def test__findUser_with_groups_ignoring_one(self):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
foo = DummyPlugin()
directlyProvides(foo, (IGroupsPlugin, ))
foo.getGroupsForPrincipal = lambda user, req: ('group1', 'group2')
bar = DummyPlugin()
directlyProvides(bar, (IGroupsPlugin, ))
bar.getGroupsForPrincipal = lambda user, req: ('group3', 'group4')
zcuf._setObject('foo', foo)
zcuf._setObject('bar', bar)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IGroupsPlugin, 'foo')
plugins.activatePlugin(IGroupsPlugin, 'bar')
user = zcuf._findUser(plugins, 'someone')
groups = zcuf._getGroupsForPrincipal(user,
plugins=plugins,
ignore_plugins=('bar', ))
self.assertEqual(len(groups), 2)
self.failIf('bar:group3' in groups)
self.failIf('bar:group4' in groups)
def _makeGroupPlugin(self, id, groups=()):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
gp = DummyGroupPlugin(id, groups=groups)
directlyProvides( gp, (IGroupsPlugin,) )
return gp
def test__findUser_with_groups_ignoring_one( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
foo = DummyPlugin()
directlyProvides( foo, ( IGroupsPlugin, ) )
foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
bar = DummyPlugin()
directlyProvides( bar, ( IGroupsPlugin, ) )
bar.getGroupsForPrincipal = lambda user, req: ( 'group3', 'group4' )
zcuf._setObject( 'foo', foo )
zcuf._setObject( 'bar', bar )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IGroupsPlugin , 'foo' )
plugins.activatePlugin( IGroupsPlugin , 'bar' )
user = zcuf._findUser( plugins, 'someone' )
groups = zcuf._getGroupsForPrincipal( user, plugins=plugins
, ignore_plugins=( 'bar', ) )
self.assertEqual( len( groups ), 2 )
self.failIf( 'bar:group3' in groups )
self.failIf( 'bar:group4' in groups )
def test__extractUserIds_cache(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
login = DummyPlugin()
directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin))
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject('login', login)
extra = DummyPlugin()
directlyProvides(extra, (IExtractionPlugin, IAuthenticationPlugin))
extra.extractCredentials = _extractExtra
extra.authenticateCredentials = _authExtra
zcuf._setObject('extra', extra)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'extra')
plugins.activatePlugin(IExtractionPlugin, 'login')
plugins.activatePlugin(IAuthenticationPlugin, 'extra')
plugins.activatePlugin(IAuthenticationPlugin, 'login')
cache = {}
request = FauxRequest(form={
'login': '******',
'password': '******'
},
extra='qux')
user_ids = zcuf._extractUserIds(request=request,
plugins=zcuf.plugins,
cache=cache)
self.assertEqual(len(user_ids), 2)
self.assertEqual(user_ids[0][0], 'extra__qux')
self.assertEqual(user_ids[1][0], 'login__foo')
self.assertEqual(len(cache), 2)
self.failUnless([('login__foo', 'foo')] in cache.values())
self.failUnless([('extra__qux', 'qux')] in cache.values())
key = [x[0] for x in cache.items()
if x[1] == [('login__foo', 'foo')]][0]
cache[key].append(('forced__baz', 'baz'))
user_ids = zcuf._extractUserIds(request=request,
plugins=zcuf.plugins,
cache=cache)
self.assertEqual(len(user_ids), 3, user_ids)
self.assertEqual(user_ids[0][0], 'extra__qux')
self.assertEqual(user_ids[1][0], 'login__foo')
self.assertEqual(user_ids[2][0], 'forced__baz')
def test__extractUserIds_broken_authenticator( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
borked = DummyPlugin()
directlyProvides( borked, ( IAuthenticationPlugin, ) )
borked.authenticateCredentials = lambda creds: creds['nonesuch']
zcuf._setObject( 'borked', borked )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'borked' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 1 )
self.assertEqual( user_ids[ 0 ][0], 'login__foo' )
def test__findUser_with_userfactory_plugin( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IUserFactoryPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
bar = DummyPlugin()
directlyProvides( bar, ( IUserFactoryPlugin, ) )
def _makeUser( user_id, name ):
user = FauxUser( user_id )
user._name = name
return user
bar.createUser = _makeUser
