def authenticate(self, req):
"""Return the name of the remote user, or `None` if the identity of the
user is unknown."""
# check for an authenticated user
login_module = LoginModule(self.env)
remote_user = login_module.authenticate(req)
if remote_user:
return remote_user
# authenticate via a CAPTCHA
if 'captchaauth' in req.args and 'captchaid' in req.args:
# ensure CAPTCHA identification
captcha = self.captcha(req)
if captcha != req.args['captchaauth']:
return
# ensure sane identity
name, email = self.identify(req)
if name is None:
return
if AccountManager and name in AccountManager(self.env).get_users():
return
# delete used CAPTCHA on success
try:
execute_non_query(self.env, "DELETE FROM captcha WHERE id=%s", req.args['captchaid'])
except:
pass
# log the user in
req.environ['REMOTE_USER'] = name
login_module._do_login(req)
def authenticate(self, req):
"""Return the name of the remote user, or `None` if the identity of the
user is unknown."""
# check for an authenticated user
login_module = LoginModule(self.env)
remote_user = login_module.authenticate(req)
if remote_user:
return remote_user
# authenticate via a CAPTCHA
if 'captchaauth' in req.args and 'captchaid' in req.args:
# ensure CAPTCHA identification
captcha = self.captcha(req)
if captcha != req.args['captchaauth']:
return
# ensure sane identity
name, email = self.identify(req)
if name is None:
return
if AccountManager and name in AccountManager(self.env).get_users():
return
# delete used CAPTCHA on success
try:
execute_non_query(self.env, "DELETE FROM captcha WHERE id=%s",
req.args['captchaid'])
except:
pass
# log the user in
req.environ['REMOTE_USER'] = name
login_module._do_login(req)
class LoginModuleTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub()
self.module = LoginModule(self.env)
def tearDown(self):
self.env.reset_db()
def test_anonymous_access(self):
req = MockRequest(self.env, remote_user=None)
self.assertIsNone(self.module.authenticate(req))
def test_unknown_cookie_access(self):
incookie = Cookie()
incookie['trac_auth'] = '123'
req = MockRequest(self.env, remote_user=None)
self.assertIsNone(self.module.authenticate(req))
def test_known_cookie_access(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, remote_user=None)
req.incookie['trac_auth'] = '123'
self.assertEqual('john', self.module.authenticate(req))
self.assertNotIn('auth_cookie', req.outcookie)
def test_known_cookie_ip_check_enabled(self):
self.env.config.set('trac', 'check_auth_ip', 'yes')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, remote_addr='192.168.0.100',
remote_user=None)
req.incookie['trac_auth'] = '123'
self.assertIsNone(self.module.authenticate(req))
self.assertIn('trac_auth', req.outcookie)
def test_known_cookie_ip_check_disabled(self):
self.env.config.set('trac', 'check_auth_ip', 'no')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, remote_addr='192.168.0.100',
remote_user=None)
req.incookie['trac_auth'] = '123'
self.assertEqual('john', self.module.authenticate(req))
self.assertNotIn('auth_cookie', req.outcookie)
def test_login(self):
# remote_user must be upper case to test that by default, case is
# preserved.
req = MockRequest(self.env, authname='john')
self.module._do_login(req)
self.assertIn('trac_auth', req.outcookie, '"trac_auth" Cookie not set')
auth_cookie = req.outcookie['trac_auth'].value
self.assertEqual([('john', '127.0.0.1')], self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie,)))
def test_login_ignore_case(self):
"""
Test that login is succesful when the usernames differ in case, but case
is ignored.
