def test_prevent_untrusted_writes_through_implicit_flows(self):
x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser))
x.update(self.aliceUser, self.aliceUser, 42)
y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser))
y.update(self.bobUser, self.bobUser, 2 if x.v == 42 else 3)
self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 3)
self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 3)
def test_permitted_writer_overwrite(self): x = ProtectedRef(0, None, self.allowUserWrite(self.bobUser)) assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown assert x.update(self.bobUser, self.bobUser, 43) == UpdateResult.Unknown self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 43) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 43) self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 43)
def testCountUsersInLocation(self): # Only Alice and Bob can see Alice's "high" location of S locNetwork = LocationNetwork([self.alice, self.bob, self.carol]) usersInStata = locNetwork.countUsersInLocation(self.gpsMIT) self.assertEqual(JeevesLib.concretize(self.alice, usersInStata), 1) self.assertEqual(JeevesLib.concretize(self.bob, usersInStata), 1) self.assertEqual(JeevesLib.concretize(self.carol, usersInStata), 0)
def testLogin(self):
self.assertEqual( JeevesLib.concretize(self.aliceUser
, Authentication.login(self.aliceUser, self.alicePwd))
, self.aliceUser)
self.assertEqual( JeevesLib.concretize(self.aliceUser
, Authentication.login(self.aliceUser, "otherPwd"))
, Principal.NullUser())
def test_prevent_untrusted_writes_through_implicit_flows(self): x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser)) x.update(self.aliceUser, self.aliceUser, 42) y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser)) y.update(self.bobUser, self.bobUser, 2 if x.v == 42 else 3) self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 3) self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 3)
def test_permitted_writer_overwrite(self): x = ProtectedRef(0, None, self.allowUserWrite(self.bobUser)) assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown assert x.update(self.bobUser, self.bobUser, 43) == UpdateResult.Unknown self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 43) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 43) self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 43)
def testCountUsersInLocation(self):
# Only Alice and Bob can see Alice's "high" location of S
locNetwork = LocationNetwork([self.alice, self.bob, self.carol])
usersInStata = locNetwork.countUsersInLocation(self.gpsMIT)
self.assertEqual(JeevesLib.concretize(self.alice, usersInStata), 1)
self.assertEqual(JeevesLib.concretize(self.bob, usersInStata), 1)
self.assertEqual(JeevesLib.concretize(self.carol, usersInStata), 0)
def test_restrict_all_restrictive(self):
JeevesLib.clear_cache()
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda _: False)
self.assertFalse(JeevesLib.concretize(None, x))
self.assertFalse(JeevesLib.concretize(None, x))
def test_determine_writer_trust_later(self): x = ProtectedRef(0, None , lambda _this: lambda ictxt: lambda octxt: JeevesLib.jhas(octxt, ictxt)) x.update(self.aliceUser, self.aliceUser, 42) self.assertEqual(JeevesLib.concretize([self.aliceUser], x.v), 42) self.assertEqual(JeevesLib.concretize([], x.v), 0)
def test_determine_writer_trust_later(self):
x = ProtectedRef(
0, None, lambda _this: lambda ictxt: lambda octxt: JeevesLib.jhas(
octxt, ictxt))
x.update(self.aliceUser, self.aliceUser, 42)
self.assertEqual(JeevesLib.concretize([self.aliceUser], x.v), 42)
self.assertEqual(JeevesLib.concretize([], x.v), 0)
def test_not_tracking_implicit_flows(self):
x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser), False)
x.update(self.aliceUser, self.aliceUser, 42)
y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser), False)
y.update(self.bobUser, self.bobUser, 2 if x.v == 42 else 3)
self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 2)
self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 2)
def test_not_tracking_implicit_flows(self): x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser), False) x.update(self.aliceUser, self.aliceUser, 42) y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser), False) y.update(self.bobUser, self.bobUser, 2 if x.v == 42 else 3) self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 2) self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 2)
def test_write_allowed_for_all_viewers(self):
x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser))
assert x.update(self.aliceUser, self.aliceUser,
42) == UpdateResult.Unknown
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 42)
self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42)
self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 42)
def test_view_email(self):
self.assertEqual(
JeevesLib.concretize(self.aliceUser, self.aliceUser.email)
, "*****@*****.**")
self.assertEqual(
JeevesLib.concretize(self.aliceUser, self.eveUser.email)
, "[redacted]")
def test_restrict_all_restrictive(self):
JeevesLib.clear_cache()
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda _: False)
