def testGetUsers(self):
userids = sortTuple(self.portal.acl_users.pmm.getUserIds())
correct = sortTuple(
(IMembraneUserAuth(self.member).getUserId(),
IMembraneUserAuth(self.member2).getUserId())
)
self.failUnlessEqual(userids, correct)
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
login = credentials.get('login')
password = credentials.get('password')
if login is None or password is None:
return None
# We can't depend on security when authenticating the user,
# or we'll get stuck in loops
mbtool = getToolByName(self, TOOLNAME)
member = mbtool.getUserAuthProvider(login)
if member is None:
return None
# Check workflow state is active
wftool = getToolByName(self, 'portal_workflow')
review_state = wftool.getInfoFor(member, 'review_state')
wfmapper = ICategoryMapper(mbtool)
cat_set = generateCategorySetIdForType(member.portal_type)
if not wfmapper.isInCategory(cat_set, ACTIVE_STATUS_CATEGORY,
review_state):
return None
# Delegate to member object
member = IMembraneUserAuth(member)
return member.authenticateCredentials(credentials)
def testAuthenticateOnMember(self):
credentials = {'login': '******', 'password': '******'}
userauth = IMembraneUserAuth(self.member)
authcred = userauth.authenticateCredentials
self.failUnlessEqual(authcred(credentials), None)
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials), None)
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials),
(userauth.getUserId(), self.member.getUserName()))
def authenticate_token(context, token):
try:
(login, hash) = token.split('-')
except ValueError:
return None
user = _get_user(context, login)
if user is None or generate_token(user) != token:
return None
else:
auth = IMembraneUserAuth(user, None)
return (auth.getUserId(), auth.getUserName())
def authenticate_cms_token(context, token):
try:
(login, hash) = token.split("-")
except ValueError:
return None
user = _get_user(context, login)
if user is None or generate_token(user) != token:
return None
else:
auth = IMembraneUserAuth(user, None)
return (auth.getUserId(), auth.getUserName())
def test_legacy_password_authentication(self):
from Products.membrane.interfaces import IMembraneUserAuth
member = self._createType(self.layer['portal'],
'dexterity.membrane.member', 'joe')
member.email = '*****@*****.**'
self._legacy_set_password(member, b'foobar')
pw_auth = IMembraneUserAuth(member)
self.assertTrue(
pw_auth.verifyCredentials(
dict(login=u'*****@*****.**',
password='******',
confirm_password='******')))
def authenticate_credentials(context, login, password):
user = _get_user(context, login)
if user is None or user.locked:
return None
# We could check user.password directly, but lets defer to the membrane
# auth framework so the password checking code is all in one place.
auth = IMembraneUserAuth(user, None)
info = auth.authenticateCredentials({'login': login, 'password': password})
if info is None:
return None
else:
return user
def testUserChangePassword(self):
usermanager = IMembraneUserManagement(self.member)
userauth = IMembraneUserAuth(self.member)
authcred = userauth.authenticateCredentials
# Verify the current credentials
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials),
(userauth.getUserId(), self.member.getUserName()))
usermanager.doChangeUser('testuser', 'pass2')
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials),
(userauth.getUserId(), self.member.getUserName()))
def testChangePassword(self):
pmm = self.portal.acl_users.pmm
userauth = IMembraneUserAuth(self.member)
authcred = pmm.authenticateCredentials
# Verify the current credentials
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials),
(userauth.getUserId(), self.member.getUserName()))
pmm.doChangeUser('testuser', 'pass2')
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials),
(userauth.getUserId(), self.member.getUserName()))
def authenticate_credentials(context, login, password):
user = _get_user(context, login)
if user is None or user.locked:
