def testAuthenticationProcessingFilterWithBadPassword(self):
def start_response():
pass
def application(environ, start_response):
return ["Success"]
environ = {}
environ["PATH_INFO"] = "/index.html"
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)}
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService
inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider])
authenticationFilter = AuthenticationProcessingFilter()
authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager
authenticationFilter.alwaysReauthenticate = False
token = UsernamePasswordAuthenticationToken("user1", "bad_password", None)
self.assertFalse(token.isAuthenticated())
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = token
filterChainProxy = FilterChainProxy()
filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])]
filterChainProxy.application = application
self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response)
self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def testIocDaoAuthenticationBadUsersWithHiddenExceptions(self):
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication)
authentication = UsernamePasswordAuthenticationToken(username="******", password="")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testIoCDaoAuthenticationGoodUsers(self):
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication)
self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths)
self.assertTrue("blue" in SecurityContextHolder.getContext().authentication.granted_auths)
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication)
self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths)
self.assertTrue("orange" in SecurityContextHolder.getContext().authentication.granted_auths)
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication)
self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths)
self.assertTrue("admin" in SecurityContextHolder.getContext().authentication.granted_auths)
def testIoCDaoAuthenticationDisabledUserBadPassword(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([('disabled', 'correctpassword', False)])).id("#2").after("#1")
self.mock.expects(once()).method("execute").id("#3").after("#2")
self.mock.expects(once()).method("fetchall").will(return_value([('disabled', 'role1')])).id("#4").after("#3")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication)
def testIoCDaoAuthenticationActiveUserBadPassword(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([('activeuser', 'correctpassword', True)])).id("#2").after("#1")
self.mock.expects(once()).method("execute").id("#3").after("#2")
self.mock.expects(once()).method("fetchall").will(return_value([('activeuser', 'role1')])).id("#4").after("#3")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testIocDaoAuthenticationBadUsersDontHideBadCredentialsEmptyUser(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([('emptyuser', '', True)])).id("#2").after("#1")
self.mock.expects(once()).method("execute").id("#3").after("#2")
self.mock.expects(once()).method("fetchall").will(return_value([])).id("#4").after("#3")
authentication = UsernamePasswordAuthenticationToken(username="******", password="")
self.assertRaises(UsernameNotFoundException, self.auth_manager.authenticate, authentication)
def testIocDaoAuthenticationBadUsersDontHideBadCredentialsDisabledUser(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([('disableduser', 'password4', False)])).id("#2").after("#1")
self.mock.expects(once()).method("execute").id("#3").after("#2")
self.mock.expects(once()).method("fetchall").will(return_value([('disableduser', 'role1'), ('disableduser', 'blue')])).id("#4").after("#3")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication)
def create_success_auth(self, principal, authentication, user):
# Ensure we return the original credentials the user supplied,
# so subsequent attempts are successful even with encoded passwords.
# Also ensure we return the original getDetails(), so that future
# authentication events after cache expiry contain the details
result = UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), user.authorities)
#result.details = authentication.details
return result
def testIoCDaoAuthenticationGoodUser1(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([('user1', 'password1', True)])).id("#2").after("#1")
self.mock.expects(once()).method("execute").id("#3").after("#2")
self.mock.expects(once()).method("fetchall").will(return_value([('user1', 'role1'), ('user1', 'blue')])).id("#4").after("#3")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication)
self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths)
self.assertTrue("blue" in SecurityContextHolder.getContext().authentication.granted_auths)
def testEmptyPassword(self):
self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider")
authentication = UsernamePasswordAuthenticationToken(username="******", password="")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testWrongPasswordAuthentication(self):
self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider2")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testGoodUserWithShaEncoding(self):
self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider2")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication)
self.assertTrue("ROLE_DEVELOPERS" in SecurityContextHolder.getContext().authentication.granted_auths)
context = DefaultSpringSecurityContextSource(
url="ldap://localhost:53389/dc=springframework,dc=org")
bindAuthenticator = BindAuthenticator(context_source=context,
user_dn_patterns="uid={0},ou=people")
populator = DefaultLdapAuthoritiesPopulator(context_source=context,
group_search_base="ou=groups")
authProvider = LdapAuthenticationProvider(ldap_authenticator=bindAuthenticator,
ldap_authorities_populator=populator)
passwordAuthenticator = PasswordComparisonAuthenticator(
context_source=context, user_dn_patterns="uid={0},ou=people")
authProvider2 = LdapAuthenticationProvider(
ldap_authenticator=passwordAuthenticator,
ldap_authorities_populator=populator)
authentication = UsernamePasswordAuthenticationToken(username="******",
password="******")
print "Input = %s" % authentication
auth1 = authProvider.authenticate(authentication)
print "Bind output = %s" % auth1
print "Input = %s" % authentication
auth2 = authProvider2.authenticate(authentication)
print "PasswordComparison output = %s" % auth2
def testIocDaoAuthenticationBadUsersWithHiddenExceptionsNonexistentUser(self):
self.mock.expects(once()).method("execute").id("#1")
self.mock.expects(once()).method("fetchall").will(return_value([])).id("#2").after("#1")
authentication = UsernamePasswordAuthenticationToken(username="******", password="******")
self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
