def make_user(username, password): user = User(username) user.set_password(password) store.put(user) secret_string = sha('%s%s' % (username, config['secret'])).hexdigest() return secret_string
def test_cookie_set(): """ test that we get a cookie relating to the space we are in """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') response, content = http.request('http://foo.0.0.0.0:8080/status', method='GET', headers={ 'Cookie': 'tiddlyweb_user="******"' % user_cookie }) assert response['status'] == '200', content time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % (time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) assert response['set-cookie'] == cookie
def _init_store(self, struct): """ creates basic store structure with bags, recipes and users (no support for user passwords for security reasons) """ store = get_store(self.init_config) bags = struct.get("bags", {}) for name, data in bags.items(): desc = data.get("desc") bag = Bag(name, desc=desc) constraints = data.get("policy", {}) _set_policy(bag, constraints) store.put(bag) recipes = struct.get("recipes", {}) for name, data in recipes.items(): # TODO: DRY desc = data.get("desc") recipe = Recipe(name, desc=desc) recipe.set_recipe(data["recipe"]) constraints = data.get("policy", {}) _set_policy(recipe, constraints) store.put(recipe) users = struct.get("users", {}) for name, data in users.items(): note = data.get("note") user = User(name, note=note) password = data.get("_password") if password: user.set_password(password) for role in data.get("roles", []): user.add_role(role) store.put(user)
def register_user(environ, start_response): username, password, confirmation = [environ['tiddlyweb.query'][param][0] for param in ('username', 'password', 'password_confirmation')] user = User(username) store = environ['tiddlyweb.store'] try: store.get(user) available = False except NoUserError: available = username not in BLACKLIST if not available: raise HTTP409('username unavailable') if not password == confirmation: raise HTTP400('passwords do not match') _create_wiki(store, username, username, private=True) user.set_password(password) store.put(user) index = Tiddler('index', username) index.type = 'text/x-markdown' index.text = "Welcome to %s's personal wiki." % username store.put(index) cookie = make_cookie('tiddlyweb_user', user.usersign, path=uri('front page', environ), mac_key=environ['tiddlyweb.config']['secret'], expires=environ['tiddlyweb.config'].get('cookie_age', None)) start_response('303 See Other', [('Set-Cookie', cookie), ('Location', uri('dashboard', environ).encode('UTF-8'))]) return ['']
def test_cookie_set(): """ test that we get a cookie relating to the space we are in """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie}) assert response['status'] == '200' time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % ( time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) assert response['set-cookie'] == cookie
def test_cookie_set(): """ test that we get a cookie relating to the space we are in """ store = get_store(config) hostname = "foo.0.0.0.0:8080" user = User(u"f\u00F6o") user.set_password("foobar") store.put(user) user_cookie = get_auth(u"f\u00F6o", "foobar") response, content = http.request( "http://foo.0.0.0.0:8080/", method="GET", headers={"Cookie": 'tiddlyweb_user="******"' % user_cookie} ) assert response["status"] == "200", content time = datetime.utcnow().strftime("%Y%m%d%H") cookie = "csrf_token=%s:%s:%s" % ( time, user.usersign, sha("%s:%s:%s:%s" % (user.usersign, time, hostname, config["secret"])).hexdigest(), ) assert response["set-cookie"] == quote(cookie.encode("utf-8"), safe=".!~*'():=")
def setup_module(module): """ clean up the store, establish a registered client """ clean_store() module.store = get_store(config) environ = {'tiddlyweb.config': config, 'tiddlyweb.store': module.store} ensure_bags(config) # make an application and store that info app = create(name='testapp', owner='appowner1', app_url='http://our_test_domain:8001', callback_url='http://our_test_domain:8001/_oauth/callback') client_id = app.title client_secret = app.fields['client_secret'] store_app(environ, app) config['oauth.servers']['testserver']['client_id'] = client_id config['oauth.servers']['testserver']['client_secret'] = client_secret module.client_id = client_id initialize_app(config) module.http = Http() # we need a user who is going to use the client app user = User('cdent') user.set_password('cowpig') module.store.put(user)
