def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
class TestAuthzDiscovery(object):
"""Tests to check whether the authorization controls are found correctly."""
def setUp(self):
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_global_acl_collection_and_secured_apps(self):
mw = RepozeWhatMiddleware()
# Checking that the global ACL collection was picked:
from tests.fixtures.sampledjango.authz import control
eq_(control, mw.acl_collection)
# Checking that the app-specific controls were picked:
from tests.fixtures.sampledjango.app1.authz import control as control1
from tests.fixtures.sampledjango.app2.authz import control as control2
ok_(control1 in mw.acl_collection._acls)
ok_(control2 in mw.acl_collection._acls)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(self.log_fixture.handler.messages['info'][0],
("The following applications are secured: "
"tests.fixtures.sampledjango.app1, "
"tests.fixtures.sampledjango.app2")
)
class TestAuthorizationDeniedInView(object):
"""
Authorization denied in the views must be dealt with properly.
This is the test case for RepozeWhatMiddleware.process_exception()
"""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_authorization_denied_with_custom_handler(self):
"""
When authorization is denied with a custom handler, it must be used
"""
request = Request({'PATH_INFO': "/"}, make_user(None))
exception = _AuthorizationDenial(
"Nothing",
lambda request, message: "No! %s" % message
)
response = self.middleware.process_exception(request, exception)
eq_(response, "No! Nothing")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: Nothing" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_authorization_denied_without_custom_handler(self):
"""
When authorization is denied with no custom handler, the default one
must be used.
"""
request = Request({}, make_user(None))
exception = _AuthorizationDenial("You can't be here", None)
response = self.middleware.process_exception(request, exception)
eq_(response.status_code, 401)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: You can't be here" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Using the default denial handler")
def test_another_exception(self):
"""process_exception() must do nothing if not given a denial handler."""
request = Request({}, make_user(None))
exception = Exception()
response = self.middleware.process_exception(request, exception)
eq_(response, None)
class TestAuthorizationDeniedInView(object):
"""
Authorization denied in the views must be dealt with properly.
This is the test case for RepozeWhatMiddleware.process_exception()
"""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_authorization_denied_with_custom_handler(self):
"""
When authorization is denied with a custom handler, it must be used
"""
request = Request({'PATH_INFO': "/"}, make_user(None))
exception = _AuthorizationDenial(
"Nothing", lambda request, message: "No! %s" % message)
response = self.middleware.process_exception(request, exception)
eq_(response, "No! Nothing")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: Nothing" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_authorization_denied_without_custom_handler(self):
"""
When authorization is denied with no custom handler, the default one
must be used.
"""
request = Request({}, make_user(None))
exception = _AuthorizationDenial("You can't be here", None)
response = self.middleware.process_exception(request, exception)
eq_(response.status_code, 401)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: You can't be here" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Using the default denial handler")
def test_another_exception(self):
"""process_exception() must do nothing if not given a denial handler."""
request = Request({}, make_user(None))
exception = Exception()
response = self.middleware.process_exception(request, exception)
eq_(response, None)
def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
class TestAuthzDiscovery(object):
"""Tests to check whether the authorization controls are found correctly."""
def setUp(self):
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_global_acl_collection_and_secured_apps(self):
mw = RepozeWhatMiddleware()
# Checking that the global ACL collection was picked:
from tests.fixtures.sampledjango.authz import control
eq_(control, mw.acl_collection)
# Checking that the app-specific controls were picked:
from tests.fixtures.sampledjango.app1.authz import control as control1
from tests.fixtures.sampledjango.app2.authz import control as control2
ok_(control1 in mw.acl_collection._acls)
ok_(control2 in mw.acl_collection._acls)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(self.log_fixture.handler.messages['info'][0],
("The following applications are secured: "
"tests.fixtures.sampledjango.app1, "
"tests.fixtures.sampledjango.app2"))
class TestCanAccess(object):
"""Tests for the can_access() function."""
def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_no_authz_decision_made(self):
"""Authorization would be granted if no decision was made."""
ok_(can_access("/app2/nothing", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app2/nothing"
% repr(self.request.user))
def test_authz_granted(self):
"""Authorization would be granted if it's granted!."""
ok_(can_access("/app1/blog", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app1/blog" %
repr(self.request.user))
def test_authz_denied(self):
"""Authorization would be denied if it's denied!."""
assert_false(can_access("/app1/admin", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization would be denied on ingress to %s at /app1/admin" %
repr(self.request.user))
def test_non_existing_path(self):
"""
Django's Resolver404 exception must be raised if the path doesn't exist.
"""
assert_raises(Resolver404, can_access, "/app1/non-existing",
self.request)
def test_authz_granted_with_view_resolved(self):
"""
The view shouldn't be resolved if we are passing the view by hand.
"""
positional_args = ()
named_args = {}
ok_(
can_access("/app1/blog", self.request, mock_view, positional_args,
named_args))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app1/blog" %
repr(self.request.user))
def test_authz_denied_with_view_resolved(self):
"""
The view shouldn't be resolved if we are passing the view by hand.
