def test_correctPassword(self):
"""
Calling C{checkPassword} on a L{UsernamePassword} will return L{True}
when the password given is the password on the object.
"""
creds = UsernamePassword(b"user", b"pass")
self.assertTrue(creds.checkPassword(b"pass"))
def test_passwd(self):
"""
The C{--passwd} command-line option will load a passwd-like file.
"""
self.options.parseOptions(
["--telnetPort", "tcp:22", "--passwd", self.filename])
service = manhole_tap.makeService(self.options)
portal = service.services[0].factory.protocol.portal
self.assertEqual(len(portal.checkers.keys()), 2)
# Ensure it's the passwd file we wanted by trying to authenticate
self.assertTrue(
self.successResultOf(
portal.login(
UsernamePassword(*self.usernamePassword),
None,
telnet.ITelnetProtocol,
)))
self.assertIsInstance(
self.failureResultOf(
portal.login(UsernamePassword(b"wrong", b"user"), None,
telnet.ITelnetProtocol)).value,
error.UnauthorizedLogin,
)
def test_checkKeyAsRoot(self):
"""
If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should
switch its uid/gid to the ones of the authenticated user.
"""
keyFile = self.sshDir.child("authorized_keys")
keyFile.setContent(self.content)
# Fake permission error by changing the mode
keyFile.chmod(0000)
self.addCleanup(keyFile.chmod, 0777)
# And restore the right mode when seteuid is called
savedSeteuid = self.mockos.seteuid
def seteuid(euid):
keyFile.chmod(0777)
return savedSeteuid(euid)
self.mockos.euid = 2345
self.mockos.egid = 1234
self.patch(self.mockos, "seteuid", seteuid)
self.patch(checkers, 'os', self.mockos)
self.patch(util, 'os', self.mockos)
user = UsernamePassword("user", "password")
user.blob = "foobar"
self.assertTrue(self.checker.checkKey(user))
self.assertEqual(self.mockos.seteuidCalls, [0, 1, 0, 2345])
self.assertEqual(self.mockos.setegidCalls, [2, 1234])
def query(self, user, channel, msg):
"""
Uses the auth-service to identify a user.
If no username is given, the nickname is used.
"""
_=self.bot.get_gettext()
if user.getNick().lower() == self.bot.nickname.lower():
return
nick = user.getNick()
if msg[0:9] == "identify ":
portal = self.bot.root.getServiceNamed("auth")
if not portal:
self.bot.sendmsg(nick, _("Error: could not get portal"))
return
msgs = msg.split(" ")
if len(msgs) == 2:
cred = UsernamePassword(nick, msgs[1])
elif len(msgs) == 3:
cred = UsernamePassword(msgs[1], msgs[2])
else:
self.bot.sendmsg(nick, _("Usage: identify [user] pass"))
return
d = portal.login(cred, user, IUser)
msg = _("Successfully logged in as %s")
d.addCallback(lambda args: self.bot.sendmsg(nick, msg
% args[1].name))
fail = _("Login failed: %s")
d.addErrback(lambda failure: self.bot.sendmsg(nick, fail
% failure.getErrorMessage()))
def connect(self, host, port, username=None, password=None, retry=False):
if retry:
# Launch a client
self.pbClientFactory = ReconnectingPBClientFactory()
self.pbClientFactory.gotPerspective = self._connected
self.pbClientFactory.disconnected = self._disconnected
# Start login
if username is None and password is None:
self.pbClientFactory.startLogin(
Anonymous())
else:
self.pbClientFactory.startLogin(
UsernamePassword(
username,
password))
reactor.connectTCP(host, port, self.pbClientFactory)
else:
# Launch a client
self.pbClientFactory = pb.PBClientFactory()
reactor.connectTCP(host, port, self.pbClientFactory)
yield self.pbClientFactory.getRootObject()
if username is None and password is None:
yield self.pbClientFactory.login(
Anonymous()).addCallback(self._connected)
else:
yield self.pbClientFactory.login(
UsernamePassword(
username,
password)).addCallback(self._connected)
def test_correctPassword(self):
"""
Calling C{checkPassword} on a L{UsernamePassword} will return L{True}
when the password given is the password on the object.
"""
creds = UsernamePassword(b"user", b"pass")
self.assertTrue(creds.checkPassword(b"pass"))
def test_wrongPassword(self):
"""
Calling C{checkPassword} on a L{UsernamePassword} will return L{False}
when the password given is NOT the password on the object.