zcuf._setObject( 'bar', bar )
plugins = zcuf._getOb( 'plugins' )
real_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
self.failIf( real_user.__class__ is FauxUser )
plugins.activatePlugin( IUserFactoryPlugin , 'bar' )
faux_user = zcuf._findUser( plugins, 'someone', 'to watch over me' )
self.assertEqual( faux_user.getId(), 'someone' )
self.assertEqual( faux_user.getUserName(), 'to watch over me' )
self.failUnless( faux_user.__class__ is FauxUser )
def test__extractUserIds_one_extractor_two_authenticators(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
login = DummyPlugin()
directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin))
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject('login', login)
always = DummyPlugin()
directlyProvides(always, (IAuthenticationPlugin, ))
always.authenticateCredentials = lambda creds: ('baz', None)
zcuf._setObject('always', always)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'login')
plugins.activatePlugin(IAuthenticationPlugin, 'always')
plugins.activatePlugin(IAuthenticationPlugin, 'login')
request = FauxRequest(form={'login': '******', 'password': '******'})
user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins)
self.assertEqual(len(user_ids), 2)
self.assertEqual(user_ids[0][0], 'always__baz')
self.assertEqual(user_ids[1][0], 'login__foo')
def test__findUser_with_userfactory_plugin(self):
from Products.PluggableAuthService.interfaces.plugins \
import IUserFactoryPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
bar = DummyPlugin()
directlyProvides(bar, (IUserFactoryPlugin, ))
def _makeUser(user_id, name):
user = FauxUser(user_id)
user._name = name
return user
bar.createUser = _makeUser
zcuf._setObject('bar', bar)
plugins = zcuf._getOb('plugins')
real_user = zcuf._findUser(plugins, 'someone', 'to watch over me')
self.failIf(real_user.__class__ is FauxUser)
plugins.activatePlugin(IUserFactoryPlugin, 'bar')
faux_user = zcuf._findUser(plugins, 'someone', 'to watch over me')
self.assertEqual(faux_user.getId(), 'someone')
self.assertEqual(faux_user.getUserName(), 'to watch over me')
self.failUnless(faux_user.__class__ is FauxUser)
def test__findUser_with_plugins(self):
from Products.PluggableAuthService.interfaces.plugins \
import IPropertiesPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
foo = DummyPlugin()
directlyProvides(foo, (IPropertiesPlugin, ))
foo.getPropertiesForUser = lambda user, req: {'login': user.getId()}
zcuf._setObject('foo', foo)
bar = DummyPlugin()
directlyProvides(bar, (IPropertiesPlugin, ))
bar.getPropertiesForUser = lambda user, req: {'a': 0, 'b': 'bar'}
zcuf._setObject('bar', bar)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IPropertiesPlugin, 'foo')
plugins.activatePlugin(IPropertiesPlugin, 'bar')
user = zcuf._findUser(plugins, 'someone')
sheet_ids = user.listPropertysheets()
self.assertEqual(len(sheet_ids), 2)
self.failUnless('foo' in sheet_ids)
self.failUnless('bar' in sheet_ids)
foosheet = user['foo']
self.assertEqual(len(foosheet.propertyMap()), 1)
def test__findUser_with_plugins( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IPropertiesPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
foo = DummyPlugin()
directlyProvides( foo, ( IPropertiesPlugin, ) )
foo.getPropertiesForUser = lambda user, req: { 'login': user.getId() }
zcuf._setObject( 'foo', foo )
bar = DummyPlugin()
directlyProvides( bar, ( IPropertiesPlugin, ) )
bar.getPropertiesForUser = lambda user, req: { 'a': 0, 'b': 'bar' }
zcuf._setObject( 'bar', bar )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IPropertiesPlugin , 'foo' )
plugins.activatePlugin( IPropertiesPlugin , 'bar' )
user = zcuf._findUser( plugins, 'someone' )
sheet_ids = user.listPropertysheets()
self.assertEqual( len( sheet_ids ), 2 )
self.failUnless( 'foo' in sheet_ids )
self.failUnless( 'bar' in sheet_ids )
foosheet = user[ 'foo' ]
self.assertEqual( len( foosheet.propertyMap() ), 1 )
def test__extractUserIds_broken_authenticator(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
login = DummyPlugin()
directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin))
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject('login', login)
borked = DummyPlugin()
directlyProvides(borked, (IAuthenticationPlugin, ))
borked.authenticateCredentials = lambda creds: creds['nonesuch']
zcuf._setObject('borked', borked)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'login')
plugins.activatePlugin(IAuthenticationPlugin, 'borked')
plugins.activatePlugin(IAuthenticationPlugin, 'login')
request = FauxRequest(form={'login': '******', 'password': '******'})
user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins)
self.assertEqual(len(user_ids), 1)
self.assertEqual(user_ids[0][0], 'login__foo')
def _makeGroupPlugin(self, id, groups=()):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
gp = DummyGroupPlugin(id, groups=groups)
directlyProvides(gp, (IGroupsPlugin, ))
return gp
def _makeGroupEnumerator( self, group_id ):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupEnumerationPlugin
enumerator = DummyGroupEnumerator( group_id )
directlyProvides( enumerator, ( IGroupEnumerationPlugin, ) )
return enumerator
def _makeUserEnumerator( self, user_id, login=None ):
from Products.PluggableAuthService.interfaces.plugins \
import IUserEnumerationPlugin
enumerator = DummyUserEnumerator( user_id, login )
directlyProvides( enumerator, ( IUserEnumerationPlugin, ) )
return enumerator
def _makeUserEnumerator(self, user_id, login=None):
from Products.PluggableAuthService.interfaces.plugins \
import IUserEnumerationPlugin
enumerator = DummyUserEnumerator(user_id, login)
directlyProvides(enumerator, (IUserEnumerationPlugin, ))
return enumerator
def _makeGroupEnumerator(self, group_id):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupEnumerationPlugin
enumerator = DummyGroupEnumerator(group_id)
directlyProvides(enumerator, (IGroupEnumerationPlugin, ))
return enumerator
def _makeSuperEnumerator( self, user_id, login, group_id ):
from Products.PluggableAuthService.interfaces.plugins \
import IUserEnumerationPlugin
from Products.PluggableAuthService.interfaces.plugins \
import IGroupEnumerationPlugin
enumerator = DummySuperEnumerator( user_id, login, group_id )
directlyProvides( enumerator, ( IUserEnumerationPlugin,
IGroupEnumerationPlugin ) )
return enumerator
def _makeSuperEnumerator(self, user_id, login, group_id):
from Products.PluggableAuthService.interfaces.plugins \
import IUserEnumerationPlugin
from Products.PluggableAuthService.interfaces.plugins \
import IGroupEnumerationPlugin
enumerator = DummySuperEnumerator(user_id, login, group_id)
directlyProvides(enumerator,
(IUserEnumerationPlugin, IGroupEnumerationPlugin))
return enumerator
def test_validate_simple_authenticated( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin, \
IRolesPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
olivier = DummyPlugin()
directlyProvides( olivier, ( IUserEnumerationPlugin, IRolesPlugin ) )
olivier.enumerateUsers = lambda id: id == 'foo' or None
olivier.getRolesForPrincipal = lambda user, req: (
user.getId() == 'login__olivier' and ( 'Hamlet', ) or () )
zcuf._setObject( 'olivier', olivier )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
plugins.activatePlugin( IUserEnumerationPlugin, 'olivier' )
plugins.activatePlugin( IRolesPlugin, 'olivier' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Hamlet', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index.__of__( object )
, form={ 'login' : 'olivier'
, 'password' : 'arras'
}
)
wrapped = zcuf.__of__( root )
validated = wrapped.validate( request )
self.assertEqual( validated.getUserName(), 'olivier' )
def test_validate_simple_authenticated( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin, \
IRolesPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
olivier = DummyPlugin()
directlyProvides( olivier, ( IUserEnumerationPlugin, IRolesPlugin ) )
olivier.enumerateUsers = lambda id: id == 'foo' or None
olivier.getRolesForPrincipal = lambda user, req: (
user.getId() == 'login__olivier' and ( 'Hamlet', ) or () )