def test_no_cookie_sent(): """ Test no cookie is sent if one is already present """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % ( time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)}) cookie = response.get('set-cookie') if cookie: assert 'csrf_token' not in cookie
def setup_module(module): try: shutil.rmtree('store') except: pass # !!! config['server_host'] = { 'host': 'our_test_domain', 'port': '8001', 'scheme': 'http', } from tiddlyweb.web import serve # we have to have a function that returns the callable, # Selector just _is_ the callable def app_fn(): return serve.load_app() #wsgi_intercept.debuglevel = 1 httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('our_test_domain', 8001, app_fn) environ = {'tiddlyweb.config': config} module.store = Store(config['server_store'][0], config['server_store'][1], environ) admin = User('admin') admin.add_role('ADMIN') admin.set_password('spank') module.store.put(admin) module.admin_authorization = b64encode('admin:spank') module.user_authorization = b64encode('cdent:pigdog')
def test_users(): userc = User('cdent') userc.set_password('foobar') userc.add_role('ADMIN') userc.note = 'A simple programmer of matter' store.put(userc) userf = User('FND') userf.set_password('I<3whitespace') store.put(userf) user2 = store.get(User('cdent')) assert user2.usersign == userc.usersign assert user2.check_password('foobar') assert user2.list_roles() == userc.list_roles() assert user2.note == userc.note users = list(store.list_users()) assert len(users) == 2 assert ['FND', 'cdent'] == sorted([user.usersign for user in users]) store.delete(User('FND')) users = list(store.list_users()) assert len(users) == 1 py.test.raises(NoUserError, "store.get(User('FND'))")
def test_no_cookie_sent(): """ Test no cookie is sent if one is already present """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % (time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) response, _ = http.request('http://foo.0.0.0.0:8080/status', method='GET', headers={ 'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie) }) cookie = response.get('set-cookie') if cookie: assert 'csrf_token' not in cookie
def setup_module(module): initialize_app() reset_textstore() module.store = _teststore() user = User(u'cd\u2714nt') user.set_password('cowpig') module.store.put(user) muchdata(module.store)
def setup_module(module): initialize_app() reset_textstore() module.store = _teststore() user = User(name) user.set_password(name) module.store.put(user) module.cookie = None
def setup_module(module): config['system_plugins'].append('test.test_web_extract') initialize_app() reset_textstore() module.store = _teststore() user = User('cow') user.set_password('pig') module.store.put(user)
def test_simple_put(): user = User('cdent', note='foo') user.set_password('cowpig') user.add_role('ADMIN') user.add_role('BOSS') store.put(user) assert os.path.exists(expected_stored_filename)
def _create_user(environ, start_response, creation=0, expiration=0, role='tier1'): domain = get_domain(environ['HTTP_HOST']) if creation == 0: creation = time.time() store = environ['tiddlyweb.store'] query = environ['tiddlyweb.query'] name = query.get('name', [None])[0] email = query.get('email', [None])[0] company = query.get('company', [None])[0] country = query.get('country', [None])[0] if not (name and email): # The form has not been filled out return _user_form(environ, start_response, role=role, message='Missing Data!', formdata={'name': name, 'email': email, 'company': company, 'country': country}) user = User(email) try: user = store.get(user) # User exists! return _user_form(environ, start_response, role=role, message='That account already exists!', formdata={'name': name, 'email': email, 'company': company, 'country': country}) except NoUserError: password = _random_pass() user.set_password(password) user.add_role(role) store.put(user) bag_name = environ['tiddlyweb.config'].get('magicuser.bag', 'MAGICUSER') ensure_bag(bag_name, store, policy_dict={ 'read': ['NONE'], 'write': ['NONE'], 'create': ['NONE'], 'manage': ['NONE']}) tiddler = Tiddler(email, bag_name) tiddler.fields['country'] = country tiddler.fields['company'] = company tiddler.fields['name'] = name # Set the creation and expiration times. now = time.time() tiddler.fields['creation'] = '%s' % creation tiddler.fields['expiry'] = '%s' % expiration store.put(tiddler) to_address = email subject = domain+" user info" body = """ Here's your info: Username: %s Password: %s """ % (email, password) query_string = '?email=%s' % to_address try: send_email(to_address, subject=subject, body=body, from_='avox@'+domain) query_string += '&success=1&role=%s' % role raise HTTP303(server_base_url(environ)+'/pages/new_account'+query_string) except socket.error: logging.debug('failed to send: %s:%s:%s', to_address, subject, body) query_string += '&failure=1&role=%s' % role raise HTTP302(server_base_url(environ)+'/pages/new_account'+query_string)
