def testAuthenticationProcessingFilterWithBadPassword(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" inMemoryUserDetailsService = InMemoryUserDetailsService() inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)} inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider() inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider]) authenticationFilter = AuthenticationProcessingFilter() authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager authenticationFilter.alwaysReauthenticate = False token = UsernamePasswordAuthenticationToken("user1", "bad_password", None) self.assertFalse(token.isAuthenticated()) SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = token filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])] filterChainProxy.application = application self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response) self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def testIocDaoAuthenticationBadUsersWithHiddenExceptions(self): authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication) authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication) authentication = UsernamePasswordAuthenticationToken(username="******", password="") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testIoCDaoAuthenticationGoodUsers(self): authentication = UsernamePasswordAuthenticationToken(username="******", password="******") SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication) self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths) self.assertTrue("blue" in SecurityContextHolder.getContext().authentication.granted_auths) authentication = UsernamePasswordAuthenticationToken(username="******", password="******") SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication) self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths) self.assertTrue("orange" in SecurityContextHolder.getContext().authentication.granted_auths) authentication = UsernamePasswordAuthenticationToken(username="******", password="******") SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication) self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths) self.assertTrue("admin" in SecurityContextHolder.getContext().authentication.granted_auths)
def testIoCDaoAuthenticationDisabledUserBadPassword(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([('disabled', 'correctpassword', False)])).id("#2").after("#1") self.mock.expects(once()).method("execute").id("#3").after("#2") self.mock.expects(once()).method("fetchall").will(return_value([('disabled', 'role1')])).id("#4").after("#3") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication)
def testIoCDaoAuthenticationActiveUserBadPassword(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([('activeuser', 'correctpassword', True)])).id("#2").after("#1") self.mock.expects(once()).method("execute").id("#3").after("#2") self.mock.expects(once()).method("fetchall").will(return_value([('activeuser', 'role1')])).id("#4").after("#3") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testIocDaoAuthenticationBadUsersDontHideBadCredentialsEmptyUser(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([('emptyuser', '', True)])).id("#2").after("#1") self.mock.expects(once()).method("execute").id("#3").after("#2") self.mock.expects(once()).method("fetchall").will(return_value([])).id("#4").after("#3") authentication = UsernamePasswordAuthenticationToken(username="******", password="") self.assertRaises(UsernameNotFoundException, self.auth_manager.authenticate, authentication)
def testIocDaoAuthenticationBadUsersDontHideBadCredentialsDisabledUser(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([('disableduser', 'password4', False)])).id("#2").after("#1") self.mock.expects(once()).method("execute").id("#3").after("#2") self.mock.expects(once()).method("fetchall").will(return_value([('disableduser', 'role1'), ('disableduser', 'blue')])).id("#4").after("#3") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(DisabledException, self.auth_manager.authenticate, authentication)
def create_success_auth(self, principal, authentication, user): # Ensure we return the original credentials the user supplied, # so subsequent attempts are successful even with encoded passwords. # Also ensure we return the original getDetails(), so that future # authentication events after cache expiry contain the details result = UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), user.authorities) #result.details = authentication.details return result
def testIoCDaoAuthenticationGoodUser1(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([('user1', 'password1', True)])).id("#2").after("#1") self.mock.expects(once()).method("execute").id("#3").after("#2") self.mock.expects(once()).method("fetchall").will(return_value([('user1', 'role1'), ('user1', 'blue')])).id("#4").after("#3") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication) self.assertTrue("role1" in SecurityContextHolder.getContext().authentication.granted_auths) self.assertTrue("blue" in SecurityContextHolder.getContext().authentication.granted_auths)
def testEmptyPassword(self): self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider") authentication = UsernamePasswordAuthenticationToken(username="******", password="") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testWrongPasswordAuthentication(self): self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider2") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)
def testGoodUserWithShaEncoding(self): self.auth_manager = self.appContext.get_object("ldapAuthenticationProvider2") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") SecurityContextHolder.getContext().authentication = self.auth_manager.authenticate(authentication) self.assertTrue("ROLE_DEVELOPERS" in SecurityContextHolder.getContext().authentication.granted_auths)
context = DefaultSpringSecurityContextSource( url="ldap://localhost:53389/dc=springframework,dc=org") bindAuthenticator = BindAuthenticator(context_source=context, user_dn_patterns="uid={0},ou=people") populator = DefaultLdapAuthoritiesPopulator(context_source=context, group_search_base="ou=groups") authProvider = LdapAuthenticationProvider(ldap_authenticator=bindAuthenticator, ldap_authorities_populator=populator) passwordAuthenticator = PasswordComparisonAuthenticator( context_source=context, user_dn_patterns="uid={0},ou=people") authProvider2 = LdapAuthenticationProvider( ldap_authenticator=passwordAuthenticator, ldap_authorities_populator=populator) authentication = UsernamePasswordAuthenticationToken(username="******", password="******") print "Input = %s" % authentication auth1 = authProvider.authenticate(authentication) print "Bind output = %s" % auth1 print "Input = %s" % authentication auth2 = authProvider2.authenticate(authentication) print "PasswordComparison output = %s" % auth2
def testIocDaoAuthenticationBadUsersWithHiddenExceptionsNonexistentUser(self): self.mock.expects(once()).method("execute").id("#1") self.mock.expects(once()).method("fetchall").will(return_value([])).id("#2").after("#1") authentication = UsernamePasswordAuthenticationToken(username="******", password="******") self.assertRaises(BadCredentialsException, self.auth_manager.authenticate, authentication)