def setUp(self): # Let's set up the environment for this mock request: mw = RepozeWhatMiddleware() self.request = Request({'PATH_INFO': "/"}, make_user(None)) mw.process_view(self.request, None, None, None) # Let's enabled logging after the middleware has been set: self.log_fixture = LoggingHandlerFixture()
class TestAuthorizationEnforcement(object): """Tests for the process_view() routine.""" def setUp(self): self.middleware = RepozeWhatMiddleware() self.log_fixture = LoggingHandlerFixture() def tearDown(self): self.log_fixture.undo() def test_environment_is_setup(self): """The WSGI environment must be set up before processing the view.""" environ = {'PATH_INFO': "/app2/nothing"} request = Request(environ, make_user(None)) self.middleware.process_view(request, object(), (), {}) ok_("repoze.what.credentials" in request.environ) def test_no_authz_decision_made(self): """Nothing must be done if no decision was made.""" environ = {'PATH_INFO': "/app2/nothing"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "No authorization decision made on ingress at /app2/nothing") def test_authz_granted(self): """When authorization is granted nothing must be done.""" environ = {'PATH_INFO': "/app1/blog"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) eq_(len(self.log_fixture.handler.messages['info']), 1) eq_( self.log_fixture.handler.messages['info'][0], "Authorization granted to %s on ingress at /app1/blog" % repr(request.user)) def test_authorization_denied_without_custom_denial_handler(self): """ When authorization is denied without a custom denial handler, the default one must be user. """ environ = {'PATH_INFO': "/app2/secret"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) ok_(isinstance(response, HttpResponse)) # Checking the logs: eq_(len(self.log_fixture.handler.messages['warning']), 1) eq_( self.log_fixture.handler.messages['warning'][0], "Authorization denied on ingress to %s at /app2/secret: %s" % (repr(request.user), "This is a secret")) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "No custom denial handler defined; using the default one") def test_authorization_denied_with_custom_denial_handler(self): """ Authorization must be denied with a custom denial handler, if available. """ environ = {'PATH_INFO': "/app1/admin"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, "No! Get out!") # Checking the logs: eq_(len(self.log_fixture.handler.messages['warning']), 1) eq_( self.log_fixture.handler.messages['warning'][0], "Authorization denied on ingress to %s at /app1/admin: Get out!" % repr(request.user)) eq_(len(self.log_fixture.handler.messages['debug']), 0) def test_middleware_skips_media_dir(self): """The middleware must do nothing in the media directory.""" environ = {'PATH_INFO': "/media/photo.jpg"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) # The environment must not have been set up for repoze.what: ok_("repoze.what.credentials" not in request.environ) # Checking the logs: eq_(len(self.log_fixture.handler.messages['info']), 0) eq_(len(self.log_fixture.handler.messages['warning']), 0) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_( self.log_fixture.handler.messages['debug'][0], "Authorization checks disabled for media file at /media/photo.jpg") def test_middleware_skips_media_admin_dir(self): """The middleware must do nothing in the media admin directory.""" environ = {'PATH_INFO': "/admin-media/photo"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) # The environment must not have been set up for repoze.what: ok_("repoze.what.credentials" not in request.environ) # Checking the logs: eq_(len(self.log_fixture.handler.messages['info']), 0) eq_(len(self.log_fixture.handler.messages['warning']), 0) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_( self.log_fixture.handler.messages['debug'][0], "Authorization checks disabled for media file at /admin-media/photo" )
class TestAuthorizationEnforcement(object): """Tests for the process_view() routine.""" def setUp(self): self.middleware = RepozeWhatMiddleware() self.log_fixture = LoggingHandlerFixture() def tearDown(self): self.log_fixture.undo() def test_environment_is_setup(self): """The WSGI environment must be set up before processing the view.""" environ = {'PATH_INFO': "/app2/nothing"} request = Request(environ, make_user(None)) self.middleware.process_view(request, object(), (), {}) ok_("repoze.what.credentials" in request.environ) def test_no_authz_decision_made(self): """Nothing must be done if no decision was made.""" environ = {'PATH_INFO': "/app2/nothing"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "No authorization decision made on ingress at /app2/nothing") def test_authz_granted(self): """When authorization is granted nothing must be done.""" environ = {'PATH_INFO': "/app1/blog"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) eq_(len(self.log_fixture.handler.messages['info']), 1) eq_(self.log_fixture.handler.messages['info'][0], "Authorization granted to %s on ingress at /app1/blog" % repr(request.user)) def test_authorization_denied_without_custom_denial_handler(self): """ When authorization is denied without a custom denial handler, the default one must be user. """ environ = {'PATH_INFO': "/app2/secret"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) ok_(isinstance(response, HttpResponse)) # Checking the logs: eq_(len(self.log_fixture.handler.messages['warning']), 1) eq_(self.log_fixture.handler.messages['warning'][0], "Authorization denied on ingress to %s at /app2/secret: %s" % (repr(request.user), "This is a secret")) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "No custom denial handler defined; using the default one") def test_authorization_denied_with_custom_denial_handler(self): """ Authorization must be denied with a custom denial handler, if available. """ environ = {'PATH_INFO': "/app1/admin"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, "No! Get out!") # Checking the logs: eq_(len(self.log_fixture.handler.messages['warning']), 1) eq_(self.log_fixture.handler.messages['warning'][0], "Authorization denied on ingress to %s at /app1/admin: Get out!" % repr(request.user)) eq_(len(self.log_fixture.handler.messages['debug']), 0) def test_middleware_skips_media_dir(self): """The middleware must do nothing in the media directory.""" environ = {'PATH_INFO': "/media/photo.jpg"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) # The environment must not have been set up for repoze.what: ok_("repoze.what.credentials" not in request.environ) # Checking the logs: eq_(len(self.log_fixture.handler.messages['info']), 0) eq_(len(self.log_fixture.handler.messages['warning']), 0) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "Authorization checks disabled for media file at /media/photo.jpg") def test_middleware_skips_media_admin_dir(self): """The middleware must do nothing in the media admin directory.""" environ = {'PATH_INFO': "/admin-media/photo"} request = Request(environ, make_user(None)) response = self.middleware.process_view(request, object(), (), {}) eq_(response, None) # The environment must not have been set up for repoze.what: ok_("repoze.what.credentials" not in request.environ) # Checking the logs: eq_(len(self.log_fixture.handler.messages['info']), 0) eq_(len(self.log_fixture.handler.messages['warning']), 0) eq_(len(self.log_fixture.handler.messages['debug']), 1) eq_(self.log_fixture.handler.messages['debug'][0], "Authorization checks disabled for media file at /admin-media/photo")