def test_post_data_multipart_form(): """ test that a form POST requires a nonce test using multipart/form-data """ store = get_store(config) hostname = "foo.0.0.0.0:8080" user = User(u"f\u00F6o") user.set_password("foobar") store.put(user) timestamp = datetime.utcnow().strftime("%Y%m%d%H") secret = config["secret"] nonce = "%s:%s:%s" % ( timestamp, user.usersign, sha("%s:%s:%s:%s" % (user.usersign, timestamp, hostname, secret)).hexdigest(), ) user_cookie = get_auth(u"f\u00F6o", "foobar") csrf_token = "csrf_token=%s" % nonce data = """---------------------------168072824752491622650073 Content-Disposition: form-data; name="title" foobar ---------------------------168072824752491622650073 Content-Disposition: form-data; name="text" Hello World ---------------------------168072824752491622650073--""" # test success uri = "http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s" % csrf_token response, content = http.request( uri, method="POST", headers={ "Content-Type": "multipart/form-data; " "boundary=---------------------------168072824752491622650073", "Cookie": 'tiddlyweb_user="******"' % user_cookie, "Content-Length": "390", }, body=data, ) assert response["status"] == "204", content # test failure response, _ = http.request( "http://foo.0.0.0.0:8080/bags/foo_public/tiddlers", method="POST", headers={ "Content-Type": "multipart/form-data; " "boundary=---------------------------168072824752491622650073", "Cookie": 'tiddlyweb_user="******"' % user_cookie, "Content-Length": "267", }, body=data, ) assert response["status"] == "400"
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) make_fake_space(module.store, 'cdent') user = User('cdent') user.set_password('cow') module.store.put(user) module.http = httplib2.Http()
def setup_module(module): config["auth_systems"].append("not.really.there") initialize_app() reset_textstore() module.store = _teststore() muchdata(module.store) user = User("cdent") user.set_password("cowpig") store.put(user)
def setup_module(module): config['auth_systems'].append('not.really.there') initialize_app() reset_textstore() module.store = _teststore() muchdata(module.store) user = User('cdent') user.set_password('cowpig') store.put(user)
def test_post_data_multipart_form(): """ test that a form POST requires a nonce test using multipart/form-data """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) timestamp = datetime.now().strftime('%Y%m%d%H') secret = config['secret'] nonce = '%s:%s:%s' % ( timestamp, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, timestamp, space, secret)).hexdigest()) user_cookie = get_auth('foo', 'foobar') csrf_token = 'csrf_token=%s' % nonce data = '''---------------------------168072824752491622650073 Content-Disposition: form-data; name="title" foobar ---------------------------168072824752491622650073 Content-Disposition: form-data; name="text" Hello World ---------------------------168072824752491622650073--''' #test success uri = 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s' % csrf_token response, content = http.request(uri, method='POST', headers={ 'Content-Type': 'multipart/form-data; ' \ 'boundary=---------------------------168072824752491622650073', 'Cookie': 'tiddlyweb_user="******"' % user_cookie, 'Content-Length': '390' }, body=data) print content assert response['status'] == '204' #test failure response, _ = http.request('http://foo.0.0.0.0:8080/bags/foo_public/tiddlers', method='POST', headers={ 'Content-Type': 'multipart/form-data; ' \ 'boundary=---------------------------168072824752491622650073', 'Cookie': 'tiddlyweb_user="******"' % user_cookie, 'Content-Length': '267' }, body=data) assert response['status'] == '400'
def test_simple_put(): user = User("cdent", note="foo") user.set_password("cowpig") user.add_role("ADMIN") user.add_role("BOSS") store.put(user) if type(store.storage) != tiddlyweb.stores.text.Store: py.test.skip("skipping this test for non-text store") assert os.path.exists(expected_stored_filename)
def setup_module(module): make_test_env(module) from tiddlyweb.config import config module.secret = config['secret'] httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) user = User('cdent') user.set_password('cow') module.store.put(user) user = User('fnd') module.store.put(user)
