def test_logout_works(self, browser):
hugo = create(Builder('user').named('Hugo', 'Boss'))
browser.login(hugo.getId()).open()
self.assertEquals('Boss Hugo', plone.logged_in())
browser.logout().open()
self.assertFalse(plone.logged_in())
def test_submit_form(self, browser):
browser.open(view='login_form')
self.assertFalse(plone.logged_in())
browser.fill({'Login Name': TEST_USER_NAME,
'Password': TEST_USER_PASSWORD}).submit()
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_login_browser(self, browser):
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
self.login(self.regular_user, browser)
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
def test_relogin_works(self, browser):
hugo = create(Builder('user').named('Hugo', 'Boss'))
browser.login(hugo.getId()).open()
self.assertEquals('Boss Hugo', plone.logged_in())
john = create(Builder('user').named('John', 'Doe'))
browser.login(john.getId()).open()
self.assertEquals('Doe John', plone.logged_in())
def test_login_browser(self, browser):
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
self.login(self.regular_user, browser)
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
def test_login_and_logout(self, browser):
browser.open()
self.assertFalse(plone.logged_in())
browser.login().open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.logout().open()
self.assertFalse(plone.logged_in())
def test_post_request(self, browser):
browser.open('http://nohost/plone/login_form')
self.assertFalse(plone.logged_in())
browser.open('http://nohost/plone/login_form',
{'__ac_name': TEST_USER_NAME,
'__ac_password': TEST_USER_PASSWORD,
'form.submitted': 1})
self.assertTrue(plone.logged_in())
def test_cloning_a_browser_copies_headers_MECHBROWSER(self, browser):
browser.login().open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
with browser.clone() as subbrowser:
subbrowser.open()
self.assertEquals(TEST_USER_ID, plone.logged_in(subbrowser))
subbrowser.login(SITE_OWNER_NAME).reload()
self.assertEquals(SITE_OWNER_NAME, plone.logged_in(subbrowser))
def test_clear_request_header_with_header_selection(self, browser):
browser.append_request_header('Authorization', 'Basic {0}'.format(
':'.join((TEST_USER_NAME, TEST_USER_PASSWORD)).encode('base64')))
browser.open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.clear_request_header('Authorization')
browser.open()
self.assertFalse(plone.logged_in())
def test_login_and_logout(self, browser):
browser.request_library = LIB_REQUESTS
browser.open()
self.assertFalse(plone.logged_in())
browser.login().open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.logout().open()
self.assertFalse(plone.logged_in())
def test_browser_stays_logged_in(self, browser):
browser.open()
self.assertFalse(plone.logged_in())
browser.visit(view="login_form")
browser.fill({"Login Name": TEST_USER_NAME, "Password": TEST_USER_PASSWORD}).submit()
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.visit(view="/")
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_append_request_header(self, browser):
browser.request_library = LIB_REQUESTS
browser.open()
self.assertFalse(plone.logged_in())
browser.append_request_header('Authorization', 'Basic {0}'.format(
':'.join((TEST_USER_NAME, TEST_USER_PASSWORD)).encode('base64')))
browser.open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.open() # reload
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_replace_request_header(self, browser):
hugo = create(Builder('user').named('Hugo', 'Boss'))
john = create(Builder('user').named('John', 'Doe'))
browser.append_request_header('Authorization', 'Basic {0}'.format(
':'.join((hugo.getId(), TEST_USER_PASSWORD)).encode('base64')))
browser.open()
self.assertEquals('Boss Hugo', plone.logged_in())
browser.replace_request_header('Authorization', 'Basic {0}'.format(
':'.join((john.getId(), TEST_USER_PASSWORD)).encode('base64')))
browser.open()
self.assertEquals('Doe John', plone.logged_in())
def test_cloning_a_browser_copies_headers_REQUESTS(self, browser):
browser.request_library = LIB_REQUESTS
browser.login().open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
with browser.clone() as subbrowser:
subbrowser.open()
self.assertEquals(TEST_USER_ID, plone.logged_in(subbrowser))
subbrowser.login(SITE_OWNER_NAME).reload()
self.assertEquals(SITE_OWNER_NAME, plone.logged_in(subbrowser))
browser.reload()
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_cloning_copies_cookies(self, browser):
browser.open(view='login_form').fill(
{'Login Name': TEST_USER_NAME,
'Password': TEST_USER_PASSWORD}).submit()
self.assertTrue(plone.logged_in())
with browser.clone() as subbrowser:
subbrowser.open()
self.assertTrue(plone.logged_in(subbrowser))
subbrowser.find('Log out').click()
self.assertFalse(plone.logged_in(subbrowser))
browser.reload()
self.assertTrue(plone.logged_in())
def test_login_with_user_object_works(self, browser):
