def test_is_permitted_account_doesnt_exist(
modular_realm_authorizer, permission_resolver):
"""
when an account cannot be obtained from the account_store, all
permissions checked return False
"""
mra = modular_realm_authorizer
perm1 = permission_resolver('money:write:bankcheck_19911109069')
perm2 = permission_resolver('money:withdrawal')
perm3 = permission_resolver('leatherduffelbag:transport:theringer')
perm4 = permission_resolver('leatherduffelbag:access:theringer')
perms = [perm1, perm2, perm3, perm4]
expected_results = frozenset([(perm1, False), (perm2, False),
(perm3, False), (perm4, False)])
unrecognized_identifier = \
SimpleIdentifierCollection(source_name='AccountStoreRealm',
identifier='jackietreehorn')
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
results = mra.is_permitted(unrecognized_identifier, perms)
assert (expected_results == results and
frozenset(event_detected) == results)
def test_is_permitted_account_doesnt_exist(modular_realm_authorizer,
permission_resolver):
"""
when an account cannot be obtained from the account_store, all
permissions checked return False
"""
mra = modular_realm_authorizer
perm1 = permission_resolver('money:write:bankcheck_19911109069')
perm2 = permission_resolver('money:withdrawal')
perm3 = permission_resolver('leatherduffelbag:transport:theringer')
perm4 = permission_resolver('leatherduffelbag:access:theringer')
perms = [perm1, perm2, perm3, perm4]
expected_results = frozenset([(perm1, False), (perm2, False),
(perm3, False), (perm4, False)])
unrecognized_identifier = \
SimpleIdentifierCollection(source_name='AccountStoreRealm',
identifier='jackietreehorn')
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
results = mra.is_permitted(unrecognized_identifier, perms)
assert (expected_results == results
and frozenset(event_detected) == results)
def test_session_manager_stop(session_manager, cache_handler, session_context,
session_handler, capsys):
"""
test objective:
aspects tested:
- stop
- _lookup_required_session
"""
sh = session_handler
sm = session_manager
sm.cache_handler = cache_handler
sm.event_bus = event_bus
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
session = sm.start(session_context) # a DelegatingSession
sessionid = session.session_id
sm.stop(session.session_key, 'random')
with pytest.raises(UnknownSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
out, err = capsys.readouterr()
assert ('Coult not find session' in out
and isinstance(event_detected.results, namedtuple))
def test_session_manager_stop(
session_manager, cache_handler, session_context, session_handler,
capsys):
"""
test objective:
aspects tested:
- stop
- _lookup_required_session
"""
sh = session_handler
sm = session_manager
sm.cache_handler = cache_handler
sm.event_bus = event_bus
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
session = sm.start(session_context) # a DelegatingSession
sessionid = session.session_id
sm.stop(session.session_key, 'random')
with pytest.raises(UnknownSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
out, err = capsys.readouterr()
assert ('Coult not find session' in out and
isinstance(event_detected.results, namedtuple))
def test_seh_notify_stop(session_event_handler, session_key, thedude_identifier):
seh = session_event_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
mysession = session_tuple(thedude_identifier, session_key)
seh.notify_stop(mysession)
assert event_detected.session_key == mysession.session_key
def test_check_role_succeeds(modular_realm_authorizer, thedude_identifier):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
assert (mra.check_role(thedude_identifier, roles, any) is None and
frozenset(event_detected) == roles)
def test_seh_notify_stop(session_event_handler, session_key,
thedude_identifier):
seh = session_event_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
mysession = session_tuple(thedude_identifier, session_key)
seh.notify_stop(mysession)
assert event_detected.session_key == mysession.session_key
def test_check_role_succeeds(modular_realm_authorizer, thedude_identifier):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
assert (mra.check_role(thedude_identifier, roles, any) is None
and frozenset(event_detected) == roles)
def test_check_permission_succeeds(
permission_resolver, modular_realm_authorizer, authz_info,
thedude_identifier, thedude_testpermissions):
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
assert (mra.check_permission(thedude_identifier, tp['perms'], any) is None and
event_detected == tp['perms'])
def test_authentication_using_accountstore_success(
caplog, default_authenticator, valid_username_password_token,
thedude_credentials):
da = default_authenticator
event_detected = None
def event_listener(identifiers=None):
nonlocal event_detected
event_detected = identifiers
event_bus.register(event_listener, 'AUTHENTICATION.SUCCEEDED')
account = da.authenticate_account(valid_username_password_token)
