def test_00_create_user(self): rid = save_resolver({ "resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE }) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm1, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm1, resolver=self.resolvername1) user_str = "{0!s}".format(user) self.assertTrue(user_str == "<root.resolver1@realm1>", user_str) # check proper unicode() / str() handling if six.PY2: self.assertIsInstance(str(user), bytes) self.assertIsInstance(unicode(user), unicode) else: self.assertIsInstance(six.text_type(user), six.text_type) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "{0!r}".format(user) expected = "User(login='******', realm='realm1', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def setUp_user_realm2(self): # create user realm rid = save_resolver({ "resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE }) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm2, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm2, resolver=self.resolvername1) user_str = "{0!s}".format(user) self.assertTrue(user_str == "<root.resolver1@realm2>", user_str) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "{0!r}".format(user) expected = "User(login='******', realm='realm2', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def test_00_create_user(self): rid = save_resolver({"resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm1, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm1, resolver=self.resolvername1) user_str = "{0!s}".format(user) self.assertTrue(user_str == "<root.resolver1@realm1>", user_str) # check proper unicode() and str() handling self.assertIsInstance(str(user), bytes) self.assertIsInstance(unicode(user), unicode) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "{0!r}".format(user) expected = "User(login='******', realm='realm1', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def setUp_user_realm2(self): # create user realm rid = save_resolver({"resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm2, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm2, resolver=self.resolvername1) user_str = "{0!s}".format(user) self.assertTrue(user_str == "<root.resolver1@realm2>", user_str) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "{0!r}".format(user) expected = "User(login='******', realm='realm2', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def test_00_create_user(self): rid = save_resolver({ "resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE }) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm1, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm1, resolver=self.resolvername1) user_str = "%s" % user self.assertTrue(user_str == "<root.resolver1@realm1>", user_str) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "%r" % user expected = "User(login='******', realm='realm1', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def test_00_create_user_realm(self): rid = save_resolver({"resolver": self.resolvername1, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(self.realm1, [self.resolvername1]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) user = User(login="******", realm=self.realm1, resolver=self.resolvername1) user_str = "%s" % user self.assertTrue(user_str == "<root.resolver1@realm1>", user_str) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) user_repr = "%r" % user expected = "User(login='******', realm='realm1', resolver='resolver1')" self.assertTrue(user_repr == expected, user_repr)
def _get_tokenowner(request): user = User() if hasattr(request, "User"): user = request.User serial = request.all_data.get("serial") if user.is_empty() and serial: # maybe the user is empty, but a serial was passed. # Then we determine the user by the serial try: user = get_token_owner(serial) or User() except Exception as exx: user = User() # This can happen for orphaned tokens. log.info("Could not determine tokenowner for {0!s}. Maybe the " "user does not exist anymore.".format(serial)) log.debug(exx) # If the user does not exist, we set an empty user if not user.exist(): user = User() return user
def test_21_check_all_resolver(self): # check_all_resolver allows to find a policy for a secondary user # resolver. # We create one realm "realm1" with the resolvers # reso1 (prio 1) # reso2 (prio 2) # reso3 (prio 3) # A user user@realm1 will be identified as user.reso1@realm1. # But we will also match policies for reso2. # no realm and resolver r = get_realms() self.assertEqual(r, {}) r = get_resolver_list() self.assertEqual(r, {}) # create user realm for reso in ["reso1", "resoX", "resoA"]: rid = save_resolver({ "resolver": reso, "type": "passwdresolver", "fileName": PWFILE }) self.assertTrue(rid > 0, rid) # create a realm with reso1 being the resolver with the highest priority (added, failed) = set_realm("realm1", ["reso1", "resoX", "resoA"], priority={ "reso1": 1, "resoX": 2, "resoA": 3 }) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 3) user = User(login="******", realm="realm1") # The user, that is created, is cornelius.reso1@realm1 user_str = "{0!s}".format(user) self.assertEqual(user_str, "<cornelius.reso1@realm1>") # But the user "cornelius" is also contained in other resolves in # this realm r = user.get_ordererd_resolvers() self.assertEqual(r, ["reso1", "resoX", "resoA"]) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) # define a policy with the wrong resolver p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1", resolver="resoX", action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) p = set_policy(name="catchAll", scope=SCOPE.AUTHZ, realm="realm1", action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) P = PolicyClass() pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm, resolver=user.resolver, user=user.login) self.assertEqual(len(pols), 1) # Now we change the policy, so that it uses check_all_resolver, i.e. p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1", resolver="resoX", check_all_resolvers=True, action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) P = PolicyClass() pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm, resolver=user.resolver, user=user.login) self.assertEqual(len(pols), 2) # delete policy delete_policy("checkAll") delete_policy("catchAll") # delete resolvers and realm delete_realm("realm1") for reso in ["reso1", "resoX", "resoA"]: rid = delete_resolver(reso) self.assertTrue(rid > 0, rid)
def test_21_check_all_resolver(self): # check_all_resolver allows to find a policy for a secondary user # resolver. # We create one realm "realm1" with the resolvers # reso1 (prio 1) # reso2 (prio 2) # reso3 (prio 3) # A user user@realm1 will be identified as user.reso1@realm1. # But we will also match policies for reso2. # no realm and resolver r = get_realms() self.assertEqual(r, {}) r = get_resolver_list() self.assertEqual(r, {}) # create user realm for reso in ["reso1", "resoX", "resoA"]: rid = save_resolver({"resolver": reso, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) # create a realm with reso1 being the resolver with the highest priority (added, failed) = set_realm("realm1", ["reso1", "resoX", "resoA"], priority={"reso1": 1, "resoX": 2, "resoA": 3}) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 3) user = User(login="******", realm="realm1") # The user, that is created, is cornelius.reso1@realm1 user_str = "{0!s}".format(user) self.assertEqual(user_str, "<cornelius.reso1@realm1>") # But the user "cornelius" is also contained in other resolves in # this realm r = user.get_ordererd_resolvers() self.assertEqual(r, ["reso1", "resoX", "resoA"]) self.assertFalse(user.is_empty()) self.assertTrue(User().is_empty()) # define a policy with the wrong resolver p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1", resolver="resoX", action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) p = set_policy(name="catchAll", scope=SCOPE.AUTHZ, realm="realm1", action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) P = PolicyClass() pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm, resolver=user.resolver, user=user.login) self.assertEqual(len(pols), 1) # Now we change the policy, so that it uses check_all_resolver, i.e. p = set_policy(name="checkAll", scope=SCOPE.AUTHZ, realm="realm1", resolver="resoX", check_all_resolvers=True, action="{0}=totp".format(ACTION.TOKENTYPE)) self.assertTrue(p > 0) P = PolicyClass() pols = P.get_policies(scope=SCOPE.AUTHZ, realm=user.realm, resolver=user.resolver, user=user.login) self.assertEqual(len(pols), 2) # delete policy delete_policy("checkAll") delete_policy("catchAll") # delete resolvers and realm delete_realm("realm1") for reso in ["reso1", "resoX", "resoA"]: rid = delete_resolver(reso) self.assertTrue(rid > 0, rid)