"""
creds = UsernamePassword(b"user", b"pass")
self.assertFalse(creds.checkPassword(b"someotherpass"))
def test_checkKeyAsRoot(self):
"""
If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should
switch its uid/gid to the ones of the authenticated user.
"""
keyFile = self.sshDir.child("authorized_keys")
keyFile.setContent(self.content)
# Fake permission error by changing the mode
keyFile.chmod(0000)
self.addCleanup(keyFile.chmod, 0777)
# And restore the right mode when seteuid is called
savedSeteuid = self.mockos.seteuid
def seteuid(euid):
keyFile.chmod(0777)
return savedSeteuid(euid)
self.mockos.euid = 2345
self.mockos.egid = 1234
self.patch(self.mockos, "seteuid", seteuid)
self.patch(util, 'os', self.mockos)
user = UsernamePassword("user", "password")
user.blob = "foobar"
self.assertTrue(self.checker.checkKey(user))
self.assertEqual(self.mockos.seteuidCalls, [0, 1, 0, 2345])
self.assertEqual(self.mockos.setegidCalls, [2, 1234])
def test_wrongPassword(self):
"""
Calling C{checkPassword} on a L{UsernamePassword} will return L{False}
when the password given is NOT the password on the object.
"""
creds = UsernamePassword(b"user", b"pass")
self.assertFalse(creds.checkPassword(b"someotherpass"))
def test_callable(self):
self.auth = self.MockCustomAuth()
cred_good = UsernamePassword('fellow', 'correct')
result_good = yield self.auth.checkers[0].requestAvatarId(cred_good)
self.assertEqual(result_good, 'fellow')
cred_bad = UsernamePassword('bandid', 'incorrect')
defer_bad = self.auth.checkers[0].requestAvatarId(cred_bad)
self.assertFailure(defer_bad, UnauthorizedLogin)
def _testCheckKey(self, filename):
self.sshDir.child(filename).setContent(self.content)
user = UsernamePassword("user", "password")
user.blob = "foobar"
self.assertTrue(self.checker.checkKey(user))
user.blob = "eggspam"
self.assertTrue(self.checker.checkKey(user))
user.blob = "notallowed"
self.assertFalse(self.checker.checkKey(user))
def _testCheckKey(self, filename):
self.sshDir.child(filename).setContent(self.content)
user = UsernamePassword("user", "password")
user.blob = "foobar"
self.assertTrue(self.checker.checkKey(user))
user.blob = "eggspam"
self.assertTrue(self.checker.checkKey(user))
user.blob = "notallowed"
self.assertFalse(self.checker.checkKey(user))
def main(reactor):
cc = ClientCreator(reactor, AMP)
d = cc.connectTCP('localhost', 7805)
d.addCallback(login, UsernamePassword("testuser", "examplepass"))
d.addCallback(add)
d.addCallback(display)
return d
def OnLoadSingleWorld(worldname=None):
global WORLDDB
TGESetGlobal("$Py::ISSINGLEPLAYER", 1)
TGESetGlobal("$Py::LastTell", "")
if not worldname:
tc = TGEObject("SINGLEPLAYER_WORLDLIST")
sr = int(tc.getSelectedId())
if sr >= 0 and len(WORLDS):
worldname = WORLDS[sr]
if worldname:
TGECall("MessagePopup", "Loading World...", "Please wait...")
TGEEval("Canvas.repaint();")
try:
try:
WORLDDB = "%s/%s/data/worlds/singleplayer/%s/world.db" % (
os.getcwd(), GAMEROOT, worldname)
r = WorldUpdate(
WORLDDB,
"%s/%s/data/worlds/multiplayer.baseline/world.db" %
(os.getcwd(), GAMEROOT), True)
except:
TGECall("CloseMessagePopup")
TGECall("MessageBoxOK", "Problem Updating World!",
"There was an error updating this world!")
return
if not r:
SetupEmbeddedWorld(worldname)
else:
TGECall("CloseMessagePopup")
return
except:
TGECall("CloseMessagePopup")
TGECall("MessageBoxOK", "Problem Loading World!",
"There was an error loading this world!")