"""
self.env.config.set('trac', 'ignore_auth_case', 'yes')
req = MockRequest(self.env, remote_user='******')
self.module._do_login(req)
self.assertIn('trac_auth', req.outcookie, '"trac_auth" Cookie not set')
auth_cookie = req.outcookie['trac_auth'].value
self.assertEqual([('john', '127.0.0.1')], self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie,)))
def test_login_no_username(self):
req = MockRequest(self.env, remote_user=None)
self.assertRaises(TracError, self.module._do_login, req)
def test_already_logged_in_same_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, authname='john')
self.module._do_login(req) # this shouldn't raise an error
def test_already_logged_in_different_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, authname='john', remote_user='******')
self.assertRaises(TracError, self.module._do_login, req)
def test_logout(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, authname='john', method='POST')
self.module._do_logout(req)
self.assertIn('trac_auth', req.outcookie)
self.assertFalse(self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE name='john'"))
def test_logout_not_logged_in(self):
req = MockRequest(self.env, method='POST')
self.module._do_logout(req) # this shouldn't raise an error
def test_logout_protect(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
req = MockRequest(self.env, authname='john')
self.module._do_logout(req)
self.assertNotIn('trac_auth', req.outcookie)
self.assertEqual(
[('john', '127.0.0.1')],
self.env.db_query("SELECT name, ipnr FROM auth_cookie "
"WHERE cookie='123'"))
class LoginModuleTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub()
self.module = LoginModule(self.env)
def tearDown(self):
self.env.reset_db()
def test_anonymous_access(self):
req = Mock(incookie=Cookie(), href=Href('/trac.cgi'),
remote_addr='127.0.0.1', remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
def test_unknown_cookie_access(self):
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=incookie, outcookie=Cookie(),
remote_addr='127.0.0.1', remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
def test_known_cookie_access(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(incookie=incookie, outcookie=outcookie,
href=Href('/trac.cgi'), base_path='/trac.cgi',
remote_addr='127.0.0.1', remote_user=None)
self.assertEqual('john', self.module.authenticate(req))
self.failIf('auth_cookie' in req.outcookie)
def test_known_cookie_ip_check_enabled(self):
self.env.config.set('trac', 'check_auth_ip', 'yes')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=incookie, outcookie=outcookie,
remote_addr='192.168.0.100', remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
self.failIf('trac_auth' not in req.outcookie)
def test_known_cookie_ip_check_disabled(self):
self.env.config.set('trac', 'check_auth_ip', 'no')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(incookie=incookie, outcookie=outcookie,
href=Href('/trac.cgi'), base_path='/trac.cgi',
remote_addr='192.168.0.100', remote_user=None)
self.assertEqual('john', self.module.authenticate(req))
self.failIf('auth_cookie' in req.outcookie)
def test_login(self):
outcookie = Cookie()
# remote_user must be upper case to test that by default, case is
# preserved.
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=Cookie(), outcookie=outcookie,
remote_addr='127.0.0.1', remote_user='******',
authname='john', base_path='/trac.cgi')
self.module._do_login(req)
assert outcookie.has_key('trac_auth'), '"trac_auth" Cookie not set'
auth_cookie = outcookie['trac_auth'].value
self.assertEquals([('john', '127.0.0.1')], self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie,)))
def test_login_ignore_case(self):
"""
Test that login is succesful when the usernames differ in case, but case
is ignored.
"""
self.env.config.set('trac', 'ignore_auth_case', 'yes')
outcookie = Cookie()
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=Cookie(), outcookie=outcookie,
remote_addr='127.0.0.1', remote_user='******',
authname='anonymous', base_path='/trac.cgi')
self.module._do_login(req)
assert outcookie.has_key('trac_auth'), '"trac_auth" Cookie not set'
auth_cookie = outcookie['trac_auth'].value
self.assertEquals([('john', '127.0.0.1')], self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie,)))
def test_login_no_username(self):
req = Mock(incookie=Cookie(), href=Href('/trac.cgi'),
remote_addr='127.0.0.1', remote_user=None,
base_path='/trac.cgi')
self.assertRaises(TracError, self.module._do_login, req)
def test_already_logged_in_same_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(incookie=incookie, outcookie=Cookie(),
href=Href('/trac.cgi'), base_path='/trac.cgi',
remote_addr='127.0.0.1', remote_user='******', authname='john')
self.module._do_login(req) # this shouldn't raise an error
def test_already_logged_in_different_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(incookie=incookie, authname='john',
href=Href('/trac.cgi'), base_path='/trac.cgi',
remote_addr='127.0.0.1', remote_user='******')
self.assertRaises(AssertionError, self.module._do_login, req)