"""
positional_args = ()
named_args = {}
assert_false(
can_access("/app1/admin", self.request, mock_view, positional_args,
named_args))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization would be denied on ingress to %s at /app1/admin" %
repr(self.request.user))
def setUp(self):
self.log_fixture = LoggingHandlerFixture()
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
class TestAuthorizationEnforcement(object):
"""Tests for the process_view() routine."""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_environment_is_setup(self):
"""The WSGI environment must be set up before processing the view."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
self.middleware.process_view(request, object(), (), {})
ok_("repoze.what.credentials" in request.environ)
def test_no_authz_decision_made(self):
"""Nothing must be done if no decision was made."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No authorization decision made on ingress at /app2/nothing")
def test_authz_granted(self):
"""When authorization is granted nothing must be done."""
environ = {'PATH_INFO': "/app1/blog"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(
self.log_fixture.handler.messages['info'][0],
"Authorization granted to %s on ingress at /app1/blog" %
repr(request.user))
def test_authorization_denied_without_custom_denial_handler(self):
"""
When authorization is denied without a custom denial handler, the
default one must be user.
"""
environ = {'PATH_INFO': "/app2/secret"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
ok_(isinstance(response, HttpResponse))
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app2/secret: %s" %
(repr(request.user), "This is a secret"))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No custom denial handler defined; using the default one")
def test_authorization_denied_with_custom_denial_handler(self):
"""
Authorization must be denied with a custom denial handler, if available.
"""
environ = {'PATH_INFO': "/app1/admin"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, "No! Get out!")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app1/admin: Get out!" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_middleware_skips_media_dir(self):
"""The middleware must do nothing in the media directory."""
environ = {'PATH_INFO': "/media/photo.jpg"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /media/photo.jpg")
def test_middleware_skips_media_admin_dir(self):
"""The middleware must do nothing in the media admin directory."""
environ = {'PATH_INFO': "/admin-media/photo"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /admin-media/photo"
)
def setUp(self):
self.log_fixture = LoggingHandlerFixture()
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
class TestAuthorizationEnforcement(object):
"""Tests for the process_view() routine."""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_environment_is_setup(self):
"""The WSGI environment must be set up before processing the view."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
self.middleware.process_view(request, object(), (), {})
ok_("repoze.what.credentials" in request.environ)
def test_no_authz_decision_made(self):
"""Nothing must be done if no decision was made."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No authorization decision made on ingress at /app2/nothing")
def test_authz_granted(self):
"""When authorization is granted nothing must be done."""
environ = {'PATH_INFO': "/app1/blog"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(self.log_fixture.handler.messages['info'][0],
"Authorization granted to %s on ingress at /app1/blog" %
repr(request.user))
def test_authorization_denied_without_custom_denial_handler(self):
"""
When authorization is denied without a custom denial handler, the
default one must be user.
"""
environ = {'PATH_INFO': "/app2/secret"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
ok_(isinstance(response, HttpResponse))
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app2/secret: %s" %
(repr(request.user), "This is a secret"))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No custom denial handler defined; using the default one")
def test_authorization_denied_with_custom_denial_handler(self):
"""
Authorization must be denied with a custom denial handler, if available.
"""
environ = {'PATH_INFO': "/app1/admin"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, "No! Get out!")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app1/admin: Get out!" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_middleware_skips_media_dir(self):
"""The middleware must do nothing in the media directory."""
environ = {'PATH_INFO': "/media/photo.jpg"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /media/photo.jpg")
def test_middleware_skips_media_admin_dir(self):
"""The middleware must do nothing in the media admin directory."""
environ = {'PATH_INFO': "/admin-media/photo"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /admin-media/photo")
class TestCanAccess(object):
"""Tests for the can_access() function."""
def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_no_authz_decision_made(self):
"""Authorization would be granted if no decision was made."""
ok_(can_access("/app2/nothing", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app2/nothing" %
repr(self.request.user))
def test_authz_granted(self):
"""Authorization would be granted if it's granted!."""
ok_(can_access("/app1/blog", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app1/blog" %
repr(self.request.user))
def test_authz_denied(self):
"""Authorization would be denied if it's denied!."""
assert_false(can_access("/app1/admin", self.request))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization would be denied on ingress to %s at /app1/admin" %
repr(self.request.user))
def test_non_existing_path(self):
"""
Django's Resolver404 exception must be raised if the path doesn't exist.
"""
assert_raises(Resolver404, can_access, "/app1/non-existing",
self.request)
def test_authz_granted_with_view_resolved(self):
"""
The view shouldn't be resolved if we are passing the view by hand.
"""
positional_args = ()
named_args = {}
ok_(can_access("/app1/blog", self.request, mock_view, positional_args,
named_args))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization would be granted on ingress to %s at /app1/blog" %
repr(self.request.user))
def test_authz_denied_with_view_resolved(self):
"""
The view shouldn't be resolved if we are passing the view by hand.
"""
positional_args = ()
named_args = {}
assert_false(can_access("/app1/admin", self.request, mock_view,
positional_args, named_args))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization would be denied on ingress to %s at /app1/admin" %
repr(self.request.user))