return None
# We could check user.password directly, but lets defer to the membrane
# auth framework so the password checking code is all in one place.
auth = IMembraneUserAuth(user, None)
info = auth.authenticateCredentials(
{'login': login, 'password': password})
if info is None:
return None
else:
return user
def testLoginCaseSensitive(self):
member2 = _createObjectByType('TestMember', self.portal,
'TestUser') # different case
member2.setUserName('TestUser')
member2.setPassword('testpassword2')
member2.reindexObject()
authcred = self.portal.acl_users.pmm.authenticateCredentials
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials), (IMembraneUserAuth(
self.member).getUserId(), self.member.getUserName()))
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(
authcred(credentials),
(IMembraneUserAuth(member2).getUserId(), member2.getUserName()))
def test_legacy_password_authentication(self):
from Products.membrane.interfaces import IMembraneUserAuth
member = self._createType(
self.layer['portal'],
'dexterity.membrane.member',
'joe',
)
member.email = '*****@*****.**'
self._legacy_set_password(member, b'foobar')
pw_auth = IMembraneUserAuth(member)
self.assertTrue(
pw_auth.verifyCredentials(dict(login=u'*****@*****.**',
password='******',
confirm_password='******',))
)
def testGetPropertiesFromExternalProvider(self):
wrongvalue = 'foo'
rightvalue = 'bar'
mbtool = getattr(self.portal, TOOLNAME)
self._initExternalProvider(mbtool,
TestAlternatePropertyProvider.portal_type)
self.prop_provider.setExtraProperty(wrongvalue)
self.prop_provider.setExtraPropertyFromSchemata(rightvalue)
self.member.addReference(self.prop_provider,
relationship=UserRelatedRelation.relationship)
self.prop_provider.reindexObject()
userid = IMembraneUserAuth(self.member).getUserId()
user = self.portal.acl_users.getUserById(userid)
sheets = user.getOrderedPropertySheets()
self.failUnless([
x.getProperty('extraPropertyFromSchemata') for x in sheets
if x.getProperty('extraPropertyFromSchemata') == rightvalue
])
mtool = self.portal.portal_membership
member = mtool.getMemberById(userid)
self.failUnlessEqual(member.getProperty('extraPropertyFromSchemata'),
rightvalue)
self.failIf(member.hasProperty('extraProperty'))
def testEnumerateUsersExactMatchCaseInsensitive(self):
enumusers = self.portal.acl_users.pmm.enumerateUsers
member1 = _createObjectByType('TestMember', self.portal, 'Ann')
member1.setUserName('Ann')
member1.setPassword('password')
member1.reindexObject()
member1_id = IMembraneUserAuth(member1).getUserId()
member2 = _createObjectByType('TestMember', self.portal, 'ann')
member2.setUserName('ann')
member2.setPassword('password')
member2.reindexObject()
member2_id = IMembraneUserAuth(member2).getUserId()
queryMember1 = enumusers(id=member1_id, exact_match=True)[0]
self.failUnlessEqual(queryMember1['id'], member1.getUserName())
queryMember2 = enumusers(id=member2_id, exact_match=True)[0]
self.failUnlessEqual(queryMember2['id'], member2.getUserName())
def testGetPropertiesForUser(self):
userid = IMembraneUserAuth(self.member).getUserId()
user = self.portal.acl_users.getUserById(userid)
sheets = user.getOrderedPropertySheets()
self.failUnless([x.getProperty('homePhone') for x in sheets
if x.getProperty('homePhone') == '555-1212'])
member = self.portal.portal_membership.getMemberById(userid)
self.failUnlessEqual(member.getProperty('homePhone'), '555-1212')
def testSetPropertiesForUser(self):
homePhone = 'phome hone"'
userid = IMembraneUserAuth(self.member).getUserId()
user = self.portal.acl_users.getUserById(userid)
sheets = user.getOrderedPropertySheets()
sheets[0].setProperty(user, 'homePhone', homePhone)
mbtool = getattr(self.portal, TOOLNAME)
member = mbtool.getUserObject(user.getUserName())
self.assertEqual(member.getHomePhone(), homePhone)
def testGetPropertiesForUser(self):
userid = IMembraneUserAuth(self.member).getUserId()
user = self.portal.acl_users.getUserById(userid)
sheets = user.getOrderedPropertySheets()
self.failUnless([x.getProperty('fullname') for x in sheets
if x.getProperty('fullname') == 'full name'])
mtool = self.portal.portal_membership
member = mtool.getMemberById(userid)
self.failUnlessEqual(member.getProperty('fullname'), 'full name')
self.failUnlessEqual(member.getProperty('ext_editor'), False)
def testAuthenticate(self):
credentials = {'login': '******', 'password': '******'}
authcred = self.portal.acl_users.pmm.authenticateCredentials
self.failUnlessEqual(authcred(credentials), None)
credentials = {'login': '******', 'password': '******'}
self.failUnlessEqual(authcred(credentials), None)
credentials = {'login': '******', 'password': '******'}
right = (IMembraneUserAuth(self.member).getUserId(),
self.member.getUserName())
self.failUnlessEqual(authcred(credentials), right)
def testSetPropertiesForUser(self):
fullname = 'null fame'