out = caplog.text
assert (event_detected == account.account_id and
("Could not obtain cached" in out and "No account" not in out))
def test_check_permission_raises(
permission_resolver, modular_realm_authorizer, authz_info,
thedude_identifier, thedude_testpermissions):
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
with pytest.raises(UnauthorizedException):
mra.check_permission(thedude_identifier, tp['perms'], all)
assert event_detected == tp['perms']
def test_check_role_raises(thedude_identifier, modular_realm_authorizer,
clear_cached_authz_info):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
with pytest.raises(UnauthorizedException):
mra.check_role(thedude_identifier, roles, all)
assert frozenset(event_detected) == roles
def test_check_permission_succeeds(permission_resolver,
modular_realm_authorizer, authz_info,
thedude_identifier,
thedude_testpermissions):
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
assert (mra.check_permission(thedude_identifier, tp['perms'], any) is None
and event_detected == tp['perms'])
def test_has_role(valid_username_password_token, thedude_testroles,
new_subject, authz_info, thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
new_subject.login(valid_username_password_token)
result = new_subject.has_role(tr['roles'])
assert (tr['expected_results'] == result and
frozenset(event_detected) == result)
new_subject.logout()
def test_check_role_succeeds(
authz_info, new_subject, thedude_testroles,
valid_username_password_token, thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
new_subject.login(valid_username_password_token)
assert (new_subject.check_role(tr['roles'], any) is None and
event_detected == tr['roles'])
new_subject.logout()
def test_authentication_using_accountstore_pw_failure(
caplog, default_authenticator, invalid_username_password_token,
thedude_credentials):
da = default_authenticator
event_detected = None
def event_listener(username=None):
nonlocal event_detected
event_detected = username
event_bus.register(event_listener, 'AUTHENTICATION.FAILED')
with pytest.raises(AuthenticationException):
account = da.authenticate_account(invalid_username_password_token)
out = caplog.text
assert (event_detected == account.account_id and
("Could not obtain cached" in out and "No account" not in out))
def test_check_role_raises(thedude_identifier, modular_realm_authorizer,
clear_cached_authz_info):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
with pytest.raises(UnauthorizedException):
mra.check_role(thedude_identifier, roles, all)
assert frozenset(event_detected) == roles
def test_check_permission_raises(permission_resolver, modular_realm_authorizer,
authz_info, thedude_identifier,
thedude_testpermissions):
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
with pytest.raises(UnauthorizedException):
mra.check_permission(thedude_identifier, tp['perms'], all)
assert event_detected == tp['perms']
def test_has_role(valid_username_password_token, thedude_testroles,
new_subject, authz_info, thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
new_subject.login(valid_username_password_token)
result = new_subject.has_role(tr['roles'])
assert (tr['expected_results'] == result
and frozenset(event_detected) == result)
new_subject.logout()
def test_check_role_succeeds(authz_info, new_subject, thedude_testroles,
valid_username_password_token,
thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
new_subject.login(valid_username_password_token)
assert (new_subject.check_role(tr['roles'], any) is None
and event_detected == tr['roles'])
new_subject.logout()
def test_is_permitted(permission_resolver, modular_realm_authorizer,
authz_info, thedude_identifier,
thedude_testpermissions):
"""
get a frozenset of tuple(s), containing the Permission and a Boolean
indicating whether the permission is granted
"""
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
results = mra.is_permitted(thedude_identifier, tp['perms'])
assert (tp['expected_results'] == results and
frozenset(event_detected) == results)
def test_authentication_using_accountstore_user_not_found(
default_authenticator):
da = default_authenticator
event_detected = None
def event_listener(username=None):
nonlocal event_detected
event_detected = username
event_bus.register(event_listener, 'AUTHENTICATION.FAILED')
dumb_token = UsernamePasswordToken(username='******',
password='******',
remember_me=False,
host='127.0.0.1')
with pytest.raises(AuthenticationException):
da.authenticate_account(dumb_token)
assert (event_detected == dumb_token.username)
def test_check_role_raises(authz_info, new_subject, thedude_testroles,
valid_username_password_token, thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
new_subject.login(valid_username_password_token)
with pytest.raises(UnauthorizedException):
new_subject.check_role(tr['roles'], all)
assert event_detected == tr['roles']
new_subject.logout()
