def test_firerole_with_past_date(self):
"""firerole - firerole core testing with past date"""
import time
past_date = time.strftime('%Y-%m-%d', time.gmtime(time.time() - 24 * 3600 * 2))
self.failIf(acc_firerole_check_user(self.user_info,
compile_role_definition("allow until '%s'\nallow any" % past_date)))
self.failUnless(acc_firerole_check_user(self.user_info,
compile_role_definition("allow from '%s'\nallow any" % past_date)))
def test_firerole_ip_mask(self):
"""firerole - firerole core testing ip mask matching"""
self.failUnless(acc_firerole_check_user(self.user_info,
compile_role_definition("allow remote_ip '127.0.0.0/24'"
"\ndeny any")))
self.failIf(acc_firerole_check_user(self.guest,
compile_role_definition("allow remote_ip '127.0.0.0/24'"
"\ndeny any")))
def http_check_credentials(req, role):
"""Retrieve Apache password and check user credential with the
check_auth function. If this function returns True check if the user
is enabled to the given role. If this is True, return, otherwise
popup a new apache login box.
"""
authorized = False
while True:
if req.headers_in.has_key("Authorization"):
try:
s = req.headers_in["Authorization"][6:]
s = base64.decodestring(s)
user, passwd = s.split(":", 1)
except (ValueError, base64.binascii.Error, base64.binascii.Incomplete):
raise apache.SERVER_RETURN, apache.HTTP_BAD_REQUEST
authorized = auth_apache_user_p(user, passwd)
if authorized:
setApacheUser(req, user)
authorized = acc_firerole_check_user(collect_user_info(req), load_role_definition(acc_get_role_id(role)))
setApacheUser(req, '')
if not authorized:
# note that Opera supposedly doesn't like spaces around "=" below
s = 'Basic realm="%s"' % role
req.headers_out["WWW-Authenticate"] = s
raise apache.SERVER_RETURN, apache.HTTP_UNAUTHORIZED
else:
setApacheUser(req, user)
return
def test_firerole_literal_email(self):
"""firerole - firerole core testing literal email matching"""
self.failUnless(
acc_firerole_check_user(
self.user_info,
compile_role_definition("allow email '*****@*****.**'," "'*****@*****.**'\ndeny any"),
)
)
def test_firerole_literal_email(self):
"""firerole - firerole core testing literal email matching"""
self.failUnless(
acc_firerole_check_user(
self.user_info,
compile_role_definition(
"allow email '*****@*****.**',"
"'*****@*****.**'\ndeny any")))
def isUserSuperAdmin(user_info):
"""Return True if the user is superadmin; False otherwise."""
if run_sql("""SELECT r.id
FROM accROLE r LEFT JOIN user_accROLE ur
ON r.id = ur.id_accROLE
WHERE r.name = %s AND
ur.id_user = %s AND ur.expiration>=NOW() LIMIT 1""", (SUPERADMINROLE, user_info['uid']), 1):
return True
return acc_firerole_check_user(user_info, load_role_definition(acc_get_role_id(SUPERADMINROLE)))
def isUserSuperAdmin(user_info):
"""Return True if the user is superadmin; False otherwise."""
if run_sql(
"""SELECT r.id
FROM accROLE r LEFT JOIN user_accROLE ur
ON r.id = ur.id_accROLE
WHERE r.name = %s AND
ur.id_user = %s AND ur.expiration>=NOW() LIMIT 1""",
(SUPERADMINROLE, user_info['uid']), 1):
return True
return acc_firerole_check_user(
user_info, load_role_definition(acc_get_role_id(SUPERADMINROLE)))
def test_firerole_guest(self):
"""firerole - firerole core testing with guest"""
self.assertEqual(
False,
acc_firerole_check_user(
self.guest,
compile_role_definition("deny guest '1'\nallow all")))
self.assertEqual(
True,
acc_firerole_check_user(
self.guest,
compile_role_definition("deny guest '0'\nallow all")))
self.assertEqual(
True,
acc_firerole_check_user(
self.user_info,
compile_role_definition("deny guest '1'\nallow all")))
self.assertEqual(
False,
acc_firerole_check_user(
self.user_info,
compile_role_definition("deny guest '0'\nallow all")))
self.assertEqual(
False,
acc_firerole_check_user(
self.user_info,
compile_role_definition("deny guest '1'\ndeny all")))
self.assertEqual(
False,
acc_firerole_check_user(
self.user_info,
compile_role_definition("deny guest '0'\ndeny all")))
def test_firerole_guest(self):
"""firerole - firerole core testing with guest"""
self.assertEqual(False, acc_firerole_check_user(self.guest,
compile_role_definition("deny guest '1'\nallow all")))
self.assertEqual(True, acc_firerole_check_user(self.guest,
compile_role_definition("deny guest '0'\nallow all")))
self.assertEqual(True, acc_firerole_check_user(self.user_info,
compile_role_definition("deny guest '1'\nallow all")))
self.assertEqual(False, acc_firerole_check_user(self.user_info,
compile_role_definition("deny guest '0'\nallow all")))
self.assertEqual(False, acc_firerole_check_user(self.user_info,
compile_role_definition("deny guest '1'\ndeny all")))
self.assertEqual(False, acc_firerole_check_user(self.user_info,
compile_role_definition("deny guest '0'\ndeny all")))
def test_firerole_non_existant_group(self):
"""firerole - firerole core testing non existant group matching"""
self.failIf(
acc_firerole_check_user(
self.user_info,
compile_role_definition("allow groups 'patat'\ndeny any")))
def test_firerole_uid(self):
"""firerole - firerole core testing with integer uid"""
self.assertEqual(False, acc_firerole_check_user(self.guest,
compile_role_definition("deny uid '-1'\nallow all")))
self.assertEqual(True, acc_firerole_check_user(self.user_info,
compile_role_definition("deny uid '-1'\nallow all")))
def test_firerole_empty(self):
"""firerole - firerole core testing empty matching"""
self.assertEqual(False, acc_firerole_check_user(self.user_info,
compile_role_definition(None)))
def test_firerole_non_existant_group(self):
"""firerole - firerole core testing non existant group matching"""
self.failIf(acc_firerole_check_user(self.user_info,
compile_role_definition("allow groups 'patat'\ndeny any")))
def test_firerole_literal_group(self):
"""firerole - firerole core testing literal group matching"""
self.failUnless(acc_firerole_check_user(self.user_info,
compile_role_definition("allow groups 'patata'\ndeny any")))
def test_firerole_regexp_email(self):
"""firerole - firerole core testing regexp email matching"""
self.failUnless(acc_firerole_check_user(self.user_info,
compile_role_definition("allow email /.*@cern.ch/\ndeny any")))
def test_firerole_empty(self):
"""firerole - firerole core testing empty matching"""
self.assertEqual(
False,
acc_firerole_check_user(self.user_info,
compile_role_definition(None)))
def test_firerole_literal_group(self):
"""firerole - firerole core testing literal group matching"""
self.failUnless(
acc_firerole_check_user(
self.user_info,
compile_role_definition("allow groups 'patata'\ndeny any")))
def test_firerole_regexp_email(self):
"""firerole - firerole core testing regexp email matching"""
self.failUnless(
acc_firerole_check_user(
self.user_info,
compile_role_definition("allow email /.*@cern.ch/\ndeny any")))
def test_firerole_literal_email(self):
"""firerole - firerole core testing literal email matching"""
self.failUnless(acc_firerole_check_user(self.user_info,
compile_role_definition("allow email '*****@*****.**',"
"'*****@*****.**'\ndeny any")))