userid = IMembraneUserAuth(self.member).getUserId()
user = self.portal.acl_users.getUserById(userid)
sheets = user.getOrderedPropertySheets()
sheets[0].setProperty(user, 'fullname', fullname)
sheets[0].setProperty(user, 'ext_editor', True)
mbtool = getattr(self.portal, TOOLNAME)
member = mbtool.getUserObject(user.getUserName())
self.assertEqual(member.Title(), fullname)
self.assertEqual(member.getEditor(), True)
def test_password_is_kept(self):
view = CSVImportView(self.profiles, self.request)
# if no password is provided in the import file, one get's generated
user_fields_file_loc = self._get_fixture_location('basic_users.csv')
with open(user_fields_file_loc) as bf:
filedata = self._parse_file(bf.read())
view.create_update_users(filedata)
barry = pi_api.userprofile.get('foo')
doug = pi_api.userprofile.get('bar')
barry_pwd = barry.password
doug_pwd = doug.password
# both got encrypted passwords
self.assertTrue(barry_pwd.startswith('{BCRYPT}'))
self.assertTrue(doug_pwd.startswith('{BCRYPT}'))
# doug got the password provided in the import file
self.assertTrue(
IMembraneUserAuth(doug).verifyCredentials(
dict(login='******', password='******')))
# now re-import the same users but provide a new password for barry
user_fields_file_loc = self._get_fixture_location(
'basic_users_password.csv')
with open(user_fields_file_loc) as bf:
filedata = self._parse_file(bf.read())
view.create_update_users(filedata, update=True)
# barry should get a new password
self.assertNotEqual(barry_pwd, barry.password)
self.assertTrue(
IMembraneUserAuth(barry).verifyCredentials(
dict(login='******', password='******')))
# doug's password should still be the same
self.assertEqual(doug_pwd, doug.password)
# both got new surnames:
self.assertEqual(barry.last_name, u'Whiter')
self.assertEqual(doug.last_name, u'Carsbest')
def testEnumerateUsersByUserId(self):
userid = IMembraneUserAuth(self.member).getUserId()
enumusers = self.portal.acl_users.pmm.enumerateUsers
self.failUnlessEqual(len(enumusers(id=userid, exact_match=True)), 1)
self.failUnlessEqual(len(enumusers(id=userid[:len(userid) - 1],
exact_match=False)), 1)
self.failUnlessEqual(len(enumusers(
id=userid, exact_match=True, sort_on='login')), 1)
self.failUnlessEqual(len(enumusers(id=userid,
exact_match=True, sort_on='id')), 1)
self.failUnlessEqual(len(enumusers(
id=userid, exact_match=True, max_results=1)), 1)
self.failUnlessEqual(len(enumusers(
id=userid, exact_match=True, max_results=0)), 0)
def testGroupMembership(self):
group = self.portal.testgroup
member = group.testuser # We need acquisition to be correct
mem_auth = IMembraneUserAuth(member)
mem_grps = IMembraneUserGroups(member)
member2 = self.member2
mem2_auth = IMembraneUserAuth(member2)
mem2_grps = IMembraneUserGroups(member2)
self.failUnlessEqual(group.getGroupMembers(),
(mem_auth.getUserId(),))
self.failUnlessEqual(mem_grps.getGroupsForPrincipal(mem_grps),
(group.getId(),))
self.group.setMembers([member2.UID()])
self.failUnlessEqual(sortTuple(group.getGroupMembers()),
sortTuple([mem2_auth.getUserId(),
mem_auth.getUserId()]))
self.failUnlessEqual(
mem2_grps.getGroupsForPrincipal(mem2_grps), (group.getId(),))
def testFullnameMemberSearch(self):
uf = self.portal.acl_users
mems = uf.searchUsers(fullname=self.member.Title())
user_auth = IMembraneUserAuth(self.member)
self.failUnless(len(mems) == 1 and mems[0]["userid"] == user_auth.getUserId())
def testSimpleMemberSearch(self):
uf = self.portal.acl_users
mems = uf.searchUsers(login=self.member.getUserName())
user_auth = IMembraneUserAuth(self.member)
self.failUnless(len(mems) == 1 and mems[0]["userid"] == user_auth.getUserId())
def testSimpleMemberSearch(self):
mtool = self.portal.portal_membership
mems = mtool.searchForMembers(login=self.member.getUserName())
user_auth = IMembraneUserAuth(self.member)
self.failUnless(len(mems) == 1 and mems[0] ==
mtool.getMemberById(user_auth.getUserId()))
def testSimpleMemberSearch(self):
uf = self.portal.acl_users
mems = uf.searchUsers(login=self.member.getUserName())
user_auth = IMembraneUserAuth(self.member)
self.failUnless(
len(mems) == 1 and mems[0]['userid'] == user_auth.getUserId())
def testGetUsersOneUser(self):
users = self.portal.acl_users.pmm.getUsers()
self.failUnlessEqual([x.getId() for x in users],
[IMembraneUserAuth(self.member).getUserId()])
def testGetUserIdsOneUser(self):
self.failUnlessEqual(self.portal.acl_users.pmm.getUserIds(),
(IMembraneUserAuth(self.member).getUserId(),))
def testLogin(self):
logout()
login(self.portal, IMembraneUserAuth(self.member).getUserId())
def testFullnameMemberSearch(self):
uf = self.portal.acl_users
mems = uf.searchUsers(fullname=self.member.Title())
user_auth = IMembraneUserAuth(self.member)
self.failUnless(
len(mems) == 1 and mems[0]['userid'] == user_auth.getUserId())
def getId(self):
return IMembraneUserAuth(self.member).getUserId()
