def test_backenderrors(self):
# this test makes sure all BackendErrors in user/sreg
# give useful info in the TB
if not CAN_MOCK_WSGI:
raise SkipTest
try:
import ldap # NOQA
except ImportError:
# no ldap module means sreg_config won't load
raise SkipTest
mgr = load_and_configure(sreg_config)
def _kill():
return HTTPServiceUnavailable()
tarek = User('tarek')
credentials = {"username": "******", "password": "******"}
with mock_wsgi(_kill):
try:
mgr.delete_user(tarek, credentials)
except BackendError, err:
res = str(err)
def test_user_proxy(self):
if not CAN_MOCK_WSGI:
raise SkipTest
mgr = load_and_configure(proxy_config)
# Test for successful authentication
whoami_was_called = []
def _successful_response():
whoami_was_called.append(True)
return Response('{"userid": 42, "syncNode": "blah"}')
user = User("test1")
with mock_wsgi(_successful_response):
userid = mgr.authenticate_user(user, "password")
self.assertTrue(whoami_was_called)
self.assertEquals(userid, 42)
self.assertEquals(user["userid"], 42)
# Test that we call the whoami API each time, no caching etc.
del whoami_was_called[:]
user = User("test1")
with mock_wsgi(_successful_response):
userid = mgr.authenticate_user(user, "password")
self.assertTrue(whoami_was_called)
self.assertEquals(userid, 42)
self.assertEquals(user["userid"], 42)
# Test unsuccessful authentication.
del whoami_was_called[:]
def _unsuccessful_response():
whoami_was_called.append(True)
return Response(status=401)
user = User("test1")
with mock_wsgi(_unsuccessful_response):
userid = mgr.authenticate_user(user, "wrongpassword")
self.assertTrue(whoami_was_called)
self.assertEquals(userid, None)
def test_user_sreg(self):
if not CAN_MOCK_WSGI:
raise SkipTest
try:
import ldap # NOQA
except ImportError:
# we probably don't have an LDAP configured here. Don't test
raise SkipTest
credentials = {"username": "******", "password": "******"}
def _fake_response():
return Response('0')
def _username_response():
return Response('"user1"')
def _user_exists_response():
r = Response()
r.status = '400 Bad Request'
r.body = str(ERROR_INVALID_WRITE)
return r
mgr = load_and_configure(sreg_config)
with mock_wsgi(_username_response):
user1 = mgr.create_user('user1', 'password1', '*****@*****.**')
self.assertEquals(user1['username'], 'user1')
with mock_wsgi(_fake_response):
self.assertTrue(mgr.admin_update_password(user1, 'newpass',
'key'))
self.assertTrue(mgr.delete_user(user1, credentials))
with mock_wsgi(_user_exists_response):
self.assertFalse(mgr.create_user('user1', 'password1',
'*****@*****.**'))
with mock_wsgi(_kill):
try:
mgr.create_user('tarek', 'pass', 'mail')
except BackendError, err:
res = str(err)
wanted = ('BackendError on http://localhost/tarek\n\nUnable to create'
' the user via sreg. Received body:\n503 Service '
'Unavailable\n\nThe server is currently unavailable. '
'Please try again at a later time.\n\n \nReceived status:'
' 503')
self.assertEqual(res, wanted)
with mock_wsgi(_kill):
try:
mgr.admin_update_password(tarek, 'pass', 'key')
except BackendError, err:
res = str(err)
wanted = ('BackendError on http://localhost/tarek/password\n\nUnable '
'to change the user password via sreg. Received body:\n503 '
'Service Unavailable\n\nThe server is currently '
'unavailable. Please try again at a later time.\n\n '
'\nReceived status: 503')
self.assertEqual(res, wanted)
def test_suite():
suite = unittest.TestSuite()
def test_user_proxycache(self):
if not CAN_MOCK_WSGI:
raise SkipTest
mgr = load_and_configure(proxycache_config)
# Check if memcache is up and running
try:
mgr._cache_get('test')
except BackendError:
raise SkipTest
# We can authenticate a proper user from a cold cache,
# by pulling their data from the proxy server.
whoami_was_called = []
def _successful_response():
whoami_was_called.append(True)
return Response('{"userid": 42, "syncNode": "blah"}')
user = User("test1")
with mock_wsgi(_successful_response):
userid = mgr.authenticate_user(user, "password", ["syncNode"])
self.assertEquals(userid, 42)
self.assertEquals(user["userid"], 42)
self.assertEquals(user["syncNode"], "blah")
self.assertTrue(whoami_was_called)
# Subsequent authentication attempts will use the local cache.
del whoami_was_called[:]
user = User("test1")
with mock_wsgi(_successful_response):
userid = mgr.authenticate_user(user, "password", ["syncNode"])
self.assertEquals(userid, 42)
self.assertEquals(user["userid"], 42)
self.assertEquals(user["syncNode"], "blah")
self.assertFalse(whoami_was_called)
# Eventually the cache will expire.
time.sleep(1)
del whoami_was_called[:]
user = User("test1")
with mock_wsgi(_successful_response):
userid = mgr.authenticate_user(user, "password", ["syncNode"])
self.assertEquals(userid, 42)
self.assertEquals(user["userid"], 42)
self.assertEquals(user["syncNode"], "blah")
self.assertTrue(whoami_was_called)
# Warm cache + bad password = authentication fails.
# A different password will cause it to fall through to the proxy.
def _unsuccessful_response():
whoami_was_called.append(True)
return Response(status=401)
del whoami_was_called[:]
user = User("test1")
with mock_wsgi(_unsuccessful_response):
userid = mgr.authenticate_user(user, "wrongpassword")
self.assertEquals(userid, None)
self.assertTrue(whoami_was_called)
# Cold cache + bad password = authentication fails.
# Switch to a different username so that the cache is cold.
del whoami_was_called[:]
user = User("test2")
with mock_wsgi(_unsuccessful_response):
userid = mgr.authenticate_user(user, "password")
self.assertEquals(userid, None)
self.assertTrue(whoami_was_called)
# The failed auth should not populate the cache.
del whoami_was_called[:]
user = User("test2")
with mock_wsgi(_unsuccessful_response):
userid = mgr.authenticate_user(user, "password")
self.assertEquals(userid, None)
self.assertTrue(whoami_was_called)