zcuf._setObject( 'olivier', olivier )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
plugins.activatePlugin( IUserEnumerationPlugin, 'olivier' )
plugins.activatePlugin( IRolesPlugin, 'olivier' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Hamlet', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index.__of__( object )
, form={ 'login' : 'olivier'
, 'password' : 'arras'
}
)
wrapped = zcuf.__of__( root )
validated = wrapped.validate( request )
self.assertEqual( validated.getUserName(), 'olivier' )
def test__extractUserIds_two_extractors_two_authenticators( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
extra = DummyPlugin()
directlyProvides( extra, ( IExtractionPlugin, IAuthenticationPlugin ) )
extra.extractCredentials = _extractExtra
extra.authenticateCredentials = _authExtra
zcuf._setObject( 'extra', extra )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'extra' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'extra' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 1 )
self.assertEqual( user_ids[ 0 ][0], 'login__foo' )
request[ 'extra' ] = 'qux'
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 2, user_ids )
self.assertEqual( user_ids[ 0 ][0], 'extra__qux' )
self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
def test__extractUserIds_two_extractors_two_authenticators( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
extra = DummyPlugin()
directlyProvides( extra, ( IExtractionPlugin, IAuthenticationPlugin ) )
extra.extractCredentials = _extractExtra
extra.authenticateCredentials = _authExtra
zcuf._setObject( 'extra', extra )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'extra' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'extra' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 1 )
self.assertEqual( user_ids[ 0 ][0], 'login__foo' )
request[ 'extra' ] = 'qux'
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 2, user_ids )
self.assertEqual( user_ids[ 0 ][0], 'extra__qux' )
self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
def test_validate_simple_anonymous( self ):
from AccessControl.SpecialUsers import nobody
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
foo = DummyPlugin()
directlyProvides( foo, ( IUserEnumerationPlugin, ) )
foo.enumerateUsers = lambda id: id == 'foo' or None
zcuf._setObject( 'foo', foo )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Anonymous', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index
, form={}
)
wrapped = zcuf.__of__( root )
validated = wrapped.validate( request )
self.assertEqual( validated.getUserName(), nobody.getUserName() )
def test_validate_simple_anonymous( self ):
from AccessControl.SpecialUsers import nobody
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
foo = DummyPlugin()
directlyProvides( foo, ( IUserEnumerationPlugin, ) )
foo.enumerateUsers = lambda id: id == 'foo' or None
zcuf._setObject( 'foo', foo )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Anonymous', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index
, form={}
)
wrapped = zcuf.__of__( root )
validated = wrapped.validate( request )
self.assertEqual( validated.getUserName(), nobody.getUserName() )
def manage_updateInterfaces(self, interfaces, RESPONSE=None):
""" For ZMI update of interfaces. """
pas_instance = self._getPAS()
plugins = pas_instance._getOb('plugins')
new_interfaces = []
for interface in interfaces:
new_interfaces.append(plugins._getInterfaceFromName(interface))
directlyProvides(self, *new_interfaces)
if RESPONSE is not None:
RESPONSE.redirect('%s/manage_workspace'
'?manage_tabs_message='
'Interfaces+updated.' % self.absolute_url())
def manage_updateInterfaces( self, interfaces, RESPONSE=None ):
""" For ZMI update of interfaces. """
parent = aq_parent( aq_inner( self ) )
plugins = parent._getOb( 'plugins' )
new_interfaces = []
for interface in interfaces:
new_interfaces.append( plugins._getInterfaceFromName( interface ) )
directlyProvides( self, *new_interfaces )
if RESPONSE is not None:
RESPONSE.redirect('%s/manage_workspace'
'?manage_tabs_message='
'Interfaces+updated.'
