def setUp(self):
"""Creates a user to be used as a fake login."""
super(TestFloofAuthnPolicy, self).setUp()
self.user = sim.sim_user()
self.env = partial(sim.sim_user_env, self.user)
self.policy = FloofAuthnPolicy()
def main(global_config, **settings):
"""Constructs a WSGI application."""
settings['paste_config'] = global_config
### Settings
# Set up SQLAlchemy stuff
engine = engine_from_config(settings, 'sqlalchemy.')
floof.model.initialize(engine, extension=ZopeTransactionExtension())
# floof debug panel
settings['debug'] = asbool(settings.get('floof.debug', False))
# Misc other crap
settings['rating_radius'] = int(settings['rating_radius'])
settings['filestore_factory'] = filestore.get_storage_factory(settings)
### Configuratify
# Session factory needs to subclass our mixin above. Beaker's
# verbosely-named function just returns a class, so do some MI
FloofSessionFactory = type(
'FloofSessionFactory',
(_RichSessionFlashMixin, session_factory_from_settings(settings)), {})
config = Configurator(
settings=settings,
root_factory=FloofRoot,
request_factory=FloofRequest,
session_factory=FloofSessionFactory,
authentication_policy=FloofAuthnPolicy(),
authorization_policy=ACLAuthorizationPolicy(),
)
# PySCSS support
config.include('pyramid_scss')
config.add_route('pyscss', '/css/{css_path:[^/]+}.css')
config.add_view(route_name='pyscss',
view='pyramid_scss.controller.get_scss',
renderer='scss',
request_method='GET')
# Added manually because @subscriber only works with a
# scan, and we don't want to scan ourselves
config.add_subscriber(prevent_csrf, NewRequest)
config.add_subscriber(manage_stashes, NewRequest)
config.add_subscriber(auto_privilege_escalation, ContextFound)
config.add_subscriber(add_renderer_globals, BeforeRender)
floof.routing.configure_routing(config)
config.scan(floof.views)
if not settings['debug']:
from floof.views.errors import error500
config.add_view(error500, context=Exception)
app = config.make_wsgi_app()
app = HTTPOnlyCookieMiddleware(app)
return app
class TestFloofAuthnPolicy(UnitTests):
def setUp(self):
"""Creates a user to be used as a fake login."""
super(TestFloofAuthnPolicy, self).setUp()
self.user = sim.sim_user()
self.env = partial(sim.sim_user_env, self.user)
self.policy = FloofAuthnPolicy()
def test_principals_unauthenticated(self):
request = create_authn_request(self.config)
principals = self.policy.effective_principals(request)
assert Everyone in principals
assert len(principals) == 1
def test_principals_role(self):
env = self.env('cert')
request = create_authn_request(self.config, environ=env)
principals = self.policy.effective_principals(request)
assert 'role:user' in principals
def test_principals_secure(self):
env = self.env('cert')
request = create_authn_request(self.config, environ=env)
methods = {
u'disabled': 'insecure',
u'allowed': 'insecure',
u'sensitive_required': 'secure',
u'required': 'secure',
}
for method, nature in methods.iteritems():
self.user.cert_auth = method
principals = self.policy.effective_principals(request)
assert 'auth:{0}'.format(nature) in principals
def test_principals_trusted(self):
authn_flags = ['cert', 'openid', 'browserid']
additional_flags = [
'openid_recent', 'openid_recent',
'browserid_recent', 'browserid_recent']
all_flags = authn_flags + additional_flags
for i in xrange(len(all_flags)):
for combo in itertools.combinations(all_flags, i + 1):
env = self.env(*combo)
request = create_authn_request(self.config, environ=env)
principals = self.policy.effective_principals(request)
print combo, principals
if not any([f for f in combo if f in authn_flags]):
# With no flags from authn_flags, no user should resolve
assert principals == set([Everyone])
continue
assert Everyone in principals
assert Authenticated in principals
assert 'user:{0}'.format(self.user.id) in principals
for mech in combo:
flag = 'trusted:{0}'.format(mech)
if mech.endswith('_recent') and mech[:-7] not in combo:
assert flag not in principals
else:
assert flag in principals
def test_principal_derivation_trustedfor_auth(self):
pass
def test_principal_derivation_trustedfor_admin(self):
pass
