def test_authorize_func(self): def f(ctx, identity, op): self.assertEqual(identity.id(), 'bob') if op.entity == 'a': return False, None elif op.entity == 'b': return True, None elif op.entity == 'c': return True, [ checkers.Caveat(location='somewhere', condition='c') ] elif op.entity == 'd': return True, [ checkers.Caveat(location='somewhere', condition='d') ] else: self.fail('unexpected entity: ' + op.Entity) ops = [ bakery.Op('a', 'x'), bakery.Op('b', 'x'), bakery.Op('c', 'x'), bakery.Op('d', 'x') ] allowed, caveats = bakery.AuthorizerFunc(f).authorize( checkers.AuthContext(), bakery.SimpleIdentity('bob'), ops) self.assertEqual(allowed, [False, True, True, True]) self.assertEqual(caveats, [ checkers.Caveat(location='somewhere', condition='c'), checkers.Caveat(location='somewhere', condition='d') ])
def test_context_wired_properly(self): ctx = checkers.AuthContext({'a': 'aval'}) class Visited: in_f = False in_allow = False in_get_acl = False def f(ctx, identity, op): self.assertEqual(ctx.get('a'), 'aval') Visited.in_f = True return False, None bakery.AuthorizerFunc(f).authorize(ctx, bakery.SimpleIdentity('bob'), ['op1']) self.assertTrue(Visited.in_f) class TestIdentity(SimplestIdentity, bakery.ACLIdentity): def allow(other, ctx, acls): self.assertEqual(ctx.get('a'), 'aval') Visited.in_allow = True return False def get_acl(ctx, acl): self.assertEqual(ctx.get('a'), 'aval') Visited.in_get_acl = True return [] bakery.ACLAuthorizer( allow_public=False, get_acl=get_acl, ).authorize(ctx, TestIdentity('bob'), ['op1']) self.assertTrue(Visited.in_get_acl) self.assertTrue(Visited.in_allow)
def declared_identity(self, ctx, declared): username = declared.get("username") if username is None: raise bakery.IdentityError("No username found") return bakery.SimpleIdentity(user=username)
def identity_from_context(self, ctx): user, pwd = _basic_auth_from_context(ctx) if user != 'sherlock' or pwd != 'holmes': return None, None return bakery.SimpleIdentity(user), None
def declared_identity(self, ctx, declared): user = declared.get('username') if user is None: raise bakery.IdentityError('no username declared') return bakery.SimpleIdentity(user)