% self.absolute_url())
def test_validate_with_anonymous_factory( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IAnonymousUserFactoryPlugin
def _makeAnon():
user = FauxUser( None
, name='New Anonymous User'
, roles=()
, groups={ 'All People Everywhere Ever' : 1 } )
return user
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
nested = self._makeOne( plugins )
anon = DummyPlugin()
directlyProvides( anon, ( IAnonymousUserFactoryPlugin, ) )
anon.createAnonymousUser = _makeAnon
zcuf._setObject( 'anon', anon )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IAnonymousUserFactoryPlugin, 'anon' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Anonymous', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index
, form={}
)
root._setObject( 'acl_users', zcuf )
root_users = root.acl_users
root_validated = root_users.validate( request )
self.assertEqual( root_validated.getUserName(), 'New Anonymous User' )
self.assertEqual( root_validated.getGroups()
, [ 'All People Everywhere Ever' ] )
def test_validate_with_anonymous_factory( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IAnonymousUserFactoryPlugin
def _makeAnon():
user = FauxUser( None
, name='New Anonymous User'
, roles=()
, groups={ 'All People Everywhere Ever' : 1 } )
return user
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
nested = self._makeOne( plugins )
anon = DummyPlugin()
directlyProvides( anon, ( IAnonymousUserFactoryPlugin, ) )
anon.createAnonymousUser = _makeAnon
zcuf._setObject( 'anon', anon )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IAnonymousUserFactoryPlugin, 'anon' )
rc, root, folder, object = self._makeTree()
index = FauxObject( 'index_html' )
index.__roles__ = ( 'Anonymous', )
acquired_index = index.__of__( root ).__of__( object )
request = FauxRequest( ( 'folder', 'object', 'index_html' )
, RESPONSE=FauxResponse()
, PARENTS=[ object, folder, root ]
, PUBLISHED=acquired_index
, form={}
)
root._setObject( 'acl_users', zcuf )
root_users = root.acl_users
root_validated = root_users.validate( request )
self.assertEqual( root_validated.getUserName(), 'New Anonymous User' )
self.assertEqual( root_validated.getGroups()
, [ 'All People Everywhere Ever' ] )
def _delOb( self, id ):
"""
Override ObjectManager's _delOb to account for removing any
interface assertions the object might implement.
"""
myId = self.getId()
pas_instance = self._getPAS()
plugins = pas_instance._getOb( 'plugins' )
curr_interfaces = Set(providedBy(self))
del_interfaces = Set([x for x in providedBy(self) if id in x.names()])
for interface in del_interfaces:
if myId in plugins.listPluginIds( interface ):
plugins.deactivatePlugin( interface, myId )
delattr( self, id )
directlyProvides( self, *(list(curr_interfaces - del_interfaces)) )
def manage_updateInterfaces( self, interfaces, RESPONSE=None ):
""" For ZMI update of interfaces. """
pas_instance = self._getPAS()
plugins = pas_instance._getOb( 'plugins' )
new_interfaces = []
for interface in interfaces:
new_interfaces.append( plugins._getInterfaceFromName( interface ) )
klass_interfaces = [x for x in implementedBy(ScriptablePlugin)]
directlyProvides( self, *(klass_interfaces + new_interfaces) )
if RESPONSE is not None:
RESPONSE.redirect('%s/manage_workspace'
'?manage_tabs_message='
'Interfaces+updated.'
% self.absolute_url())
def _delOb(self, id):
"""
Override ObjectManager's _delOb to account for removing any
interface assertions the object might implement.
