def test_logging_in_and_logging_out(self): # A test showing that we can authenticate the request after # logInPrincipal() is called, and after logoutPerson() we can no # longer authenticate it. # This is to setup an interaction so that we can call logInPrincipal # below. login('*****@*****.**') logInPrincipal(self.request, self.principal, '*****@*****.**') session = ISession(self.request) # logInPrincipal() stores the account ID in a variable named # 'accountid'. self.assertEqual( session['launchpad.authenticateduser']['accountid'], int(self.principal.id)) # Ensure we are using cookie auth. self.assertIsNotNone( self.request.response.getCookie(config.launchpad_session.cookie) ) principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.assertEqual(self.principal.id, principal.id) logoutPerson(self.request) principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.assertIsNone(principal)
def test_logging_in_and_logging_out(self): # A test showing that we can authenticate the request after # logInPrincipal() is called, and after logoutPerson() we can no # longer authenticate it. # This is to setup an interaction so that we can call logInPrincipal # below. login('*****@*****.**') logInPrincipal(self.request, self.principal, '*****@*****.**') session = ISession(self.request) # logInPrincipal() stores the account ID in a variable named # 'accountid'. self.failUnlessEqual( session['launchpad.authenticateduser']['accountid'], int(self.principal.id)) # Ensure we are using cookie auth. self.assertIsNotNone( self.request.response.getCookie(config.launchpad_session.cookie) ) principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.failUnlessEqual(self.principal.id, principal.id) logoutPerson(self.request) principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.failUnless(principal is None)
def continue_action(self, action, data): email = data['email'] principal = getUtility(IPlacelessLoginSource).getPrincipalByLogin( email) logInPrincipal(self.request, principal, email) # Update the attribute holding the cached user. self._account = principal.account return self.renderOpenIDResponse(self.createPositiveResponse())
def test_CookieLogoutPage(self): # This test shows that the CookieLogoutPage redirects as we expect: # first to loggerhead for it to log out (see bug 574493) and then # to our OpenId provider for it to log out (see bug 568106). This # will need to be readdressed when we want to accept other OpenId # providers, unfortunately. # This is to setup an interaction so that we can call logInPrincipal # below. login('*****@*****.**') logInPrincipal(self.request, self.principal, '*****@*****.**') # Normally CookieLogoutPage is magically mixed in with a base class # that accepts context and request and sets up other things. We're # just going to put the request on the base class ourselves for this # test. view = CookieLogoutPage() view.request = self.request # We need to set the session cookie so it can be expired. self.request.response.setCookie( config.launchpad_session.cookie, 'xxx') # Now we logout. result = view.logout() # We should, in fact, be logged out (this calls logoutPerson). principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.failUnless(principal is None) # The view should have redirected us, with no actual response body. self.assertEquals(self.request.response.getStatus(), 302) self.assertEquals(result, '') # We are redirecting to Loggerhead, to ask it to logout. location = lazr.uri.URI(self.request.response.getHeader('location')) self.assertEquals(location.host, 'bazaar.launchpad.dev') self.assertEquals(location.scheme, 'https') self.assertEquals(location.path, '/+logout') # That page should then redirect to our OpenId provider to logout, # which we provide in our query string. See # launchpad_loggerhead.tests.TestLogout for the pertinent tests. query = cgi.parse_qs(location.query) self.assertEquals( query['next_to'][0], 'http://testopenid.dev/+logout')
def test_CookieLogoutPage(self): # This test shows that the CookieLogoutPage redirects as we expect: # first to loggerhead for it to log out (see bug 574493) and then # to our OpenId provider for it to log out (see bug 568106). This # will need to be readdressed when we want to accept other OpenId # providers, unfortunately. # This is to setup an interaction so that we can call logInPrincipal # below. login('*****@*****.**') logInPrincipal(self.request, self.principal, '*****@*****.**') # Normally CookieLogoutPage is magically mixed in with a base class # that accepts context and request and sets up other things. We're # just going to put the request on the base class ourselves for this # test. view = CookieLogoutPage() view.request = self.request # We need to set the session cookie so it can be expired. self.request.response.setCookie( config.launchpad_session.cookie, 'xxx') # Now we logout. result = view.logout() # We should, in fact, be logged out (this calls logoutPerson). principal = getUtility(IPlacelessAuthUtility).authenticate( self.request) self.assertIsNone(principal) # The view should have redirected us, with no actual response body. self.assertEqual(self.request.response.getStatus(), 302) self.assertEqual(result, '') # We are redirecting to Loggerhead, to ask it to logout. location = lazr.uri.URI(self.request.response.getHeader('location')) self.assertEqual(location.host, 'bazaar.launchpad.dev') self.assertEqual(location.scheme, 'https') self.assertEqual(location.path, '/+logout') # That page should then redirect to our OpenId provider to logout, # which we provide in our query string. See # launchpad_loggerhead.tests.TestLogout for the pertinent tests. query = cgi.parse_qs(location.query) self.assertEqual(query['next_to'][0], 'http://testopenid.dev/+logout')
def login_as_person(person): """This is a helper function designed to be used within a fixture. Provide a person, such as one generated by LaunchpadObjectFactory, and the browser will become logged in as this person. Explicit tear-down is unnecessary because the database is reset at the end of every test, and the cookie is discarded. """ if person.is_team: raise AssertionError("Please do not try to login as a team") email = removeSecurityProxy(person.preferredemail).email request = get_current_browser_request() assert request is not None, "We do not have a browser request." authutil = getUtility(IPlacelessAuthUtility) principal = authutil.getPrincipalByLogin(email) launchbag = getUtility(IOpenLaunchBag) launchbag.setLogin(email) logInPrincipal(request, principal, email)
def logInPrincipalByEmail(self, email): """Login the principal with the given email address.""" loginsource = getUtility(IPlacelessLoginSource) principal = loginsource.getPrincipalByLogin(email) logInPrincipal(self.request, principal, email)