def test_is_permitted(permission_resolver, modular_realm_authorizer,
authz_info, thedude_identifier, thedude_testpermissions):
"""
get a frozenset of tuple(s), containing the Permission and a Boolean
indicating whether the permission is granted
"""
mra = modular_realm_authorizer
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
results = mra.is_permitted(thedude_identifier, tp['perms'])
assert (tp['expected_results'] == results
and frozenset(event_detected) == results)
def test_check_role_raises(
authz_info, new_subject, thedude_testroles,
valid_username_password_token, thedude_credentials):
tr = thedude_testroles
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
new_subject.login(valid_username_password_token)
with pytest.raises(UnauthorizedException):
new_subject.check_role(tr['roles'], all)
assert event_detected == tr['roles']
new_subject.logout()
def test_has_role(modular_realm_authorizer, thedude_identifier):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
expected_results = frozenset([('bankcustomer', True), ('courier', True),
('thief', False)])
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
result = mra.has_role(thedude_identifier, roles)
assert (expected_results == result and frozenset(event_detected) == result)
def test_check_permission_raises(
permission_resolver, authz_info, thedude_testpermissions,
new_subject, valid_username_password_token, thedude_credentials):
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
new_subject.login(valid_username_password_token)
with pytest.raises(UnauthorizedException):
new_subject.check_permission(tp['perms'], all)
assert event_detected == tp['perms']
new_subject.logout()
def test_sh_stopped_session(session_handler, cache_handler, session,
monkeypatch):
"""
test objective: validate stopped session handling
session_handler aspects tested:
- create_session
- do_get_session
- on_change
- validate
- on_invalidation
- before_invalid_notification
- after_stopped
"""
ch = cache_handler
sh = session_handler
monkeypatch.setattr(sh, 'auto_touch', False)
sh.cache_handler = cache_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
session.set_internal_attribute(
'DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678')
sessionid = sh.create_session(session)
cachedsession = ch.get(domain='session', identifier=sessionid)
now = datetime.datetime.now(pytz.utc)
cachedsession.stop_timestamp = now
ch.set(domain='session', identifier=sessionid, value=cachedsession)
with pytest.raises(InvalidSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
assert event_detected.identifiers
def test_sh_stopped_session(
session_handler, cache_handler, session, monkeypatch):
"""
test objective: validate stopped session handling
session_handler aspects tested:
- create_session
- do_get_session
- on_change
- validate
- on_invalidation
- before_invalid_notification
- after_stopped
"""
ch = cache_handler
sh = session_handler
monkeypatch.setattr(sh, 'auto_touch', False)
sh.cache_handler = cache_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.STOP')
session.set_internal_attribute('DefaultSubjectContext.IDENTIFIERS_SESSION_KEY',
'user12345678')
sessionid = sh.create_session(session)
cachedsession = ch.get(domain='session', identifier=sessionid)
now = datetime.datetime.now(pytz.utc)
cachedsession.stop_timestamp = now
ch.set(domain='session', identifier=sessionid, value=cachedsession)
with pytest.raises(InvalidSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
assert event_detected.identifiers
def test_authenticated_subject_check_permission_succeeds(
authz_info, thedude_testpermissions, new_subject,
valid_username_password_token, thedude_credentials):
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
new_subject.login(valid_username_password_token)
check = new_subject.check_permission(tp['perms'], any)
assert (check is None and event_detected == tp['perms'])
new_subject.logout()
with pytest.raises(UnauthenticatedException):
new_subject.check_permission(tp['perms'], any)
def test_has_role(modular_realm_authorizer, thedude_identifier):
mra = modular_realm_authorizer
roles = {'bankcustomer', 'courier', 'thief'}
expected_results = frozenset([('bankcustomer', True),
('courier', True),
('thief', False)])
event_detected = None
def event_listener(identifiers=None, items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.RESULTS')
result = mra.has_role(thedude_identifier, roles)
assert (expected_results == result and
frozenset(event_detected) == result)
def test_authentication_using_cache_pw_failure(
caplog, default_authenticator, invalid_username_password_token,
cache_handler, thedude_credentials):
da = default_authenticator
event_detected = None
def event_listener(username=None):
nonlocal event_detected
event_detected = username
event_bus.register(event_listener, 'AUTHENTICATION.FAILED')
cred = Credential(thedude_credentials)
cache_handler.set(domain='credentials', identifier='thedude', value=cred)
with pytest.raises(AuthenticationException):