"""
myId = self.getId()
pas_instance = self._getPAS()
plugins = pas_instance._getOb('plugins')
curr_interfaces = Set(providedBy(self))
del_interfaces = Set([x for x in providedBy(self) if id in x.names()])
for interface in del_interfaces:
if myId in plugins.listPluginIds(interface):
plugins.deactivatePlugin(interface, myId)
delattr(self, id)
directlyProvides(self, *(list(curr_interfaces - del_interfaces)))
def test__delOb_unregisters_plugin(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
login = DummyPlugin()
directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin))
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject('login', login)
foo = DummyPlugin()
directlyProvides(foo, (IUserEnumerationPlugin, ))
foo.enumerateUsers = lambda id: id == 'foo' or None
zcuf._setObject('foo', foo)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'login')
plugins.activatePlugin(IAuthenticationPlugin, 'login')
plugins.activatePlugin(IUserEnumerationPlugin, 'foo')
self.failUnless(plugins.listPlugins(IExtractionPlugin))
self.failUnless(plugins.listPlugins(IAuthenticationPlugin))
self.failUnless(plugins.listPlugins(IUserEnumerationPlugin))
zcuf._delOb('foo')
self.failUnless(plugins.listPlugins(IExtractionPlugin))
self.failUnless(plugins.listPlugins(IAuthenticationPlugin))
self.failIf(plugins.listPlugins(IUserEnumerationPlugin))
zcuf._delOb('login')
self.failIf(plugins.listPlugins(IExtractionPlugin))
self.failIf(plugins.listPlugins(IAuthenticationPlugin))
self.failIf(plugins.listPlugins(IUserEnumerationPlugin))
def test__delOb_unregisters_plugin( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, \
IAuthenticationPlugin, \
IUserEnumerationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
foo = DummyPlugin()
directlyProvides( foo, ( IUserEnumerationPlugin, ) )
foo.enumerateUsers = lambda id: id == 'foo' or None
zcuf._setObject( 'foo', foo )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
plugins.activatePlugin( IUserEnumerationPlugin, 'foo' )
self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
self.failUnless( plugins.listPlugins( IUserEnumerationPlugin ) )
zcuf._delOb( 'foo' )
self.failUnless( plugins.listPlugins( IExtractionPlugin ) )
self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) )
self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
zcuf._delOb( 'login' )
self.failIf( plugins.listPlugins( IExtractionPlugin ) )
self.failIf( plugins.listPlugins( IAuthenticationPlugin ) )
self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
def test_authenticate_emergency_user_with_broken_extractor( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
borked = DummyPlugin()
directlyProvides( borked, ( IExtractionPlugin, ) )
borked.extractCredentials = lambda req: 'abc'
zcuf._setObject( 'borked', borked )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'borked' )
request = FauxRequest( form={ 'login' : eu.getUserName()
, 'password' : eu._getPassword() } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 1 )
self.assertEqual( user_ids[ 0 ][0], 'foo' )
PluggableAuthService.emergency_user = old_eu
def test_authenticate_emergency_user_with_broken_extractor(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser('foo', 'bar', ('manage', ), ())
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
borked = DummyPlugin()
directlyProvides(borked, (IExtractionPlugin, ))
borked.extractCredentials = lambda req: 'abc'
zcuf._setObject('borked', borked)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'borked')
request = FauxRequest(form={
'login': eu.getUserName(),
'password': eu._getPassword()
})
user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins)
self.assertEqual(len(user_ids), 1)
self.assertEqual(user_ids[0][0], 'foo')
PluggableAuthService.emergency_user = old_eu
def _delOb(self, id):
"""
Override ObjectManager's _delOb to account for removing any
interface assertions the object might implement.