def test_post_data_multipart_form(): """ test that a form POST requires a nonce test using multipart/form-data """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) timestamp = datetime.now().strftime('%Y%m%d%H') secret = config['secret'] nonce = '%s:%s:%s' % (timestamp, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, timestamp, space, secret)). hexdigest()) user_cookie = get_auth('foo', 'foobar') csrf_token = 'csrf_token=%s' % nonce data = '''---------------------------168072824752491622650073 Content-Disposition: form-data; name="title" foobar ---------------------------168072824752491622650073 Content-Disposition: form-data; name="text" Hello World ---------------------------168072824752491622650073--''' #test success uri = 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s' % csrf_token response, content = http.request(uri, method='POST', headers={ 'Content-Type': 'multipart/form-data; ' \ 'boundary=---------------------------168072824752491622650073', 'Cookie': 'tiddlyweb_user="******"' % user_cookie, 'Content-Length': '390' }, body=data) print content assert response['status'] == '204' #test failure response, _ = http.request('http://foo.0.0.0.0:8080/bags/foo_public/tiddlers', method='POST', headers={ 'Content-Type': 'multipart/form-data; ' \ 'boundary=---------------------------168072824752491622650073', 'Cookie': 'tiddlyweb_user="******"' % user_cookie, 'Content-Length': '267' }, body=data) assert response['status'] == '400'
def setup_module(module): initialize_app() reset_textstore() module.store = _teststore() bag = Bag('bag0') module.store.put(bag) user = User('cdent') user.set_password('cowpig') module.store.put(user)
def test_simple_put(): user = User('cdent', note='foo') user.set_password('cowpig') user.add_role('ADMIN') user.add_role('BOSS') store.put(user) if type(store.storage) != tiddlyweb.stores.text.Store: py.test.skip('skipping this test for non-text store') assert os.path.exists(expected_stored_filename)
def http_test(): initialize_app() reset_textstore() store = _teststore() muchdata(store) # we're going to need a user for testing auth stuff # so make that now user = User('cdent') user.set_password('cowpig') store.put(user)
def setup_module(module): make_test_env(module, hsearch=True) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn) wsgi_intercept.add_wsgi_intercept("cdent.0.0.0.0", 8080, app_fn) wsgi_intercept.add_wsgi_intercept("fnd.0.0.0.0", 8080, app_fn) make_fake_space(module.store, "cdent") make_fake_space(module.store, "fnd") user = User("cdent") user.set_password("cow") module.store.put(user) module.http = httplib2.Http()
def setup_module(module): make_test_env(module) from tiddlyweb.config import config module.secret = config["secret"] httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn) user = User("cdent") user.set_password("cow") module.store.put(user) user = User("fnd") module.store.put(user)
def setup_module(module): clean_store() module.store = get_store(config) module.environ = {'tiddlyweb.config': config, 'tiddlyweb.store': module.store} ensure_bags(config) initialize_app(config) module.http = Http() user = User('cdent') user.set_password('cowpig') module.store.put(user)
def test_store_user(): user = User('testuser') user.set_password('testpass') user.add_role('testrole') store.put(user) assert os.path.exists('store/testuser.user') loaded_user = User('testuser') loaded_user = store.get(loaded_user) assert loaded_user.check_password('testpass')
def test_users(): userc = User(name) userc.set_password(name) userc.add_role('ADMIN') userc.note = 'A simple programmer of matter' store.put(userc) user2 = store.get(User(name)) assert user2.usersign == userc.usersign assert user2.check_password(name) assert user2.list_roles() == userc.list_roles() assert user2.note == userc.note
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('thing.0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('foo.0.0.0.0', 8080, app_fn) user = User('thingone') user.set_password('how') store.put(user) user = User('thingtwo') user.set_password('how') store.put(user) module.http = httplib2.Http()
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn) wsgi_intercept.add_wsgi_intercept("thing.0.0.0.0", 8080, app_fn) wsgi_intercept.add_wsgi_intercept("foo.0.0.0.0", 8080, app_fn) user = User("thingone") user.set_password("how") store.put(user) user = User("thingtwo") user.set_password("how") store.put(user) module.http = httplib2.Http()