da.authenticate_account(invalid_username_password_token)
out = caplog.text
assert (event_detected == invalid_username_password_token.username and
("Could not obtain cached" not in out))
def test_authentication_using_cache_success(
caplog, default_authenticator, invalid_username_password_token,
valid_username_password_token, cache_handler, thedude_credentials):
da = default_authenticator
event_detected = None
def event_listener(identifiers=None):
nonlocal event_detected
event_detected = identifiers
event_bus.register(event_listener, 'AUTHENTICATION.SUCCEEDED')
with pytest.raises(AuthenticationException):
da.authenticate_account(invalid_username_password_token)
account = da.authenticate_account(valid_username_password_token)
out = caplog.text
assert (event_detected == account.account_id and
("Could not obtain cached" not in out) and
account.account_id == valid_username_password_token.identifier)
def test_sh_expired_session(session_handler, cache_handler, session,
myminutes):
"""
test objective: validate idle and absolute timeout expiration handling
session_handler aspects tested:
- create_session
- do_get_session
- on_change
- validate
- on_expiration
- before_invalid_notification
"""
sh = session_handler
sh.auto_touch = False
sh.cache_handler = cache_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.EXPIRE')
session.set_internal_attribute(
'DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678')
sessionid = sh.create_session(session)
cachedsession = sh.do_get_session(DefaultSessionKey(sessionid))
now = datetime.datetime.now(pytz.utc)
minutes_ago = datetime.timedelta(minutes=myminutes)
cachedsession.last_access_time = now - minutes_ago
sh.on_change(cachedsession)
with pytest.raises(ExpiredSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
assert event_detected.items.identifiers
def test_sh_expired_session(
session_handler, cache_handler, session, myminutes):
"""
test objective: validate idle and absolute timeout expiration handling
session_handler aspects tested:
- create_session
- do_get_session
- on_change
- validate
- on_expiration
- before_invalid_notification
"""
sh = session_handler
sh.auto_touch = False
sh.cache_handler = cache_handler
event_detected = None
def event_listener(items=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'SESSION.EXPIRE')
session.set_internal_attribute('DefaultSubjectContext.IDENTIFIERS_SESSION_KEY',
'user12345678')
sessionid = sh.create_session(session)
cachedsession = sh.do_get_session(DefaultSessionKey(sessionid))
now = datetime.datetime.now(pytz.utc)
minutes_ago = datetime.timedelta(minutes=myminutes)
cachedsession.last_access_time = now - minutes_ago
sh.on_change(cachedsession)
with pytest.raises(ExpiredSessionException):
sh.do_get_session(DefaultSessionKey(sessionid))
assert event_detected.items.identifiers
def test_check_permission_raises(permission_resolver, authz_info,
thedude_testpermissions, new_subject,
valid_username_password_token,
thedude_credentials):
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.DENIED')
new_subject.login(valid_username_password_token)
with pytest.raises(UnauthorizedException):
new_subject.check_permission(tp['perms'], all)
assert event_detected == tp['perms']
new_subject.logout()
def test_authenticated_subject_check_permission_succeeds(
authz_info, thedude_testpermissions, new_subject,
valid_username_password_token, thedude_credentials):
tp = thedude_testpermissions
event_detected = None
def event_listener(identifiers=None, items=None, logical_operator=None):
nonlocal event_detected
event_detected = items
event_bus.register(event_listener, 'AUTHORIZATION.GRANTED')
new_subject.login(valid_username_password_token)
check = new_subject.check_permission(tp['perms'], any)
assert (check is None and event_detected == tp['perms'])
new_subject.logout()
with pytest.raises(UnauthenticatedException):
new_subject.check_permission(tp['perms'], any)
def test_session_manager_start(session_manager, cache_handler, session_context):
"""
test objective:
aspects tested:
- _create_session
- create_exposed_session
"""
sm = session_manager
sm.cache_handler = cache_handler
sm.event_bus = event_bus
event_detected = None
def event_listener(session_id=None):
nonlocal event_detected
event_detected = session_id
event_bus.register(event_listener, 'SESSION.START')
session = sm.start(session_context)
assert (isinstance(session, DelegatingSession) and event_detected)
def test_session_manager_start(session_manager, cache_handler,
session_context):
"""
test objective:
aspects tested:
- _create_session
- create_exposed_session
"""
sm = session_manager
sm.cache_handler = cache_handler
sm.event_bus = event_bus
event_detected = None
def event_listener(session_id=None):
nonlocal event_detected
event_detected = session_id
event_bus.register(event_listener, 'SESSION.START')
session = sm.start(session_context)
assert (isinstance(session, DelegatingSession) and event_detected)