def test_16_ordered_resolver(self):
rid = save_resolver({"resolver": "resolver2",
"type": "passwdresolver",
"fileName": PWFILE})
rid = save_resolver({"resolver": "reso4",
"type": "passwdresolver",
"fileName": PWFILE})
(added, failed) = set_realm("sort_realm",
["resolver1", "resolver2", "reso3",
"reso4"],
priority={"resolver1": 30,
"resolver2": 10,
"reso3": 27,
"reso4": 5})
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 4)
root = User("root", "sort_realm")
r = root.get_ordererd_resolvers()
self.assertEqual(r[0], "reso4")
self.assertEqual(r[1], "resolver2")
self.assertEqual(r[2], "reso3")
self.assertEqual(r[3], "resolver1")
delete_realm("sort_realm")
def test_16_ordered_resolver(self):
rid = save_resolver({
"resolver": "resolver2",
"type": "passwdresolver",
"fileName": PWFILE
})
rid = save_resolver({
"resolver": "reso4",
"type": "passwdresolver",
"fileName": PWFILE
})
(added,
failed) = set_realm("sort_realm",
["resolver1", "resolver2", "reso3", "reso4"],
priority={
"resolver1": 30,
"resolver2": 10,
"reso3": 27,
"reso4": 5
})
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 4)
root = User("root", "sort_realm")
r = root.get_ordererd_resolvers()
self.assertEqual(r[0], "reso4")
self.assertEqual(r[1], "resolver2")
self.assertEqual(r[2], "reso3")
self.assertEqual(r[3], "resolver1")
delete_realm("sort_realm")
def test_21_check_all_resolver(self):
# check_all_resolver allows to find a policy for a secondary user
# resolver.
# We create one realm "realm1" with the resolvers
# reso1 (prio 1)
# reso2 (prio 2)
# reso3 (prio 3)
# A user user@realm1 will be identified as user.reso1@realm1.
# But we will also match policies for reso2.
# no realm and resolver
r = get_realms()
self.assertEqual(r, {})
r = get_resolver_list()
self.assertEqual(r, {})
# create user realm
for reso in ["reso1", "resoX", "resoA"]:
rid = save_resolver({
"resolver": reso,
"type": "passwdresolver",
"fileName": PWFILE
})
self.assertTrue(rid > 0, rid)
# create a realm with reso1 being the resolver with the highest priority
(added, failed) = set_realm("realm1", ["reso1", "resoX", "resoA"],
priority={
"reso1": 1,
"resoX": 2,
"resoA": 3
})
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 3)
user = User(login="******", realm="realm1")
# The user, that is created, is cornelius.reso1@realm1
user_str = "{0!s}".format(user)
self.assertEqual(user_str, "<cornelius.reso1@realm1>")
# But the user "cornelius" is also contained in other resolves in
# this realm
r = user.get_ordererd_resolvers()
self.assertEqual(r, ["reso1", "resoX", "resoA"])
self.assertFalse(user.is_empty())
self.assertTrue(User().is_empty())
# define a policy with the wrong resolver
p = set_policy(name="checkAll",
scope=SCOPE.AUTHZ,
realm="realm1",
resolver="resoX",
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
p = set_policy(name="catchAll",
scope=SCOPE.AUTHZ,
realm="realm1",
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
P = PolicyClass()
pols = P.get_policies(scope=SCOPE.AUTHZ,
realm=user.realm,
resolver=user.resolver,
user=user.login)
self.assertEqual(len(pols), 1)
# Now we change the policy, so that it uses check_all_resolver, i.e.
p = set_policy(name="checkAll",
scope=SCOPE.AUTHZ,
realm="realm1",
resolver="resoX",
check_all_resolvers=True,
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
P = PolicyClass()
pols = P.get_policies(scope=SCOPE.AUTHZ,
realm=user.realm,
resolver=user.resolver,
user=user.login)
self.assertEqual(len(pols), 2)
# delete policy
delete_policy("checkAll")
delete_policy("catchAll")
# delete resolvers and realm
delete_realm("realm1")
for reso in ["reso1", "resoX", "resoA"]:
rid = delete_resolver(reso)
self.assertTrue(rid > 0, rid)
def test_21_check_all_resolver(self):
# check_all_resolver allows to find a policy for a secondary user
# resolver.
# We create one realm "realm1" with the resolvers
# reso1 (prio 1)
# reso2 (prio 2)
# reso3 (prio 3)
# A user user@realm1 will be identified as user.reso1@realm1.
# But we will also match policies for reso2.
# no realm and resolver
r = get_realms()
self.assertEqual(r, {})
r = get_resolver_list()
self.assertEqual(r, {})
# create user realm
for reso in ["reso1", "resoX", "resoA"]:
rid = save_resolver({"resolver": reso,
"type": "passwdresolver",
"fileName": PWFILE})
self.assertTrue(rid > 0, rid)
# create a realm with reso1 being the resolver with the highest priority
(added, failed) = set_realm("realm1",
["reso1", "resoX", "resoA"],
priority={"reso1": 1,
"resoX": 2,
"resoA": 3})
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 3)
user = User(login="******",
realm="realm1")
# The user, that is created, is cornelius.reso1@realm1
user_str = "{0!s}".format(user)
self.assertEqual(user_str, "<cornelius.reso1@realm1>")
# But the user "cornelius" is also contained in other resolves in
# this realm
r = user.get_ordererd_resolvers()
self.assertEqual(r, ["reso1", "resoX", "resoA"])
self.assertFalse(user.is_empty())
self.assertTrue(User().is_empty())
# define a policy with the wrong resolver
p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1",
resolver="resoX",
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
p = set_policy(name="catchAll", scope=SCOPE.AUTHZ, realm="realm1",
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
P = PolicyClass()
pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm,
resolver=user.resolver, user=user.login)
self.assertEqual(len(pols), 1)
# Now we change the policy, so that it uses check_all_resolver, i.e.
p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1",
resolver="resoX", check_all_resolvers=True,
action="{0}=totp".format(ACTION.TOKENTYPE))
self.assertTrue(p > 0)
P = PolicyClass()
pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm,
resolver=user.resolver, user=user.login)
self.assertEqual(len(pols), 2)
# delete policy
delete_policy("checkAll")
delete_policy("catchAll")
# delete resolvers and realm
delete_realm("realm1")
for reso in ["reso1", "resoX", "resoA"]:
rid = delete_resolver(reso)
self.assertTrue(rid > 0, rid)
