class _BaseTestCase(unittest.TestCase): def setUp(self): #self.basedir = os.path.realpath(tempfile.mkdtemp()) self.env = EnvironmentStub() self.env.config.set('account-manager', 'password_store', 'SessionStore') self.store = SessionStore(self.env) #self.env.path = os.path.join(self.basedir, 'trac-tempenv') #os.mkdir(self.env.path) def test_get_users(self): db = self.env.get_db_cnx() cursor = db.cursor() cursor.executemany("INSERT INTO session_attribute " "(sid,authenticated,name,value) " "VALUES (%s,1,'password',%s)", [('a', 'a'), ('b', 'b'), ('c', 'c')]) self.assertEqual(['a', 'b', 'c'], list(self.store.get_users())) def test_has_user(self): db = self.env.get_db_cnx() cursor = db.cursor() cursor.execute("INSERT INTO session_attribute " "(sid,authenticated,name,value) " "VALUES (%s,1,'password',%s)", ('bar', 'bar')) self.assertFalse(self.store.has_user('foo')) self.assertTrue(self.store.has_user('bar')) def test_create_user(self): self.assertFalse(self.store.has_user('foo')) self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) def test_update_password(self): self.store.set_password('foo', 'pass1') self.assertFalse(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass2')) def test_delete_user(self): self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) self.assertTrue(self.store.delete_user('foo')) self.assertFalse(self.store.has_user('foo')) def test_delete_nonexistant_user(self): self.assertFalse(self.store.has_user('foo')) self.assertFalse(self.store.delete_user('foo')) def test_unicode_username_and_password(self): username = u'\u4e60' password = u'\u4e61' self.store.set_password(username, password) self.assertTrue(self.store.check_password(username, password))
class _BaseTestCase(unittest.TestCase): def setUp(self): #self.basedir = os.path.realpath(tempfile.mkdtemp()) self.env = EnvironmentStub() self.env.config.set('account-manager', 'password_store', 'SessionStore') self.store = SessionStore(self.env) #self.env.path = os.path.join(self.basedir, 'trac-tempenv') #os.mkdir(self.env.path) def test_get_users(self): db = self.env.get_db_cnx() cursor = db.cursor() cursor.executemany( "INSERT INTO session_attribute " "(sid,authenticated,name,value) " "VALUES (%s,1,'password',%s)", [('a', 'a'), ('b', 'b'), ('c', 'c')]) self.assertEqual(['a', 'b', 'c'], list(self.store.get_users())) def test_has_user(self): db = self.env.get_db_cnx() cursor = db.cursor() cursor.execute( "INSERT INTO session_attribute " "(sid,authenticated,name,value) " "VALUES (%s,1,'password',%s)", ('bar', 'bar')) self.assertFalse(self.store.has_user('foo')) self.assertTrue(self.store.has_user('bar')) def test_create_user(self): self.assertFalse(self.store.has_user('foo')) self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) def test_update_password(self): self.store.set_password('foo', 'pass1') self.assertFalse(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass2')) def test_delete_user(self): self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) self.assertTrue(self.store.delete_user('foo')) self.assertFalse(self.store.has_user('foo')) def test_delete_nonexistant_user(self): self.assertFalse(self.store.has_user('foo')) self.assertFalse(self.store.delete_user('foo')) def test_unicode_username_and_password(self): username = u'\u4e60' password = u'\u4e61' self.store.set_password(username, password) self.assertTrue(self.store.check_password(username, password))
def setUp(self): _BaseTestCase.setUp(self) self.env = EnvironmentStub(enable=[ 'trac.*', 'acct_mgr.admin.*', 'acct_mgr.pwhash.HtDigestHashMethod' ]) self.env.path = tempfile.mkdtemp() self.env.config.set('account-manager', 'password_store', 'SessionStore') store = SessionStore(self.env) store.set_password('registered_user', 'password')
def setUp(self): _BaseTestCase.setUp(self) self.env = EnvironmentStub( enable=['trac.*', 'acct_mgr.admin.*', 'acct_mgr.pwhash.HtDigestHashMethod']) self.env.path = tempfile.mkdtemp() self.env.config.set('account-manager', 'password_store', 'SessionStore') store = SessionStore(self.env) store.set_password('registered_user', 'password')
class _BaseTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub(enable=['trac.*', 'acct_mgr.