traceback.print_exc()
ShutdownEmbeddedWorld()
return
TGECall("CloseMessagePopup")
TGESetGlobal("$Py::WORLDNAME", worldname)
# log into world
factory = pb.PBClientFactory()
reactor.connectTCP("localhost", 3013, factory)
mind = PlayerMind()
password = md5("ThePlayer").digest()
d = factory.login(UsernamePassword("ThePlayer-Immortal", password),
mind)
d.addCallback(PlayerConnected, (mind, ))
d.addErrback(Error)
if False: #RPG_BUILD_DEMO:
TGEObject("SPONSORBREAK_BAR").visible = True
else:
TGEObject("SPONSORBREAK_BAR").visible = False
def OnWorldLogin(args):
guardian = int(args[1])==1
immortal = int(args[1])==2
avatar = "Player"
if guardian:
avatar = "Guardian"
if immortal:
avatar = "Immortal"
worldpassword = TGEObject("WORLDLOGIN_PASSWORD").getValue()
if len(worldpassword) < 6:
TGECall("MessageBoxOK","Error!","World passwords are at least 6 characters long.")
else:
TGECall("MessagePopup","Logging into world...","Please wait...")
factory = pb.PBClientFactory()
reactor.connectTCP(WORLDINFO.worldIP,WORLDINFO.worldPort,factory)
mind = PlayerMind()
from md5 import md5
password = md5(worldpassword).digest()
factory.login(UsernamePassword("%s-%s"%(TGEGetGlobal("$pref::PublicName"),avatar), password),mind).addCallbacks(PlayerConnected, Failure,(mind,))
def _delegate(self, ctx, segments):
"""Identify the session by looking at cookies and HTTP auth headers, use that
session key to identify the wrapped resource, then return a deferred
which fires a 2-tuple of (resource, segments) to the top-level
redirection code code which will delegate IResource's renderHTTP or
locateChild methods to it
"""
request = inevow.IRequest(ctx)
cookie = request.getCookie(self.cookieKey)
# support HTTP auth, no redirections
userpass = request.getUser(), request.getPassword()
httpAuthSessionKey = 'HTTP AUTH: %s:%s' % userpass
for sessionKey in cookie, httpAuthSessionKey:
if sessionKey in self.sessions:
session = self.sessions[sessionKey]
return self.checkLogin(ctx, session, segments)
# without a session
if userpass != ('', ''):
# the user is trying to log in with HTTP auth, but they don't have
# a session. So, make them one.
sz = self.sessions[httpAuthSessionKey] = self.sessionFactory(
self, httpAuthSessionKey)
# kick off the expiry timer.
sz.checkExpired()
return self.checkLogin(ctx, sz, segments, None,
UsernamePassword(*userpass))
# no, really, without a session
## Redirect to the URL with the session key in it, plus the segments of the url
rd = self.createSession(ctx, segments)
return rd, ()
def cache_DELETE(self, request, dn):
request.setHeader("Content-Type", "application/json")
client_ip = request.getClientIP()
result = decode_basic_auth(request)
if result is None:
request.setResponseCode(UNAUTHORIZED)
request.setHeader("WWW-Authenticate", 'Basic realm="BindProxyWS"')
returnValue("""{"result": "not authorized"}""")
user, passwd = result
try:
iface, avatar, logout = yield self.portal.login(
UsernamePassword(*result), None, IBindProxyWSUser)
except (error.UnauthorizedLogin, exceptions.NotImplementedError) as ex:
log.msg(
("[ERROR] client_ip={client_ip}, login={login}: "
"Unauthorized login attempt to web service.\n{err}").format(
client_ip=client_ip, login=user, err=str(ex)))
request.setResponseCode(UNAUTHORIZED)
returnValue("""{"result": "not authorized"}""")
except Exception as ex:
log.msg("[ERROR] {0}".format(str(ex)))
request.setResponseCode(500)
returnValue('''{"result": "error"}''')
self.bindCache.store(dn, None)
log.msg(("[INFO] client_ip={client_ip}, login={login}: "
"Successfully removed cached entry for {dn}").format(
client_ip=client_ip, login=user, dn=dn))
returnValue('''{"result": "ok"}''')
def test_getProxy(self):
url1 = 'http://fakeurl1'
url2 = 'http://fakeurl2'
version = jsonrpc.VERSION_2
connectTimeout = 30
cred = UsernamePassword('username', 'password')
contextFactory = WebClientContextFactory()
factory = ProxyFactory(version=version,
connectTimeout=connectTimeout,
credentials=cred,
contextFactory=contextFactory)
proxy1 = factory.getProxy(url1)
proxy2 = factory.getProxy(url2)
self.assertNotEqual(id(proxy1), id(proxy2))
self.assertNotEqual(id(proxy1.agent._pool), id(proxy2.agent._pool))
self.assertEqual(proxy1.url, url1)
self.assertEqual(proxy2.url, url2)
self.assertEqual(proxy1.version, version)
self.assertEqual(proxy2.version, version)
self.assertEqual(proxy1.credentials, cred)
self.assertEqual(proxy2.credentials, cred)
self.assertEqual(proxy1.agent._connectTimeout, connectTimeout)
self.assertEqual(proxy2.agent._connectTimeout, connectTimeout)
def login(self, userID, robotID, password):
""" Callback for Robot connection to login and authenticate.