def setup_module(module): initialize_app() module.store = Store(config['server_store'][0], config['server_store'][1], {'tiddlyweb.config': config}) bag = Bag('MAPUSER') module.store.put(bag) user = User('ben') user.set_password('mocha') module.store.put(user) user = User('chris') user.set_password('piccolo') module.store.put(user)
def setup_module(module): clean_store() module.store = get_store(config) module.environ = { 'tiddlyweb.config': config, 'tiddlyweb.store': module.store } ensure_bags(config) initialize_app(config) module.http = Http() user = User('cdent') user.set_password('cowpig') module.store.put(user)
def setup_module(module): initialize_app() reset_textstore() module.store = _teststore() muchdata(module.store) user = User('cdent') user.set_password('cowpig') module.store.put(user) try: os.mkdir('.test_cache') except OSError: pass # we don't care if it already exists
def http_test(test_data, base): global tests, store, base_url base_url = base tests = test_data initialize_app() reset_textstore() store = _teststore() muchdata(store) # we're going to need a user for testing auth stuff # so make that now user = User('cdent') user.set_password('cowpig') store.put(user)
def test_status_base_auth(): user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') change_space_member(store, 'thing', add='foo') response, content = http.request( 'http://0.0.0.0:8080/status', headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie}) assert response['status'] == '200' info = simplejson.loads(content) assert info['username'] == 'foo' assert 'space' not in info
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) make_fake_space(module.store, 'fnd') make_fake_space(module.store, 'cdent') make_fake_space(module.store, 'psd') users = {'fnd': 'foo', 'cdent': 'bar', 'psd': 'baz'} for username, password in users.items(): user = User(username) user.set_password(password) module.store.put(user)
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('bar.example.com', 8080, app_fn) make_fake_space(module.store, 'cdent') user = User('cdent') user.set_password('cow') module.store.put(user) module.auth = b64encode('cdent:cow') user = User('fnd') user.set_password('pig') module.store.put(user) module.badauth = b64encode('fnd:pig') module.http = httplib2.Http()
def setup_module(module): from tiddlyweb.filters.select import ATTRIBUTE_SELECTOR from tiddlyweb.filters import FilterError def hell_raiser(entity, attribute, value): raise FilterError('no good man') ATTRIBUTE_SELECTOR['error'] = hell_raiser initialize_app() reset_textstore() module.store = _teststore() muchdata(module.store) user = User('cdent') user.set_password('cowpig') module.store.put(user)
def userpass(args): """Change the password of an existing user. <username> <password>""" try: username, password = args[0:2] except (IndexError, ValueError) as exc: usage('you must provide both a user and a password') try: store = _store() user = User(username) user = store.get(user) user.set_password(password) store.put(user) except Exception as exc: usage('unable to set password for user: %s' % exc) return True
def test_invalid_cookie(): """ Test that an invalid/old cookie causes a new cookie to be sent """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') time = datetime.now() - timedelta(hours=3) time = time.strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % ( time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)}) assert 'csrf_token' in response['set-cookie'] cookie = 'csrf_token=adiudh9389wefnf98' response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)}) assert 'csrf_token' in response['set-cookie'] user2 = User('bar') user2.set_password('foobar') store.put(user2) user2_cookie = get_auth('bar', 'foobar') response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user2_cookie, cookie)}) assert 'csrf_token' in response.get('set-cookie', '')
def test_post_data_form_urlencoded(): """ test that a form POST requires a nonce test using application/x-www-form-urlencoded """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) timestamp = datetime.now().strftime('%Y%m%d%H') secret = config['secret'] nonce = '%s:%s:%s' % ( timestamp, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, timestamp, space, secret)).hexdigest()) user_cookie = get_auth('foo', 'foobar') csrf_token = 'csrf_token="%s"' % nonce data = 'title=foobar&text=hello%20world' #test success response, _ = http.request( 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers', method='POST', headers={ 'Content-type': 'application/x-www-form-urlencoded', 'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, csrf_token) }, body='%s&csrf_token=%s' % (data, nonce)) assert response['status'] == '204' #test failure response, _ = http.request('http://0.0.0.0:8080/bags/foo_public/tiddlers', method='POST', headers={ 'Content-type': 'application/x-www-form-urlencoded', 'Cookie': 'tiddlyweb_user="******"' % user_cookie }, body='%s' % data) assert response['status'] == '400'
