def test_firerole_with_past_date(self): """firerole - firerole core testing with past date""" import time past_date = time.strftime('%Y-%m-%d', time.gmtime(time.time() - 24 * 3600 * 2)) self.failIf(acc_firerole_check_user(self.user_info, compile_role_definition("allow until '%s'\nallow any" % past_date))) self.failUnless(acc_firerole_check_user(self.user_info, compile_role_definition("allow from '%s'\nallow any" % past_date)))
def test_firerole_ip_mask(self): """firerole - firerole core testing ip mask matching""" self.failUnless(acc_firerole_check_user(self.user_info, compile_role_definition("allow remote_ip '127.0.0.0/24'" "\ndeny any"))) self.failIf(acc_firerole_check_user(self.guest, compile_role_definition("allow remote_ip '127.0.0.0/24'" "\ndeny any")))
def http_check_credentials(req, role): """Retrieve Apache password and check user credential with the check_auth function. If this function returns True check if the user is enabled to the given role. If this is True, return, otherwise popup a new apache login box. """ authorized = False while True: if req.headers_in.has_key("Authorization"): try: s = req.headers_in["Authorization"][6:] s = base64.decodestring(s) user, passwd = s.split(":", 1) except (ValueError, base64.binascii.Error, base64.binascii.Incomplete): raise apache.SERVER_RETURN, apache.HTTP_BAD_REQUEST authorized = auth_apache_user_p(user, passwd) if authorized: setApacheUser(req, user) authorized = acc_firerole_check_user(collect_user_info(req), load_role_definition(acc_get_role_id(role))) setApacheUser(req, '') if not authorized: # note that Opera supposedly doesn't like spaces around "=" below s = 'Basic realm="%s"' % role req.headers_out["WWW-Authenticate"] = s raise apache.SERVER_RETURN, apache.HTTP_UNAUTHORIZED else: setApacheUser(req, user) return
def test_firerole_literal_email(self): """firerole - firerole core testing literal email matching""" self.failUnless( acc_firerole_check_user( self.user_info, compile_role_definition("allow email '*****@*****.**'," "'*****@*****.**'\ndeny any"), ) )
def test_firerole_literal_email(self): """firerole - firerole core testing literal email matching""" self.failUnless( acc_firerole_check_user( self.user_info, compile_role_definition( "allow email '*****@*****.**'," "'*****@*****.**'\ndeny any")))
def isUserSuperAdmin(user_info): """Return True if the user is superadmin; False otherwise.""" if run_sql("""SELECT r.id FROM accROLE r LEFT JOIN user_accROLE ur ON r.id = ur.id_accROLE WHERE r.name = %s AND ur.id_user = %s AND ur.expiration>=NOW() LIMIT 1""", (SUPERADMINROLE, user_info['uid']), 1): return True return acc_firerole_check_user(user_info, load_role_definition(acc_get_role_id(SUPERADMINROLE)))
def isUserSuperAdmin(user_info): """Return True if the user is superadmin; False otherwise.""" if run_sql( """SELECT r.id FROM accROLE r LEFT JOIN user_accROLE ur ON r.id = ur.id_accROLE WHERE r.name = %s AND ur.id_user = %s AND ur.expiration>=NOW() LIMIT 1""", (SUPERADMINROLE, user_info['uid']), 1): return True return acc_firerole_check_user( user_info, load_role_definition(acc_get_role_id(SUPERADMINROLE)))
def test_firerole_guest(self): """firerole - firerole core testing with guest""" self.assertEqual( False, acc_firerole_check_user( self.guest, compile_role_definition("deny guest '1'\nallow all"))) self.assertEqual( True, acc_firerole_check_user( self.guest, compile_role_definition("deny guest '0'\nallow all"))) self.assertEqual( True, acc_firerole_check_user( self.user_info, compile_role_definition("deny guest '1'\nallow all"))) self.assertEqual( False, acc_firerole_check_user( self.user_info, compile_role_definition("deny guest '0'\nallow all"))) self.assertEqual( False, acc_firerole_check_user( self.user_info, compile_role_definition("deny guest '1'\ndeny all"))) self.assertEqual( False, acc_firerole_check_user( self.user_info, compile_role_definition("deny guest '0'\ndeny all")))
def test_firerole_guest(self): """firerole - firerole core testing with guest""" self.assertEqual(False, acc_firerole_check_user(self.guest, compile_role_definition("deny guest '1'\nallow all"))) self.assertEqual(True, acc_firerole_check_user(self.guest, compile_role_definition("deny guest '0'\nallow all"))) self.assertEqual(True, acc_firerole_check_user(self.user_info, compile_role_definition("deny guest '1'\nallow all"))) self.assertEqual(False, acc_firerole_check_user(self.user_info, compile_role_definition("deny guest '0'\nallow all"))) self.assertEqual(False, acc_firerole_check_user(self.user_info, compile_role_definition("deny guest '1'\ndeny all"))) self.assertEqual(False, acc_firerole_check_user(self.user_info, compile_role_definition("deny guest '0'\ndeny all")))
def test_firerole_non_existant_group(self): """firerole - firerole core testing non existant group matching""" self.failIf( acc_firerole_check_user( self.user_info, compile_role_definition("allow groups 'patat'\ndeny any")))
def test_firerole_uid(self): """firerole - firerole core testing with integer uid""" self.assertEqual(False, acc_firerole_check_user(self.guest, compile_role_definition("deny uid '-1'\nallow all"))) self.assertEqual(True, acc_firerole_check_user(self.user_info, compile_role_definition("deny uid '-1'\nallow all")))
def test_firerole_empty(self): """firerole - firerole core testing empty matching""" self.assertEqual(False, acc_firerole_check_user(self.user_info, compile_role_definition(None)))
def test_firerole_non_existant_group(self): """firerole - firerole core testing non existant group matching""" self.failIf(acc_firerole_check_user(self.user_info, compile_role_definition("allow groups 'patat'\ndeny any")))
def test_firerole_literal_group(self): """firerole - firerole core testing literal group matching""" self.failUnless(acc_firerole_check_user(self.user_info, compile_role_definition("allow groups 'patata'\ndeny any")))
def test_firerole_regexp_email(self): """firerole - firerole core testing regexp email matching""" self.failUnless(acc_firerole_check_user(self.user_info, compile_role_definition("allow email /.*@cern.ch/\ndeny any")))
def test_firerole_empty(self): """firerole - firerole core testing empty matching""" self.assertEqual( False, acc_firerole_check_user(self.user_info, compile_role_definition(None)))
def test_firerole_literal_group(self): """firerole - firerole core testing literal group matching""" self.failUnless( acc_firerole_check_user( self.user_info, compile_role_definition("allow groups 'patata'\ndeny any")))
def test_firerole_regexp_email(self): """firerole - firerole core testing regexp email matching""" self.failUnless( acc_firerole_check_user( self.user_info, compile_role_definition("allow email /.*@cern.ch/\ndeny any")))
def test_firerole_literal_email(self): """firerole - firerole core testing literal email matching""" self.failUnless(acc_firerole_check_user(self.user_info, compile_role_definition("allow email '*****@*****.**'," "'*****@*****.**'\ndeny any")))