*']) self.env.config.set('account-manager', 'password_store', 'SessionStore') self.store = SessionStore(self.env) def test_get_users(self): with self.env.db_transaction as db: db.executemany( """ INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,1,'password',%s) """, [('a', 'a'), ('b', 'b'), ('c', 'c')]) self.assertEqual(set(['a', 'b', 'c']), set(self.store.get_users())) def test_has_user(self): self.env.db_transaction( """ INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,'1','password',%s) """, ('bar', 'bar')) self.assertFalse(self.store.has_user('foo')) self.assertTrue(self.store.has_user('bar')) def test_create_user(self): self.assertFalse(self.store.has_user('foo')) self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) def test_overwrite(self): self.assertTrue(self.store.set_password('foo', 'pass1')) self.assertFalse( self.store.set_password('foo', 'pass2', overwrite=False)) self.assertTrue(self.store.check_password('foo', 'pass1')) self.assertTrue(self.store.set_password('bar', 'pass', overwrite=False)) def test_update_password(self): self.store.set_password('foo', 'pass1') self.assertFalse(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass3', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass3')) def test_delete_user(self): self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) self.assertTrue(self.store.delete_user('foo')) self.assertFalse(self.store.has_user('foo')) def test_delete_nonexistant_user(self): self.assertFalse(self.store.has_user('foo')) self.assertFalse(self.store.delete_user('foo')) def test_unicode_username_and_password(self): username = u'\u4e60' password = u'\u4e61' self.store.set_password(username, password) self.assertTrue(self.store.check_password(username, password))
class AccountManagerTestCase(_BaseTestCase): def setUp(self): _BaseTestCase.setUp(self) self.mgr = AccountManager(self.env) self.store = SessionStore(self.env) self.store.set_password('user', 'passwd') args = dict(username='******', name='', email='') incookie = Cookie() incookie['trac_session'] = '123456' self.req = Mock(authname='', args=args, authenticated=True, base_path='/', callbacks=dict(), href=Mock(prefs=lambda x: None), incookie=incookie, outcookie=Cookie(), redirect=lambda x: None) self.req.path_info = '/' # Tests def test_set_password(self): # Can't work without at least one password store. self.assertRaises(TracError, self.mgr.set_password, 'user', 'passwd') self.env.config.set( 'account-manager', 'password_store', 'SessionStore') self.mgr.set_password('user', 'passwd') # Refuse to overwrite existing credetialy, if requested. self.assertRaises(TracError, self.mgr.set_password, 'user', 'passwd', overwrite=False) def test_approval_admin_keep_perm(self): self.perm.grant_permission('admin', 'ACCTMGR_ADMIN') # Some elevated permission action. action = 'USER_VIEW' self.assertFalse(action in PermissionCache(self.env)) req = self.req req.perm = PermissionCache(self.env, 'admin') req.session = Session(self.env, req) req.session.save() self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) # Mock an authenticated request with account approval pending. req.session['approval'] = 'pending' req.session.save() # Don't touch admin user requests. self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) def test_approval_user_strip_perm(self): # Some elevated permission action. action = 'USER_VIEW' self.assertFalse(action in PermissionCache(self.env)) self.perm.grant_permission('user', action) req = self.req req.perm = PermissionCache(self.env, 'user') req.session = Session(self.env, req) req.session.save() self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) # Mock an authenticated request with account approval pending. req.session['approval'] = 'pending' req.session.save() # Remove elevated permission, if account approval is pending. self.mgr.pre_process_request(req, None) self.assertFalse(action in req.perm) def test_maybe_update_hash(self): # Configure another, primary password store. self.env.config.set('account-manager', 'password_store', 'HtDigestStore, SessionStore') self.env.config.set('account-manager', 'htdigest_file', '.htdigest') cursor = self.db.cursor() cursor.execute(""" INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,%s,%s,%s) """, ('user', 1, 'password_refreshed', '1')) # Refresh not happening due to 'password_refreshed' attribute. self.mgr._maybe_update_hash('user', 'passwd') cursor.execute(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password' """) self.assertNotEqual(cursor.fetchall(), []) cursor.execute(""" DELETE FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password_refreshed' """) # Refresh (and effectively migrate) user credentials. self.mgr._maybe_update_hash('user', 'passwd') cursor.execute(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password' """) self.assertEqual(cursor.fetchall(), []) cursor.execute(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password_refreshed' """) self.assertEqual(cursor.fetchall(), [('1',)])