@param userID: User ID under which the robot is logging in.
@type userID: str
@param robotID: Unique ID of the robot in the namespace of the
user under which the robot is logging in.
@type robotID: str
@param password: Hashed password as hex-encoded string which is
used to authenticate the user.
@type password: str
@return: Representation of the connection to the robot
which is used in the Robot process.
(type: rce.robot.Connection)
@rtype: twisted.internet.defer.Deferred
"""
conn = Connection(self, userID, robotID)
factory = PBClientFactory()
self._reactor.connectTCP(self._masterIP, self._masterPort, factory)
d = factory.login(UsernamePassword(userID, password))
d.addCallback(self._cbAuthenticated, conn)
d.addCallback(self._cbConnected, conn)
d.addCallback(lambda _: conn)
return d
def _doLogin(self):
idParams = {}
idParams['host'] = self._hostEntry.get_text()
idParams['port'] = self._portEntry.get_text()
idParams['identityName'] = self._identityNameEntry.get_text()
idParams['password'] = self._passwordEntry.get_text()
try:
idParams['port'] = int(idParams['port'])
except ValueError:
pass
f = pb.PBClientFactory()
from twisted.internet import reactor
reactor.connectTCP(idParams['host'], idParams['port'], f)
creds = UsernamePassword(idParams['identityName'],
idParams['password'])
d = f.login(creds, self.client)
def _timeoutLogin():
self._timeoutID = None
d.errback(failure.Failure(defer.TimeoutError("Login timed out.")))
self._timeoutID = reactor.callLater(30, _timeoutLogin)
d.addCallbacks(self._cbGotPerspective, self._ebFailedLogin)
self.statusMsg("Contacting server...")
def login(self, nickname, password):
username = self.getUsername(nickname)
def failedLogin(f):
f.trap(aerrors.UnauthorizedLogin)
log.msg('Authentication for "%s" failed:' % (username,))
log.err(f)
raise errors.AuthenticationError(u'Unable to authenticate "%s"' % (username,))
def wrapLogout(self, logout):
def _logout():
del self.authenticatedUsers[username]
logout()
return _logout
def loginDone((interface, avatar, logout)):
self.logout(username)
logout = wrapLogout(self, logout)
self.authenticatedUsers[username] = (avatar, logout)
d = self.portal.login(
UsernamePassword(username, password),
None,
IIRCAvatar)
return d.addCallbacks(loginDone, failedLogin)
def OnLog(self,evt):
evt.Skip()
if not self.perspective:
#not connection
dlg = MasterLoginDlg(self)
dlg.Centre()
dlg.publicNameTextCtrl.SetValue(SETTINGS['PublicName'])
dlg.passwordTextCtrl.SetValue(SETTINGS['Password'])
if dlg.ShowModal()==wx.ID_OK:
pname = dlg.publicNameTextCtrl.GetValue()
pw = dlg.passwordTextCtrl.GetValue()
if len(pname) and len(pw):
SETTINGS['PublicName']=pname
SETTINGS['Password']=pw
#login
self.progressDlg.Update(0,"Logging into the Master Server...")
self.progressDlg.Show()
username=pname+"-"+"World"
password=pw
factory = pb.PBClientFactory()
reactor.connectTCP(MASTERIP,MASTERPORT,factory)
password = md5(password).digest()
factory.login(UsernamePassword(username, password),self).addCallbacks(self.connected, self.failure)
else: #logout
self.myWorldsListCtrl.DeleteAllItems()
self.liveWorldsListCtrl.DeleteAllItems()
self.perspective = None
self.enableControls(False)
self.logButton.SetLabel("Connect!")