self.assertFalse(JeevesLib.concretize(None, x))
self.assertFalse(JeevesLib.concretize(None, x))
def test_output_write_policies_involving_this_can_update(self):
x = ProtectedRef(0, None
, lambda v: lambda ictxt: lambda _:
v == 0 and ictxt == self.aliceUser)
x.update(self.aliceUser, self.aliceUser, 1)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 1)
x.update(self.aliceUser, self.aliceUser, 3)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 1)
def test_output_varies_depending_on_viewer(self): x = ProtectedRef(0, None , lambda _this: lambda ictxt: lambda octxt: ictxt == self.aliceUser and octxt == self.bobUser) x.update(self.aliceUser, self.aliceUser, 42) self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 0) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 0)
def test_write_selectively_allowed(self):
x = ProtectedRef(0, None
, lambda _this: lambda ictxt: lambda octxt:
ictxt == self.aliceUser and octxt == self.bobUser)
assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 0)
self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42)
self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 0)
def test_view_email(self):
self.assertEqual(JeevesLib.concretize(self.benUser, self.benUser.email)
, "*****@*****.**")
self.assertEqual(JeevesLib.concretize(self.janeUser, self.benUser.email)
, "[redacted]")
self.assertEqual(
JeevesLib.concretize(self.rishabhUser, self.benUser.email)
, "[redacted]")
def test_write_selectively_allowed(self): x = ProtectedRef(0, None , lambda _this: lambda ictxt: lambda octxt: ictxt == self.aliceUser and octxt == self.bobUser) assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 0) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 0)
def test_output_varies_depending_on_viewer(self):
x = ProtectedRef(
0, None, lambda _this: lambda ictxt: lambda octxt: ictxt == self.
aliceUser and octxt == self.bobUser)
x.update(self.aliceUser, self.aliceUser, 42)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 0)
self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42)
self.assertEqual(JeevesLib.concretize(self.carolUser, x.v), 0)
def test_function_facets_cannot_write(self):
def id(x):
return x
def inc(x):
return x+1
x = ProtectedRef(id, None, self.allowUserWrite(self.bobUser))
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v)(1), 1)
x.update(self.aliceUser, self.aliceUser, inc)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v)(1), 1)
def test_function_facets_cannot_write(self): def id(x): return x def inc(x): return x+1 x = ProtectedRef(id, None, self.allowUserWrite(self.bobUser)) self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v)(1), 1) x.update(self.aliceUser, self.aliceUser, inc) self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v)(1), 1)
def test_prevent_flow_of_untrusted_writes(self): x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser)) assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser)) assert y.update(self.bobUser, self.bobUser, x.v) == UpdateResult.Unknown self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 0) self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 0)
def testConditional(self):
a = JeevesLib.mkLabel()
alice = User(0)
bob = User(1)
JeevesLib.restrict(a, lambda oc: oc == alice)
xS = JeevesLib.mkSensitive(a, 42, 0)
r = JeevesLib.jif(xS == 42, lambda: 1, lambda: 2)
self.assertEqual(1, JeevesLib.concretize(alice, r))
self.assertEqual(2, JeevesLib.concretize(bob, r))
def testBasic(self):
alice = User(0)
bob = User(1)
a = JeevesLib.mkLabel()
JeevesLib.restrict(a, lambda oc: oc == alice)
xS = JeevesLib.mkSensitive(a, 42, 0)
self.assertEqual(42, JeevesLib.concretize(alice, xS))
self.assertEqual(0, JeevesLib.concretize(bob, xS))
def test_prevent_flow_of_untrusted_writes(self): x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser)) assert x.update(self.aliceUser, self.aliceUser, 42) == UpdateResult.Unknown y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser)) assert y.update(self.bobUser, self.bobUser, x.v) == UpdateResult.Unknown self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v), 42) self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 0) self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 0)
def testBasic(self):
alice = User(0)
bob = User(1)
a = JeevesLib.mkLabel()
JeevesLib.restrict(a, lambda oc: oc == alice)
xS = JeevesLib.mkSensitive(a, 42, 0)
self.assertEqual(42, JeevesLib.concretize(alice, xS))
self.assertEqual(0, JeevesLib.concretize(bob, xS))
def testIsFriends(self):
self.assertTrue(
JeevesLib.concretize(self.alice, self.alice.isFriends(self.bob)))
self.assertTrue(
JeevesLib.concretize(self.alice, self.bob.isFriends(self.alice)))
self.assertFalse(
JeevesLib.concretize(self.alice, self.alice.isFriends(self.carol)))
self.assertFalse(
JeevesLib.concretize(self.alice, self.carol.isFriends(self.alice)))
def testOwnerCanSee(self):
policy = lambda oc: False
aliceBid = Bid(3, self.aliceUser, policy)
ctxt0 = AuctionContext(self.aliceUser, 0, [])
self.assertEqual(3, JeevesLib.concretize(ctxt0, aliceBid.value))
ctxt1 = AuctionContext(self.bobUser, 0, [])
self.assertEqual(-1, JeevesLib.concretize(ctxt1, aliceBid.value))
def testViewLocation(self):