"""
myId = self.getId()
pas_instance = self._getPAS()
plugins = pas_instance._getOb('plugins')
del_interfaces = filter(lambda x: id in x.names(), self.__implements__)
trimmed_interfaces = [
x for x in self.__implements__
if x not in (del_interfaces + self.__class__.__implements__)
]
for interface in del_interfaces:
if myId in plugins.listPluginIds(interface):
plugins.deactivatePlugin(interface, myId)
delattr(self, id)
directlyProvides(self, *trimmed_interfaces)
def _delOb( self, id ):
"""
Override ObjectManager's _delOb to account for removing any
interface assertions the object might implement.
"""
myId = self.getId()
parent = aq_parent( aq_inner( self ) )
plugins = parent._getOb( 'plugins' )
del_interfaces = filter( lambda x: id in x.names()
, self.__implements__ )
trimmed_interfaces = [ x for x in self.__implements__ if
x not in ( del_interfaces +
self.__class__.__implements__ ) ]
for interface in del_interfaces:
if myId in plugins.listPluginIds( interface ):
plugins.deactivatePlugin( interface, myId )
delattr( self, id )
directlyProvides( self, *trimmed_interfaces )
def test__findUser_with_groups(self):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
foo = DummyPlugin()
directlyProvides(foo, (IGroupsPlugin, ))
foo.getGroupsForPrincipal = lambda user, req: ('group1', 'group2')
zcuf._setObject('foo', foo)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IGroupsPlugin, 'foo')
user = zcuf._findUser(plugins, 'someone')
groups = user.getGroups()
self.assertEqual(len(groups), 2)
self.failUnless('foo__group1' in groups)
self.failUnless('foo__group2' in groups)
def test__findUser_with_groups( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IGroupsPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
foo = DummyPlugin()
directlyProvides( foo, ( IGroupsPlugin, ) )
foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' )
zcuf._setObject( 'foo', foo )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IGroupsPlugin , 'foo' )
user = zcuf._findUser( plugins, 'someone' )
groups = user.getGroups()
self.assertEqual( len( groups ), 2 )
self.failUnless( 'foo__group1' in groups )
self.failUnless( 'foo__group2' in groups )
def test__extractUserIds_one_extractor_two_authenticators( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
always = DummyPlugin()
directlyProvides( always, ( IAuthenticationPlugin, ) )
always.authenticateCredentials = lambda creds: ('baz', None)
zcuf._setObject( 'always', always )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'always' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 2 )
self.assertEqual( user_ids[ 0 ][0], 'always__baz' )
self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
def test__extractUserIds_cache( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
login = DummyPlugin()
directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) )
login.extractCredentials = _extractLogin
login.authenticateCredentials = _authLogin
zcuf._setObject( 'login', login )
extra = DummyPlugin()
directlyProvides( extra, ( IExtractionPlugin, IAuthenticationPlugin ) )
extra.extractCredentials = _extractExtra
extra.authenticateCredentials = _authExtra
zcuf._setObject( 'extra', extra )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'extra' )
plugins.activatePlugin( IExtractionPlugin, 'login' )
plugins.activatePlugin( IAuthenticationPlugin, 'extra' )
plugins.activatePlugin( IAuthenticationPlugin, 'login' )
cache = {}
request = FauxRequest( form={ 'login' : 'foo' , 'password' : 'bar' }
, extra='qux'
)
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
, cache=cache
)
self.assertEqual( len( user_ids ), 2 )
self.assertEqual( user_ids[ 0 ][0], 'extra__qux' )
self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
self.assertEqual( len( cache ), 2 )
self.failUnless( [ ('login__foo', 'foo') ] in cache.values() )
self.failUnless( [ ('extra__qux', 'qux') ] in cache.values() )
key = [ x[0] for x in cache.items()
if x[1] == [('login__foo', 'foo')] ][0]
cache[ key ].append( ('forced__baz', 'baz' ) )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
, cache=cache
)
self.assertEqual( len( user_ids ), 3, user_ids )
self.assertEqual( user_ids[ 0 ][0], 'extra__qux' )
self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
self.assertEqual( user_ids[ 2 ][0], 'forced__baz' )