def login(self, username, password):
try:
credentials = UsernamePassword(username, password)
deferred = defer.Deferred()
def okback(ret, _deferred):
_interface, objshAvatar, _lambda = ret
#print '>>>>',_a,objshAvatar,_b
assert objshAvatar is not None
self.username = username
self.authenticated = True
self.title = username.upper()
self.avatar = objshAvatar
# reset login history
self.authentication_failure_count = 0
self.last_authentication_failure_ts = 0
_deferred.callback(True)
def errback(_failure, _deferred):
errmsg = _failure.getErrorMessage()
if errmsg: log.msg('login failure:%s' % errmsg)
_deferred.callback(False)
d = self.portal.login(credentials, None, IResource)
d.addCallback(okback, deferred)
d.addErrback(errback, deferred)
return deferred
except UnauthorizedLogin:
self.authenticated = False
self.did_login_failure()
except:
traceback.print_exc()
def OnRequestLostPassword():
global PUBLICNAME, EMAILADDRESS
pname = TGEObject("LOSTPASSWORD_PUBLICNAME").getValue()
email = TGEObject("LOSTPASSWORD_EMAIL").getValue()
if not pname:
TGECall("MessageBoxOK", "Lost Password", "Invalid Public Name")
return
if "@" not in email or "." not in email:
TGECall("MessageBoxOK", "Lost Password", "Invalid email address")
return
PUBLICNAME, EMAILADDRESS = pname, email
masterIP = TGEGetGlobal("$Py::MasterIP")
masterPort = int(TGEGetGlobal("$Py::MasterPort"))
TGECall("MessagePopup", "Contacting Master Server...", "Please wait...")
factory = pb.PBClientFactory()
reactor.connectTCP(masterIP, masterPort, factory)
from md5 import md5
password = md5("Registration").digest()
factory.login(UsernamePassword("Registration-Registration", password),
pb.Root()).addCallbacks(Connected, Failure)
def test_portal(self):
"""
The factory returned by L{SecureShellConfiguration.getFactory} has a
C{portal} attribute which allows logins authenticated in the usual
L{axiom.userbase} manner.
"""
localpart = u'foo bar'
domain = u'example.com'
password = u'baz quux'
loginSystem = self.store.findUnique(LoginSystem)
account = loginSystem.addAccount(localpart,
domain,
password,
internal=True)
subStore = account.avatars.open()
avatar = object()
subStore.inMemoryPowerUp(avatar, IConchUser)
factory = self.shell.getFactory()
login = factory.portal.login(
UsernamePassword(
'%s@%s' % (localpart.encode('ascii'), domain.encode('ascii')),
password), None, IConchUser)
def cbLoggedIn(result):
self.assertIdentical(IConchUser, result[0])
self.assertIdentical(avatar, result[1])
login.addCallback(cbLoggedIn)
return login
def connect(self):
factory = pb.PBClientFactory()
reactor.connectTCP(GMSERVER_IP, GMSERVER_PORT, factory)
password = md5(GMSERVER_PASSWORD).digest()
factory.login(
UsernamePassword("CharacterServer-CharacterServer", password),
self).addCallbacks(self.connected, self.failure)
def connect(self):
factory = pb.PBClientFactory()
reactor.connectTCP(self.worldIP, 7001, factory)
password = md5(CONFIG["World Password"]).digest()
factory.login(UsernamePassword(CONFIG["World Username"], password),
self).addCallbacks(self.connected, self.failure)
def logInAndCheck(self, username, domain='localhost'):
"""
Ensure that logging in via cred succeeds based on the accounts
managed by L{axiom.userbase.LoginSystem}.
"""
s = self.store
def _speedup():
l = userbase.LoginSystem(store=s)
dependency.installOn(l, s)
s.checkpoint()
p = Portal(IRealm(s),
[ICredentialsChecker(s)])
a = l.addAccount(username, 'localhost', SECRET)
gph = GarbageProtocolHandler(store=a.avatars.open(),
garbage=0)
dependency.installOn(gph, gph.store)
return p, gph
p, gph = s.transact(_speedup)
def wasItGph(xxx_todo_changeme):
(interface, avatar, logout) = xxx_todo_changeme
self.assertEqual(interface, IGarbage)
self.assertEqual(avatar, gph)
logout()
return p.login(UsernamePassword('bob@localhost', SECRET), None, IGarbage
).addCallback(wasItGph)
def xmlrpc_authenticate(self, username, password):
"""server authentication method"""
creds = UsernamePassword(username, password)
d = self.portal.login(creds, None, IQuerier)
d.addCallback(self._attachUser, username, password)
d.addErrback(lambda deferred: '')
return d
def authenticateUserPASS(self, user, password):
"""
Perform authentication for a username/password login.