# Use the test user which has different ID and NAME,
# but pass in the user object.
acl_users = getToolByName(self.layer['portal'], 'acl_users')
user = acl_users.getUserById(TEST_USER_ID)
browser.login(user).open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_login_with_member_object_works(self, browser):
# Use the test user which has different ID and NAME,
# but pass in the member object.
mtool = getToolByName(self.layer['portal'], 'portal_membership')
member = mtool.getMemberById(TEST_USER_ID)
browser.login(member).open()
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_keeps_cookies_in_session(self, browser):
browser.open(view='login_form')
self.assertEquals(0, len(browser.cookies))
browser.fill({'Login Name': TEST_USER_NAME,
'Password': TEST_USER_PASSWORD}).submit()
self.assertIn('__ac', browser.cookies)
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.open()
self.assertIn('__ac', browser.cookies)
self.assertEquals(TEST_USER_ID, plone.logged_in())
browser.open()
self.assertIn('__ac', browser.cookies)
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_login_as_context_manager_in_browser(self, browser):
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
with self.login(self.regular_user, browser):
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
with self.login(self.administrator, browser):
browser.open()
self.assertEquals(self.administrator.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
def test_login_as_context_manager_in_browser(self, browser):
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
with self.login(self.regular_user, browser):
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
with self.login(self.administrator, browser):
browser.open()
self.assertEquals(self.administrator.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
browser.open()
self.assertEquals(self.regular_user.getProperty('fullname'),
plone.logged_in().encode('utf-8'))
with browser.expect_unauthorized():
browser.open()
self.assertFalse(plone.logged_in())
def test_end_to_end_happy_path(self, browser):
# Step 1 - Issue service key and save it
browser.login().open(view='@@manage-service-keys')
browser.find('Issue new service key').click()
browser.fill({'Title': 'My new key'})
# No IP range restriction, we test this separately
browser.find('Issue key').click()
self.assertEqual('Download Service Key', browser.css('h1').first.text)
json_keyfile = browser.css('.json-keyfile').first
keyfile_data = json.loads(json_keyfile.text)
private_key = keyfile_data['private_key']
token_uri = keyfile_data['token_uri']
browser.logout().open('logout')
self.assertFalse(plone.logged_in())
# Step 2 - Create a JWT grant and sign it with private key
claim_set = {
'aud': token_uri,
'iss': keyfile_data['client_id'],
'sub': keyfile_data['user_id'],
'iat': int(time.time()),
'exp': int(time.time() + (60 * 59)),
}
grant_token = jwt.encode(claim_set, private_key, algorithm='RS256')
# Step 3 - Exchange the JWT grant for an access token by making
# a token request to the OAuth2 token endpoint
payload = {'grant_type': GRANT_TYPE, 'assertion': grant_token}
token_response = requests.post(token_uri, data=payload)
token = token_response.json()['access_token']
# Step 4 - Use the access token to make authenticated requests
headers = {'Authorization': 'Bearer %s' % token}
response = requests.get(self.portal.absolute_url(), headers=headers)
self.assertIn(TEST_USER_ID, response.content)
# Test with plone.restapi as well
headers = {
'Authorization': 'Bearer %s' % token,
'Accept': 'application/json'
}
response = requests.get(self.portal.absolute_url(), headers=headers)
self.assertDictContainsSubset({'title': 'Plone site'}, response.json())
def test_logged_in(self, browser):
browser.login().open('http://nohost/plone')
self.assertEquals(TEST_USER_ID, plone.logged_in())
def test_not_logged_in(self, browser):
browser.open(self.portal.portal_url())
self.assertFalse(plone.logged_in(browser=browser))
def test_logged_in(self, browser):
browser.login().open(self.portal.portal_url())
self.assertEquals(TEST_USER_ID, plone.logged_in(browser=browser))
def test_login_works(self, browser):
browser.login().webdav('GET')
self.assertTrue(plone.logged_in())
def test_not_logged_in(self, browser):
browser.open('http://nohost/plone')
self.assertFalse(plone.logged_in())