def test_nonce_not_left_over(): """ Test that the nonce is not left over in the tiddler after a POST i.e. check that it is removed before the request continues """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) timestamp = datetime.now().strftime('%Y%m%d%H') secret = config['secret'] nonce = '%s:%s:%s' % ( timestamp, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, timestamp, space, secret)).hexdigest()) user_cookie = get_auth('foo', 'foobar') csrf_token = 'csrf_token=%s' % nonce data = 'title=foobar&text=hello%20world&extra_field=baz' #test success response, _ = http.request( 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers', method='POST', headers={ 'Content-type': 'application/x-www-form-urlencoded', 'Cookie': 'tiddlyweb_user="******"' % user_cookie }, body='%s&csrf_token=%s' % (data, nonce)) assert response['status'] == '204' new_tiddler = Tiddler('foobar') new_tiddler.bag = 'foo_public' new_tiddler = store.get(new_tiddler) assert new_tiddler.title == 'foobar' assert new_tiddler.text == 'hello world' assert new_tiddler.fields.get('extra_field') == 'baz' assert new_tiddler.fields.get('nonce') == None
def adduser(args): """Add or update a user to the database: <username> <password> [[role] [role] ...]""" try: username, password = args[0:2] except (IndexError, ValueError): usage('you must include at least a username and password') try: roles = args[2:] except IndexError: roles = [] # this will raise an except to be caught by the handler store = _store() user = User(username) user.set_password(password) for role in roles: user.add_role(role) store.put(user) return True
def setup_module(module): make_test_env(module) httplib2_intercept.install() from tiddlyweb.config import config config['blacklisted_spaces'] = ['scrappy'] wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) make_fake_space(module.store, 'cdent') user = User('cdent') user.set_password('cow') module.store.put(user) user = User('fnd') user.set_password('bird') module.store.put(user) user = User('psd') user.set_password('cat') module.store.put(user)
def test_space_not_expose_subscription_recipes(): make_fake_space(store, 'foo') make_fake_space(store, 'bar') make_fake_space(store, 'baz') # add subscription (manual as this is currently insufficiently encapsulated) public_recipe = store.get(Recipe('foo_public')) private_recipe = store.get(Recipe('foo_private')) public_recipe_list = public_recipe.get_recipe() private_recipe_list = private_recipe.get_recipe() public_recipe_list.insert(-1, ('bar_public', '')) private_recipe_list.insert(-2, ('bar_public', '')) public_recipe.set_recipe(public_recipe_list) private_recipe.set_recipe(private_recipe_list) store.put(public_recipe) store.put(private_recipe) http = httplib2.Http() user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') response, content = http.request('http://foo.0.0.0.0:8080/recipes', method='GET') assert response['status'] == '200' assert 'foo_public' in content, content assert 'foo_private' not in content, content # not auth'd assert 'bar_public' not in content, content assert 'bar_private' not in content, content assert 'baz_' not in content, content response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/foo_public', method='GET') assert response['status'] == '200' response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/foo_private', method='GET', headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie}) assert response['status'] == '200' response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/bar_public', method='GET') assert response['status'] == '404' response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/bar_private', method='GET', headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie}) assert response['status'] == '404' response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/baz_public', method='GET') assert response['status'] == '404' response, content = http.request( 'http://foo.0.0.0.0:8080/recipes/baz_private', method='GET') assert response['status'] == '404'