def test_logout(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=incookie, outcookie=outcookie,
remote_addr='127.0.0.1', remote_user=None, authname='john',
base_path='/trac.cgi')
self.module._do_logout(req)
self.failIf('trac_auth' not in outcookie)
self.failIf(self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE name='john'"))
def test_logout_not_logged_in(self):
req = Mock(cgi_location='/trac', href=Href('/trac.cgi'),
incookie=Cookie(), outcookie=Cookie(),
remote_addr='127.0.0.1', remote_user=None,
authname='anonymous', base_path='/trac.cgi')
self.module._do_logout(req) # this shouldn't raise an error
class LoginModuleTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub()
self.module = LoginModule(self.env)
def tearDown(self):
self.env.reset_db()
def test_anonymous_access(self):
req = Mock(incookie=Cookie(),
href=Href('/trac.cgi'),
remote_addr='127.0.0.1',
remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
def test_unknown_cookie_access(self):
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=incookie,
outcookie=Cookie(),
remote_addr='127.0.0.1',
remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
def test_known_cookie_access(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(incookie=incookie,
outcookie=outcookie,
href=Href('/trac.cgi'),
base_path='/trac.cgi',
remote_addr='127.0.0.1',
remote_user=None)
self.assertEqual('john', self.module.authenticate(req))
self.failIf('auth_cookie' in req.outcookie)
def test_known_cookie_ip_check_enabled(self):
self.env.config.set('trac', 'check_auth_ip', 'yes')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=incookie,
outcookie=outcookie,
remote_addr='192.168.0.100',
remote_user=None,
base_path='/trac.cgi')
self.assertEqual(None, self.module.authenticate(req))
self.failIf('trac_auth' not in req.outcookie)
def test_known_cookie_ip_check_disabled(self):
self.env.config.set('trac', 'check_auth_ip', 'no')
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(incookie=incookie,
outcookie=outcookie,
href=Href('/trac.cgi'),
base_path='/trac.cgi',
remote_addr='192.168.0.100',
remote_user=None)
self.assertEqual('john', self.module.authenticate(req))
self.failIf('auth_cookie' in req.outcookie)
def test_login(self):
outcookie = Cookie()
# remote_user must be upper case to test that by default, case is
# preserved.
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=Cookie(),
outcookie=outcookie,
remote_addr='127.0.0.1',
remote_user='******',
authname='john',
base_path='/trac.cgi')
self.module._do_login(req)
assert outcookie.has_key('trac_auth'), '"trac_auth" Cookie not set'
auth_cookie = outcookie['trac_auth'].value
self.assertEquals(
[('john', '127.0.0.1')],
self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie, )))
def test_login_ignore_case(self):
"""
Test that login is succesful when the usernames differ in case, but case
is ignored.
"""
self.env.config.set('trac', 'ignore_auth_case', 'yes')
outcookie = Cookie()
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=Cookie(),
outcookie=outcookie,
remote_addr='127.0.0.1',
remote_user='******',
authname='anonymous',
base_path='/trac.cgi')
self.module._do_login(req)
assert outcookie.has_key('trac_auth'), '"trac_auth" Cookie not set'
auth_cookie = outcookie['trac_auth'].value
self.assertEquals(
[('john', '127.0.0.1')],
self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE cookie=%s",
(auth_cookie, )))
def test_login_no_username(self):
req = Mock(incookie=Cookie(),
href=Href('/trac.cgi'),
remote_addr='127.0.0.1',
remote_user=None,
base_path='/trac.cgi')
self.assertRaises(TracError, self.module._do_login, req)
def test_already_logged_in_same_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(incookie=incookie,
outcookie=Cookie(),
href=Href('/trac.cgi'),
base_path='/trac.cgi',
remote_addr='127.0.0.1',
remote_user='******',
authname='john')
self.module._do_login(req) # this shouldn't raise an error
def test_already_logged_in_different_user(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
req = Mock(incookie=incookie,
authname='john',
href=Href('/trac.cgi'),
base_path='/trac.cgi',
remote_addr='127.0.0.1',
remote_user='******')
self.assertRaises(AssertionError, self.module._do_login, req)
def test_logout(self):
self.env.db_transaction("""
INSERT INTO auth_cookie (cookie, name, ipnr)
VALUES ('123', 'john', '127.0.0.1')""")
incookie = Cookie()
incookie['trac_auth'] = '123'
outcookie = Cookie()
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=incookie,
outcookie=outcookie,
remote_addr='127.0.0.1',
remote_user=None,
authname='john',
base_path='/trac.cgi')
self.module._do_logout(req)
self.failIf('trac_auth' not in outcookie)
self.failIf(
self.env.db_query(
"SELECT name, ipnr FROM auth_cookie WHERE name='john'"))
def test_logout_not_logged_in(self):
req = Mock(cgi_location='/trac',
href=Href('/trac.cgi'),
incookie=Cookie(),
outcookie=Cookie(),
remote_addr='127.0.0.1',
remote_user=None,
authname='anonymous',
base_path='/trac.cgi')
self.module._do_logout(req) # this shouldn't raise an error