class AccountManagerTestCase(_BaseTestCase): def setUp(self): _BaseTestCase.setUp(self) self.mgr = AccountManager(self.env) self.store = SessionStore(self.env) self.store.set_password('user', 'passwd') args = dict(username='******', name='', email='') incookie = Cookie() incookie['trac_session'] = '123456' self.req = Mock(authname='', args=args, authenticated=True, base_path='/', callbacks=dict(), chrome={'warnings': [], 'notices': []}, href=Mock(prefs=lambda x: None), incookie=incookie, outcookie=Cookie(), redirect=lambda x: None) self.req.path_info = '/' # Tests def test_set_password(self): # Can't work without at least one password store. self.assertRaises(TracError, self.mgr.set_password, 'user', 'passwd') self.env.config.set( 'account-manager', 'password_store', 'SessionStore') self.mgr.set_password('user', 'passwd') # Refuse to overwrite existing credentials, if requested. self.assertRaises(TracError, self.mgr.set_password, 'user', 'passwd', overwrite=False) def test_approval_admin_keep_perm(self): self.perm.grant_permission('admin', 'ACCTMGR_ADMIN') # Some elevated permission action. action = 'USER_VIEW' self.assertFalse(action in PermissionCache(self.env)) req = self.req req.perm = PermissionCache(self.env, 'admin') req.session = Session(self.env, req) req.session.save() self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) # Mock an authenticated request with account approval pending. req.session['approval'] = 'pending' req.session.save() # Don't touch admin user requests. self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) def test_approval_user_strip_perm(self): # Some elevated permission action. action = 'USER_VIEW' self.assertFalse(action in PermissionCache(self.env)) self.perm.grant_permission('user', action) req = self.req req.perm = PermissionCache(self.env, 'user') req.session = Session(self.env, req) req.session.save() self.mgr.pre_process_request(req, None) self.assertTrue(action in req.perm) # Mock an authenticated request with account approval pending. req.session['approval'] = 'pending' req.session.save() # Remove elevated permission, if account approval is pending. self.mgr.pre_process_request(req, None) self.assertFalse(action in req.perm) def test_maybe_update_hash(self): # Configure another, primary password store. self.env.config.set('account-manager', 'password_store', 'HtDigestStore, SessionStore') self.env.config.set('account-manager', 'htdigest_file', '.htdigest') self.env.db_transaction(""" INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,%s,%s,%s) """, ('user', 1, 'password_refreshed', '1')) # Refresh not happening due to 'password_refreshed' attribute. self.mgr._maybe_update_hash('user', 'passwd') for _, in self.env.db_query(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password' """): break else: self.fail("Session attribute 'password' not found.") self.env.db_transaction(""" DELETE FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password_refreshed' """) # Refresh (and effectively migrate) user credentials. self.mgr._maybe_update_hash('user', 'passwd') for _, in self.env.db_query(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password' """): self.fail("Session attribute 'password' should not be found.") for value, in self.env.db_query(""" SELECT value FROM session_attribute WHERE sid='user' AND authenticated=1 AND name='password_refreshed' """): self.assertEqual('1', value) break else: self.fail("Session attribute 'password_refreshed' not found.")
class _BaseTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub(enable=['trac.*', 'acct_mgr.*']) self.env.config.set('account-manager', 'password_store', 'SessionStore') self.store = SessionStore(self.env) def test_get_users(self): with self.env.db_transaction as db: db.executemany(""" INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,1,'password',%s) """, [('a', 'a'), ('b', 'b'), ('c', 'c')]) self.assertEqual(set(['a', 'b', 'c']), set(self.store.get_users())) def test_has_user(self): self.env.db_transaction(""" INSERT INTO session_attribute (sid,authenticated,name,value) VALUES (%s,'1','password',%s) """, ('bar', 'bar')) self.assertFalse(self.store.has_user('foo')) self.assertTrue(self.store.has_user('bar')) def test_create_user(self): self.assertFalse(self.store.has_user('foo')) self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) def test_overwrite(self): self.assertTrue(self.store.set_password('foo', 'pass1')) self.assertFalse(self.store.set_password('foo', 'pass2', overwrite=False)) self.assertTrue(self.store.check_password('foo', 'pass1')) self.assertTrue(self.store.set_password('bar', 'pass', overwrite=False)) def test_update_password(self): self.store.set_password('foo', 'pass1') self.assertFalse(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass2')) self.store.set_password('foo', 'pass3', 'pass2') self.assertTrue(self.store.check_password('foo', 'pass3')) def test_delete_user(self): self.store.set_password('foo', 'password') self.assertTrue(self.store.has_user('foo')) self.assertTrue(self.store.delete_user('foo')) self.assertFalse(self.store.has_user('foo')) def test_delete_nonexistant_user(self): self.assertFalse(self.store.has_user('foo')) self.assertFalse(self.store.delete_user('foo')) def test_unicode_username_and_password(self): username = u'\u4e60' password = u'\u4e61' self.store.set_password(username, password) self.assertTrue(self.store.check_password(username, password))