def setUp(self):
# Let's set up the environment for this mock request:
mw = RepozeWhatMiddleware()
self.request = Request({'PATH_INFO': "/"}, make_user(None))
mw.process_view(self.request, None, None, None)
# Let's enabled logging after the middleware has been set:
self.log_fixture = LoggingHandlerFixture()
def test_no_authz_decision_made(self):
"""Nothing must be done if no decision was made."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No authorization decision made on ingress at /app2/nothing")
def test_user_with_permissions_and_no_groups(self):
environ = {}
request = Request(environ, make_user("foo", [], ("p1", "p2", "p3")))
# Running the middleware and checking the resulting environ:
self.middleware._set_request_up(request)
eq_(len(request.environ['repoze.what.credentials']['groups']), 0)
eq_(request.environ['repoze.what.credentials']['permissions'],
set(["p1", "p2", "p3"]))
eq_(request.environ['repoze.what.credentials']['repoze.what.userid'],
"foo")\
def test_anonymous_user(self):
"""Anonymous users shouldn't have groups nor permissions."""
environ = {}
request = Request(environ, make_user(None))
# Running the middleware and checking the resulting environ:
self.middleware._set_request_up(request)
eq_(len(request.environ['repoze.what.credentials']['groups']), 0)
eq_(len(request.environ['repoze.what.credentials']['permissions']), 0)
eq_(request.environ['repoze.what.credentials']["repoze.what.userid"],
None)
def test_authz_granted(self):
"""When authorization is granted nothing must be done."""
environ = {'PATH_INFO': "/app1/blog"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
eq_(len(self.log_fixture.handler.messages['info']), 1)
eq_(
self.log_fixture.handler.messages['info'][0],
"Authorization granted to %s on ingress at /app1/blog" %
repr(request.user))
def test_middleware_skips_media_dir(self):
"""The middleware must do nothing in the media directory."""
environ = {'PATH_INFO': "/media/photo.jpg"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, None)
# The environment must not have been set up for repoze.what:
ok_("repoze.what.credentials" not in request.environ)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['info']), 0)
eq_(len(self.log_fixture.handler.messages['warning']), 0)
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(
self.log_fixture.handler.messages['debug'][0],
"Authorization checks disabled for media file at /media/photo.jpg")
def test_authorization_denied_with_custom_denial_handler(self):
"""
Authorization must be denied with a custom denial handler, if available.
"""
environ = {'PATH_INFO': "/app1/admin"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
eq_(response, "No! Get out!")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app1/admin: Get out!" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_authorization_denied_with_custom_handler(self):
"""
When authorization is denied with a custom handler, it must be used
"""
request = Request({'PATH_INFO': "/"}, make_user(None))
exception = _AuthorizationDenial(
"Nothing", lambda request, message: "No! %s" % message)
response = self.middleware.process_exception(request, exception)
eq_(response, "No! Nothing")
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: Nothing" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 0)
def test_authorization_denied_without_custom_denial_handler(self):
"""
When authorization is denied without a custom denial handler, the
default one must be user.
"""
environ = {'PATH_INFO': "/app2/secret"}
request = Request(environ, make_user(None))
response = self.middleware.process_view(request, object(), (), {})
ok_(isinstance(response, HttpResponse))
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied on ingress to %s at /app2/secret: %s" %
(repr(request.user), "This is a secret"))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"No custom denial handler defined; using the default one")
def test_authorization_denied_without_custom_handler(self):
"""
When authorization is denied with no custom handler, the default one
must be used.
"""
request = Request({}, make_user(None))
exception = _AuthorizationDenial("You can't be here", None)
response = self.middleware.process_exception(request, exception)
eq_(response.status_code, 401)
# Checking the logs:
eq_(len(self.log_fixture.handler.messages['warning']), 1)
eq_(
self.log_fixture.handler.messages['warning'][0],
"Authorization denied to %s in the view at /: You can't be here" %
repr(request.user))
eq_(len(self.log_fixture.handler.messages['debug']), 1)
eq_(self.log_fixture.handler.messages['debug'][0],
"Using the default denial handler")
def test_with_predicate_met(self):
req = Request({}, make_user(None))
assert_false(not_met(MockPredicate(), req))
def test_with_predicate_unmet(self):
req = Request({}, make_user(None))
ok_(not_met(MockPredicate(False), req))
def test_no_message_set(self):
"""No message should be shown to the user if there's none set."""
req = Request({}, make_user(None))
response = default_denial_handler(req, None)
eq_(response.status_code, 401)
def test_with_predicate_met(self):
req = Request({}, make_user(None))
ok_(is_met(MockPredicate(), req))
def setUp(self):
"""Set up the request."""
mw = RepozeWhatMiddleware()
self.request = Request({}, make_user("foo"))
mw._set_request_up(self.request)
def setUp(self):
self.req = Request({}, make_user(None))
def test_no_response_returned(self):
"""The middleware's _set_request_up() shouldn't return a response."""
request = Request({}, make_user(None))
eq_(self.middleware._set_request_up(request), None)
def test_environment_is_setup(self):
"""The WSGI environment must be set up before processing the view."""
environ = {'PATH_INFO': "/app2/nothing"}
request = Request(environ, make_user(None))
self.middleware.process_view(request, object(), (), {})
ok_("repoze.what.credentials" in request.environ)
def test_user_is_authenticated(self):
req = Request({}, make_user("Foo"))
response = default_denial_handler(req, "What are you doing here?")
eq_(response.status_code, 403)
eq_(len(req.user.message_set.messages), 1)
eq_(req.user.message_set.messages[0], "What are you doing here?")
def test_with_predicate_unmet_with_message(self):
req = Request({}, make_user(None))
self._check_enforcement(MockPredicate(False),
req,
expected_message="Go away")
def test_with_predicate_met(self):
req = Request({}, make_user(None))
enforce(MockPredicate(), req)
def test_with_predicate_unmet(self):
req = Request({}, make_user(None))
self._check_enforcement(MockPredicate(False), req)
def test_another_exception(self):
"""process_exception() must do nothing if not given a denial handler."""
request = Request({}, make_user(None))
exception = Exception()
response = self.middleware.process_exception(request, exception)
eq_(response, None)
def test_with_predicate_unmet_with_message_and_denial_handler(self):
req = Request({}, make_user(None))
self._check_enforcement(MockPredicate(False),
req,
expected_message="Go away",
expected_denial_handler=object())
def test_user_is_anonymous(self):
req = Request({}, make_user(None))
response = default_denial_handler(req, "You can't be here")
eq_(response.status_code, 401)