def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
class TestAuthorizationEnforcement(object):
"""Tests for the process_view() routine."""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_environment_is_setup(self):
"""The WSGI environment must be set up before processing the view."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
self.middleware.process_view(request, object(), (), {})
ok_("repoze.what.credentials" in request.environ)
def test_no_authz_decision_made(self):
"""Nothing must be done if no decision was made."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No authorization decision made on ingress at /app2/nothing")
def test_authz_granted(self):
"""When authorization is granted nothing must be done."""
environ = {'PATH_INFO': "/app1/blog"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(
self.log_fixture.handler.messages['info'][0],
"Authorization granted to %s on ingress at /app1/blog" %
repr(request.user))
def test_authorization_denied_without_custom_denial_handler(self):
"""
When authorization is denied without a custom denial handler, the
default one must be user.
"""
environ = {'PATH_INFO': "/app2/secret"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
ok_(isinstance(response, HttpResponse))
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app2/secret: %s" %
(repr(request.user), "This is a secret"))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No custom denial handler defined; using the default one")
def test_authorization_denied_with_custom_denial_handler(self):
"""
Authorization must be denied with a custom denial handler, if available.
"""
environ = {'PATH_INFO': "/app1/admin"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, "No! Get out!")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app1/admin: Get out!" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_middleware_skips_media_dir(self):
"""The middleware must do nothing in the media directory."""
environ = {'PATH_INFO': "/media/photo.jpg"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /media/photo.jpg")
def test_middleware_skips_media_admin_dir(self):
"""The middleware must do nothing in the media admin directory."""
environ = {'PATH_INFO': "/admin-media/photo"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /admin-media/photo"
)
class TestAuthorizationEnforcement(object):
"""Tests for the process_view() routine."""
def setUp(self):
self.middleware = RepozeWhatMiddleware()
self.log_fixture = LoggingHandlerFixture()
def tearDown(self):
self.log_fixture.undo()
def test_environment_is_setup(self):
"""The WSGI environment must be set up before processing the view."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
self.middleware.process_view(request, object(), (), {})
ok_("repoze.what.credentials" in request.environ)
def test_no_authz_decision_made(self):
"""Nothing must be done if no decision was made."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No authorization decision made on ingress at /app2/nothing")
def test_authz_granted(self):
"""When authorization is granted nothing must be done."""
environ = {'PATH_INFO': "/app1/blog"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(self.log_fixture.handler.messages['info'][0],
"Authorization granted to %s on ingress at /app1/blog" %
repr(request.user))
def test_authorization_denied_without_custom_denial_handler(self):
"""
When authorization is denied without a custom denial handler, the
default one must be user.
"""
environ = {'PATH_INFO': "/app2/secret"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
ok_(isinstance(response, HttpResponse))
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app2/secret: %s" %
(repr(request.user), "This is a secret"))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No custom denial handler defined; using the default one")
def test_authorization_denied_with_custom_denial_handler(self):
"""
Authorization must be denied with a custom denial handler, if available.
"""
environ = {'PATH_INFO': "/app1/admin"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, "No! Get out!")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app1/admin: Get out!" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_middleware_skips_media_dir(self):
"""The middleware must do nothing in the media directory."""
environ = {'PATH_INFO': "/media/photo.jpg"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /media/photo.jpg")
def test_middleware_skips_media_admin_dir(self):
"""The middleware must do nothing in the media admin directory."""
environ = {'PATH_INFO': "/admin-media/photo"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /admin-media/photo")
