def test_overridden_authorization_policy(self):
config = self._makeConfig()
config.include(self.package)
from pyramid.testing import DummySecurityPolicy
config.set_authorization_policy(DummySecurityPolicy('fred'))
config.set_authentication_policy(DummySecurityPolicy(permissive=True))
app = config.make_wsgi_app()
from webtest import TestApp
self.testapp = TestApp(app)
res = self.testapp.get('/protected', status=200)
self.assertTrue('protected view' in res)
def testing_securitypolicy(self,
userid=None,
groupids=(),
permissive=True):
"""Unit/integration testing helper: Registers a pair of faux
:app:`Pyramid` security policies: a :term:`authentication
policy` and a :term:`authorization policy`.
The behavior of the registered :term:`authorization policy`
depends on the ``permissive`` argument. If ``permissive`` is
true, a permissive :term:`authorization policy` is registered;
this policy allows all access. If ``permissive`` is false, a
nonpermissive :term:`authorization policy` is registered; this
policy denies all access.
The behavior of the registered :term:`authentication policy`
depends on the values provided for the ``userid`` and
``groupids`` argument. The authentication policy will return
the userid identifier implied by the ``userid`` argument and
the group ids implied by the ``groupids`` argument when the
:func:`pyramid.security.authenticated_userid` or
:func:`pyramid.security.effective_principals` APIs are
used.
This function is most useful when testing code that uses
the APIs named :func:`pyramid.security.has_permission`,
:func:`pyramid.security.authenticated_userid`,
:func:`pyramid.security.effective_principals`, and
:func:`pyramid.security.principals_allowed_by_permission`.
"""
from pyramid.testing import DummySecurityPolicy
policy = DummySecurityPolicy(userid, groupids, permissive)
self.registry.registerUtility(policy, IAuthorizationPolicy)
self.registry.registerUtility(policy, IAuthenticationPolicy)
def testing_securitypolicy(
self,
userid=None,
identity=None,
permissive=True,
remember_result=None,
forget_result=None,
):
"""Unit/integration testing helper. Registers a faux :term:`security
policy`.
This function is most useful when testing code that uses the security
APIs, such as :meth:`pyramid.request.Request.identity`,
:attr:`pyramid.request.Request.authenticated_userid`, or
:meth:`pyramid.request.Request.has_permission`,
The behavior of the registered :term:`security policy` depends on the
arguments passed to this method.
:param userid: If provided, the policy's ``authenticated_userid``
method will return this value. As a result,
:attr:`pyramid.request.Request.authenticated_userid` will have this
value as well.
:type userid: str
:param identity: If provided, the policy's ``authenticated_identity``
method will return this value. As a result,
:attr:`pyramid.request.Request.authenticated_identity`` will have
this value.
:type identity: object
:param permissive: If true, the policy will allow access to any user
for any permission. If false, the policy will deny all access.
:type permissive: bool
:param remember_result: If provided, the policy's ``remember`` method
will return this value. Otherwise, ``remember`` will return an
empty list.
:type remember_result: list
:param forget_result: If provided, the policy's ``forget`` method will
return this value. Otherwise, ``forget`` will return an empty
list.
:type forget_result: list
.. versionadded:: 1.4
The ``remember_result`` argument.
.. versionadded:: 1.4
The ``forget_result`` argument.
.. versionchanged:: 2.0
Removed ``groupids`` argument and add `identity` argument.
"""
from pyramid.testing import DummySecurityPolicy
policy = DummySecurityPolicy(userid, identity, permissive,
remember_result, forget_result)
self.registry.registerUtility(policy, ISecurityPolicy)
return policy
def testing_securitypolicy(
self,
userid=None,
groupids=(),
permissive=True,
remember_result=None,
forget_result=None,
):
"""Unit/integration testing helper: Registers a pair of faux
:app:`Pyramid` security policies: a :term:`authentication
policy` and a :term:`authorization policy`.
The behavior of the registered :term:`authorization policy`
depends on the ``permissive`` argument. If ``permissive`` is
true, a permissive :term:`authorization policy` is registered;
this policy allows all access. If ``permissive`` is false, a
nonpermissive :term:`authorization policy` is registered; this
policy denies all access.
``remember_result``, if provided, should be the result returned by
the ``remember`` method of the faux authentication policy. If it is
not provided (or it is provided, and is ``None``), the default value
``[]`` (the empty list) will be returned by ``remember``.
``forget_result``, if provided, should be the result returned by
the ``forget`` method of the faux authentication policy. If it is
not provided (or it is provided, and is ``None``), the default value
``[]`` (the empty list) will be returned by ``forget``.
The behavior of the registered :term:`authentication policy`
depends on the values provided for the ``userid`` and
``groupids`` argument. The authentication policy will return
the userid identifier implied by the ``userid`` argument and
the group ids implied by the ``groupids`` argument when the
:attr:`pyramid.request.Request.authenticated_userid` or
:attr:`pyramid.request.Request.effective_principals` APIs are
used.
This function is most useful when testing code that uses
the APIs named :meth:`pyramid.request.Request.has_permission`,
:attr:`pyramid.request.Request.authenticated_userid`,
:attr:`pyramid.request.Request.effective_principals`, and
:func:`pyramid.security.principals_allowed_by_permission`.
.. versionadded:: 1.4
The ``remember_result`` argument.
.. versionadded:: 1.4
The ``forget_result`` argument.
"""
from pyramid.testing import DummySecurityPolicy
policy = DummySecurityPolicy(userid, groupids, permissive,
remember_result, forget_result)
self.registry.registerUtility(policy, IAuthorizationPolicy)
self.registry.registerUtility(policy, IAuthenticationPolicy)
return policy
def test_forget_warning():
policy = JWTAuthenticationPolicy("secret", http_header="X-Token")
with testConfig() as config:
config.set_authorization_policy(DummySecurityPolicy())
config.set_authentication_policy(policy)
request = DummyRequest()
with warnings.catch_warnings(record=True) as w:
forget(request)
assert len(w) == 1
assert issubclass(w[-1].category, UserWarning)
assert "JWT tokens" in str(w[-1].message)
assert w[-1].filename.endswith("test_policy.py")
def test_remember_warning():
policy = JWTAuthenticationPolicy('secret', http_header='X-Token')
with testConfig() as config:
config.set_authorization_policy(DummySecurityPolicy())
config.set_authentication_policy(policy)
request = DummyRequest()
with warnings.catch_warnings(record=True) as w:
remember(request, 15)
assert len(w) == 1
assert issubclass(w[-1].category, UserWarning)
assert 'JWT tokens' in str(w[-1].message)
assert w[-1].filename.endswith('test_policy.py')
def testing_legacySecurityPolicy(
config, userid=None, groupids=(), permissive=True, remember_result=None, forget_result=None
):
"""Compatibility mode for deprecated AuthorizationPolicy and AuthenticationPolicy in our tests"""
from pyramid.interfaces import IAuthenticationPolicy, IAuthorizationPolicy, ISecurityPolicy
from pyramid.security import LegacySecurityPolicy
from pyramid.testing import DummySecurityPolicy
policy = DummySecurityPolicy(userid, groupids, permissive, remember_result, forget_result)
config.registry.registerUtility(policy, IAuthorizationPolicy)
config.registry.registerUtility(policy, IAuthenticationPolicy)
security_policy = LegacySecurityPolicy()
config.registry.registerUtility(security_policy, ISecurityPolicy)
return policy
def setUser(config, user):
config.set_security_policy(DummySecurityPolicy(identity=user))