Override the default lookup scheme to allow virtual domains.
@type user: L{bytes}
@param user: The name of the user attempting to log in.
@type password: L{bytes}
@param password: The password to authenticate with.
@rtype: L{Deferred} which successfully results in 3-L{tuple} of
(L{IMailbox <pop3.IMailbox>}, L{IMailbox <pop3.IMailbox>}
provider, no-argument callable)
@return: A deferred which fires when authentication is complete.
If successful, it returns an L{IMailbox <pop3.IMailbox>} interface,
a mailbox and a logout function. If authentication fails, the
deferred fails with an L{UnauthorizedLogin
<twisted.cred.error.UnauthorizedLogin>} error.
"""
user, domain = self.lookupDomain(user)
try:
portal = self.service.lookupPortal(domain)
except KeyError:
return defer.fail(UnauthorizedLogin())
else:
return portal.login(
UsernamePassword(user, password),
None,
pop3.IMailbox
)
def ConnectToMailServer(self):
print "Connecting to Mail Server Proxy at: %s"%MAILSERVER_IP
factory = pb.PBClientFactory()
reactor.connectTCP(MAILSERVER_IP,MAILSERVER_PORT,factory)
password = md5("MSP").digest()
factory.login(UsernamePassword("MSP-MSP", password),pb.Root()).addCallbacks(self.MSConnected, self.MSFailure)
def test_initialisation(self):
"""
The initialisation of L{UsernamePassword} will set C{username} and
C{password} on it.
"""
creds = UsernamePassword(b"foo", b"bar")
self.assertEqual(creds.username, b"foo")
self.assertEqual(creds.password, b"bar")
def test_request_avatar_id(self):
checker = GoUserSessionAccessChecker(self.sm)
session = {}
self.sm.set_user_account_key(session, u"user-1")
yield self.sm.save_session(u"session-1", session, 10)
creds = UsernamePassword(u"session_id", u"session-1")
user = yield checker.requestAvatarId(creds)
self.assertEqual(user, u"user-1")
def test_requestAvatarIdInvalidCredential(self):
"""
If the passed credentials aren't handled by any registered checker,
L{SSHProtocolChecker} should raise L{UnhandledCredentials}.
"""
checker = checkers.SSHProtocolChecker()
d = checker.requestAvatarId(UsernamePassword('test', 'test'))
return self.assertFailure(d, UnhandledCredentials)
def test_defaultCheckers(self):
"""
L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database
and then the C{spwd} database.
"""
checker = checkers.UNIXPasswordDatabase()
def crypted(username, password):
salt = crypt.crypt(password, username)
crypted = crypt.crypt(password, '$1$' + salt)
return crypted
pwd = UserDatabase()
pwd.addUser('alice', crypted('alice', 'password'),
1, 2, 'foo', '/foo', '/bin/sh')
# x and * are convention for "look elsewhere for the password"
pwd.addUser('bob', 'x', 1, 2, 'bar', '/bar', '/bin/sh')
spwd = ShadowDatabase()
spwd.addUser('alice', 'wrong', 1, 2, 3, 4, 5, 6, 7)
spwd.addUser('bob', crypted('bob', 'password'),
8, 9, 10, 11, 12, 13, 14)
self.patch(checkers, 'pwd', pwd)
self.patch(checkers, 'spwd', spwd)
mockos = MockOS()
self.patch(checkers, 'os', mockos)
self.patch(util, 'os', mockos)
mockos.euid = 2345
mockos.egid = 1234
cred = UsernamePassword("alice", "password")
self.assertLoggedIn(checker.requestAvatarId(cred), 'alice')
self.assertEquals(mockos.seteuidCalls, [])
self.assertEquals(mockos.setegidCalls, [])
cred.username = "******"
self.assertLoggedIn(checker.requestAvatarId(cred), 'bob')
self.assertEquals(mockos.seteuidCalls, [0, 2345])
self.assertEquals(mockos.setegidCalls, [0, 1234])
