self, document, portal_type):
login = document.newContent(
portal_type=portal_type,
reference=document.getReference())
login.validate()
return login
def _makeDummySoftwareInstance(self):
software_instance = self.portal.software_instance_module\
.template_software_instance.Base_createCloneDocument(batch_mode=1)
software_instance = self.portal.software_instance_module\
.template_software_instance.Base_createCloneDocument(batch_mode=1)
software_instance.edit(
title=self.generateNewSoftwareTitle(),
reference="TESTSI-%s" % self.generateNewId()
)
return software_instance
def _test(self, document, login_portal_type):
login = self._makeLogin(
document=document,
portal_type=login_portal_type)
self._notifyLoginFailureAboveMaximum(login)
self.assertFalse(login.isLoginBlocked())
# Password should be ignored
login.setPassword("%s-aA$1" % self.generateNewId())
self._clearCache()
self.tic()
return login
def _test_login_donot_block(self, document, login_portal_type):
login = self._test(document, login_portal_type)
self.assertFalse(login.isLoginBlocked())
def _test_login_block_if_password_is_set(self, document, login_portal_type):
login = self._test(document, login_portal_type)
self.assertTrue(login.isLoginBlocked())
def test_block_ERP5Login_without_password_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_login_block_if_password_is_set(
document=person,
login_portal_type="ERP5 Login")
def test_block_ERP5Login_without_password_on_computer(self):
self._test_login_block_if_password_is_set(
document=self._makeComputer()[0],
login_portal_type="ERP5 Login"
)
def test_block_ERP5Login_without_password_on_software_instance(self):
self._test_login_block_if_password_is_set(
document=self._makeDummySoftwareInstance(),
login_portal_type="ERP5 Login")
def test_block_CertificateLogin_without_password_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_login_donot_block(
document=person,
login_portal_type="Certificate Login"
)
def test_block_CertificateLogin_without_password_on_computer(self):
self._test_login_donot_block(
document=self._makeComputer()[0],
login_portal_type="Certificate Login")
def test_block_CertificateLogin_without_password_on_software_instance(self):
self._test_login_donot_block(
document=self._makeDummySoftwareInstance(),
login_portal_type="Certificate Login")
def test_block_GoogleLogin_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_login_donot_block(
document=person,
login_portal_type="Google Login"
)
def test_block_FacebookLogin_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_login_donot_block(
document=person,
login_portal_type="Facebook Login"
)
def _test_expire(self, document, login_portal_type):
request = self.app.REQUEST
login = self._makeLogin(
document=document,
portal_type=login_portal_type)
self._clearCache()
self.assertFalse(login.isPasswordExpired())
# set longer password validity interval
self.system_preference.setPreferredMaxPasswordLifetimeDuration(0)
self._clearCache()
self.assertFalse(login.isPasswordExpired())
self.assertNotIn('is_user_account_password_expired', request)
# test early warning password expire notification is detected
self.system_preference.setPreferredPasswordLifetimeExpireWarningDuration(4*24) # password expire notification appear immediately
self._clearCache()
self.assertFalse(login.isPasswordExpired())
self.assertNotIn('is_user_account_password_expired_expire_date', request)
# test early warning password expire notification is detected
self.system_preference.setPreferredPasswordLifetimeExpireWarningDuration(4*24-24) # password expire notification appear 3 days befor time
self.tic()
self._clearCache()
self.assertFalse(login.isPasswordExpired())
self.assertNotIn('is_user_account_password_expired_expire_date', request)
return login
def _test_expire_when_passoword_is_set(self, document, login_portal_type):
login = self._test_expire(
document=document,
login_portal_type=login_portal_type
)
login.setPassword("%s-aA$1" % self.generateNewId())
self.system_preference.setPreferredMaxPasswordLifetimeDuration(0)
self._clearCache()
self.assertTrue(login.isPasswordExpired())
def _test_dont_expire_when_password_isnt_set(self, document, login_portal_type):
login = self._test_expire(
document=document,
login_portal_type=login_portal_type
)
login.setPassword("%s-aA$1" % self.generateNewId())
self.system_preference.setPreferredMaxPasswordLifetimeDuration(0)
self._clearCache()
self.assertFalse(login.isPasswordExpired())
def test_expire_ERP5Login_without_password_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_expire_when_passoword_is_set(
document=person,
login_portal_type="ERP5 Login")
def test_expire_ERP5Login_without_password_on_computer(self):
self._test_expire_when_passoword_is_set(
document=self._makeComputer()[0],
login_portal_type="ERP5 Login"
)
def test_expire_ERP5Login_without_password_on_software_instance(self):
self._test_expire_when_passoword_is_set(
document=self._makeDummySoftwareInstance(),
login_portal_type="ERP5 Login")
def test_expire_CertificateLogin_without_password_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_dont_expire_when_password_isnt_set(
document=person,
login_portal_type="Certificate Login"
)
def test_expire_CertificateLogin_without_password_on_computer(self):
self._test_dont_expire_when_password_isnt_set(
document=self._makeComputer()[0],
login_portal_type="Certificate Login")
def test_expire_CertificateLogin_without_password_on_software_instance(self):
self._test_dont_expire_when_password_isnt_set(
document=self._makeDummySoftwareInstance(),
login_portal_type="Certificate Login")
def test_expire_GoogleLogin_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_dont_expire_when_password_isnt_set(
document=person,
login_portal_type="Google Login"
)
def test_expire_FacebookLogin_on_person(self):
person = self.makePerson(user=0)
person.edit(
first_name="SOMENAME",
last_name="LASTNAME"
)
self._test_dont_expire_when_password_isnt_set(
document=person,
login_portal_type="Facebook Login"
)
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Test Component" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_recorded_property_dict</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>default_reference</string> </key>
<value> <string>testSlapOSAuthenticationPolicy</string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>test.erp5.testSlapOSAuthenticationPolicy</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Test Component</string> </value>
</item>
<item>
<key> <string>sid</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>text_content_error_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>version</string> </key>
<value> <string>erp5</string> </value>
</item>
<item>
<key> <string>workflow_history</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_log</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>action</string> </key>
<value> <string>validate</string> </value>
</item>
<item>
<key> <string>validation_state</string> </key>
<value> <string>validated</string> </value>
</item>
</dictionary>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -5,4 +5,5 @@ test.erp5.testSlapOSERP5GroupRoleSecurity
test.erp5.testSlapOSERP5SkinSelection
test.erp5.testSlapOSERP5DefaultScenario
test.erp5.testSlapOSXHTML
test.erp5.testSlapOSCodingStyle
\ No newline at end of file
test.erp5.testSlapOSCodingStyle
test.erp5.testSlapOSAuthenticationPolicy
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment