def authenticateCredentials(self, credentials):
login = credentials.get('login')
password = credentials.get('password')
if login is None or password is None:
return None
# Adapt to IUserAuthentication to provide the actual authentication.
# If no such adapter (or null-adapter) exists, fail.
authentication = IUserAuthentication(self.context, None)
if authentication is None:
return None
if authentication.verifyCredentials(credentials):
info = IMembraneUserObject(self.context, self)
userid = info.getUserId()
return userid, login
def testIMembraneUserManagement(self):
"""Test the functionality of the IMembraneUserManagement interface."""
from Products.membrane.interfaces import IMembraneUserManagement
from Products.membrane.at.interfaces import IUserAuthentication
user = IMembraneUserManagement(self.person);
auth = IUserAuthentication(self.person);
#test setting password directly, verify that verifyCredentials works as expected
fsd_tool = getToolByName(self.portal, TOOLNAME)
self.person.setPassword('secret1')
if fsd_tool.getUseInternalPassword():
self.failUnless(auth.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password, setting password directly")
else:
self.failIf(auth.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none, setting password directly. Value returned: %s" % returnval)
# now set password using the userChanger method and verify that it worked
user.doChangeUser('abc123', 'secret2')
fsd_tool = getToolByName(self.portal, TOOLNAME)
if fsd_tool.getUseInternalPassword():
self.failUnless(auth.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password, testing doChangeUser()")
else:
self.failIf(auth.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none, testing doChangeUser(). Value returned: %s" % returnval)
# set password and some other value with doChangeUser, using keywords
self.failIf(self.person.getEmail(), "email already set, and it shouldn't be: %s" % self.person.getEmail())
user.doChangeUser('abc123','secret', email='*****@*****.**')
self.failUnlessEqual(self.person.getEmail(), '*****@*****.**', msg="failed to update email via doChangeUser(): %s" % self.person.getEmail())
# now try to delete the user
self.failUnless(hasattr(self.directory,'abc123'), "directory does not have person")
user.doDeleteUser('abc123')
self.failIf(hasattr(self.directory,'abc123'), "directory still contains person")
# we should not be able to log in as this person anymore
self.logout()
try:
self.login('abc123')
except AttributeError:
pass
else:
self.fail("still able to login: %s" % self.portal.portal_membership.getAuthenticatedMember().id)
def testIUserAuthentication(self):
"""Test the functionality of the IUserAuthentication interface."""
# adapt the person object
u = IUserAuthentication(self.person)
uname = u.getUserName()
self.failUnlessEqual(uname, 'abc123', "incorrect value for getUserName.")
fsd_tool = getToolByName(self.portal, TOOLNAME)
if fsd_tool.getUseInternalPassword():
self.person.setPassword("chewy1")
self.failIf(u.verifyCredentials( { }), "somehow verified empty credentials")
self.failIf(u.verifyCredentials( {'login':'******','password':'' }), "verified missing password")
self.failIf(u.verifyCredentials( {'login':'', 'password':'******'}), "verified missing login")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect login")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect password")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect login and password")
self.failUnless(u.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password")
else:
self.failIf(u.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none. Value returned: %s" % returnval)
def testUseInternalPasswordControlsAuth(self):
from Products.membrane.at.interfaces import IUserAuthentication
u = IUserAuthentication(self.person)
self.person.setPassword("chewy1")
if self.fsd_tool.getUseInternalPassword():
self.failUnless(u.verifyCredentials({'login':'******','password':'******'}),"useInternalPassword appears to be broken, failed to verify correct login and password: %s" % self.fsd_tool.getUseInternalPassword())
self.fsd_tool.setUseInternalPassword(False)
self.failIf(u.verifyCredentials({'login':'******','password':'******'}), "useInternalPassword not toggled. verification still allowed: %s" % self.fsd_tool.getUseInternalPassword())
else:
self.failIf(u.verifyCredentials({'login':'******','password':'******'}),"verification allowed, but shouldn't have been: %s" % self.fsd_tool.getUseInternalPassword())
self.fsd_tool.setUseInternalPassword(True)
self.failUnless(u.verifyCredentials({'login':'******','password':'******'}), "useInternalPassword not toggled. verification still disallowed: %s" % self.fsd_tool.getUseInternalPassword())
def testIUserAuthentication(self):
"""Test the functionality of the IUserAuthentication interface."""
# adapt the person object
u = IUserAuthentication(self.person)
uname = u.getUserName()
self.failUnlessEqual(uname, 'abc123', "incorrect value for getUserName.")
fsd_tool = getToolByName(self.portal, TOOLNAME)
if fsd_tool.getUseInternalPassword():
self.person.setPassword("chewy1")
self.failIf(u.verifyCredentials( { }), "somehow verified empty credentials")
self.failIf(u.verifyCredentials( {'login':'******','password':'' }), "verified missing password")
self.failIf(u.verifyCredentials( {'login':'', 'password':'******'}), "verified missing login")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect login")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect password")
self.failIf(u.verifyCredentials( {'login':'******','password':'******'}), "verified incorrect login and password")
self.failUnless(u.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password")
else:
self.failIf(u.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none. Value returned: %s" % returnval)
def testIMembraneUserManagement(self):
"""Test the functionality of the IMembraneUserManagement interface."""
from Products.membrane.interfaces import IMembraneUserManagement
from Products.membrane.at.interfaces import IUserAuthentication
user = IMembraneUserManagement(self.person);
auth = IUserAuthentication(self.person);
#test setting password directly, verify that verifyCredentials works as expected
fsd_tool = getToolByName(self.portal, TOOLNAME)
self.person.setPassword('secret1')
if fsd_tool.getUseInternalPassword():
self.failUnless(auth.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password, setting password directly")
else:
self.failIf(auth.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none, setting password directly. Value returned: %s" % returnval)
# now set password using the userChanger method and verify that it worked
user.doChangeUser('abc123', 'secret2')
fsd_tool = getToolByName(self.portal, TOOLNAME)
if fsd_tool.getUseInternalPassword():
self.failUnless(auth.verifyCredentials({'login':'******','password':'******'}), "failed to verify correct login and password, testing doChangeUser()")
else:
self.failIf(auth.verifyCredentials({'login':'******','password':'******'}), "internal password not used, method should return none, testing doChangeUser(). Value returned: %s" % returnval)
# set password and some other value with doChangeUser, using keywords
self.failIf(self.person.getEmail(), "email already set, and it shouldn't be: %s" % self.person.getEmail())
user.doChangeUser('abc123','secret', email='*****@*****.**')
self.failUnlessEqual(self.person.getEmail(), '*****@*****.**', msg="failed to update email via doChangeUser(): %s" % self.person.getEmail())
# now try to delete the user
self.failUnless(hasattr(self.directory,'abc123'), "directory does not have person")
user.doDeleteUser('abc123')
self.failIf(hasattr(self.directory,'abc123'), "directory still contains person")
# we should not be able to log in as this person anymore
self.logout()
try:
self.login('abc123')
except AttributeError:
pass
else:
self.fail("still able to login: %s" % self.portal.portal_membership.getAuthenticatedMember().id)