# Alice and Bob can see the high-confidentiality version of Alice's
# location, but Carol cannot.
self.assertEqual(JeevesLib.concretize(self.alice, self.alice.location)
, self.gpsMIT)
self.assertEqual(JeevesLib.concretize(self.bob, self.alice.location)
, self.gpsMIT)
self.assertEqual(JeevesLib.concretize(self.carol, self.alice.location)
, self.cityCambridge)
def testConditional(self): a = JeevesLib.mkLabel() alice = User(0) bob = User(1) JeevesLib.restrict(a, lambda oc: oc == alice) xS = JeevesLib.mkSensitive(a, 42, 0) r = JeevesLib.jif(xS == 42, lambda: 1, lambda: 2) self.assertEqual(1, JeevesLib.concretize(alice, r)) self.assertEqual(2, JeevesLib.concretize(bob, r))
def test_view_grade(self):
course_info = StudentCourse.objects.get(student=self.benUser)
self.assertEqual(JeevesLib.concretize(self.benUser, course_info.grade)
, 'B')
self.assertEqual(JeevesLib.concretize(self.janeUser, course_info.grade)
, 'U')
self.assertEqual(
JeevesLib.concretize(self.rishabhUser, course_info.grade)
, 'B')
def testBehavioralGood(self):
touchedBadData = False
def f(x):
return x+1
x = ProtectedRef(lambda x: x, None
, lambda _this: lambda ic: lambda touchedBad: not touchedBad)
self.assertEqual(JeevesLib.concretize(None, (x.v)(1)), 1)
assert x.update(None, None, f) == UpdateResult.Unknown
self.assertEqual(JeevesLib.concretize(None, (x.v)(1)), 2)
def testIsFriends(self):
self.assertTrue(
JeevesLib.concretize(self.alice, self.alice.isFriends(self.bob)))
self.assertTrue(
JeevesLib.concretize(self.alice, self.bob.isFriends(self.alice)))
self.assertFalse(
JeevesLib.concretize(self.alice, self.alice.isFriends(self.carol)))
self.assertFalse(
JeevesLib.concretize(self.alice, self.carol.isFriends(self.alice)))
def test_restrict_with_context(self):
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda y: y == 2)
xConcrete = JeevesLib.concretize(2, x)
self.assertTrue(xConcrete)
xConcrete = JeevesLib.concretize(3, x)
self.assertFalse(xConcrete)
def test_view_submission_grade(self):
self.assertEqual(JeevesLib.concretize(self.benUser, self.ben813_1.grade)
, 'A')
self.assertEqual(
JeevesLib.concretize(self.janeUser, self.ben813_1.grade)
, 'U')
self.assertEqual(
JeevesLib.concretize(self.rishabhUser, self.ben813_1.grade)
, 'A')
def test_restrict_with_context(self):
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda y: y == 2)
xConcrete = JeevesLib.concretize(2, x)
self.assertTrue(xConcrete)
xConcrete = JeevesLib.concretize(3, x)
self.assertFalse(xConcrete)
def testViewLocation(self):
# Alice and Bob can see the high-confidentiality version of Alice's
# location, but Carol cannot.
self.assertEqual(JeevesLib.concretize(self.alice, self.alice.location),
self.gpsMIT)
self.assertEqual(JeevesLib.concretize(self.bob, self.alice.location),
self.gpsMIT)
self.assertEqual(JeevesLib.concretize(self.carol, self.alice.location),
self.cityCambridge)
def test_restrict_all_permissive(self):
JeevesLib.clear_cache()
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda _: True)
self.assertTrue(JeevesLib.concretize(None, x))
# Now we test the cache.
self.assertTrue(JeevesLib.concretize(None, x))
self.assertEqual(len(JeevesLib.get_cache()), 1)
def test_restrict_with_sensitive_value(self):
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda y: y == 2)
value = JeevesLib.mkSensitive(x, 42, 41)
valueConcrete = JeevesLib.concretize(2, value)
self.assertEquals(valueConcrete, 42)
valueConcrete = JeevesLib.concretize(1, value)
self.assertEquals(valueConcrete, 41)
def test_prevent_flow_of_operations_on_untrusted_writes(self): x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser)) x.update(self.aliceUser, self.aliceUser, 42) y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser)) y.update(self.bobUser, self.bobUser, 43) z = ProtectedRef(0, None, self.allowUserWrite(self.carolUser)) z.update(self.carolUser, self.carolUser, x.v + y.v) self.assertEqual(JeevesLib.concretize(self.aliceUser, z.v), 1) self.assertEqual(JeevesLib.concretize(self.bobUser, z.v), 1) self.assertEqual(JeevesLib.concretize(self.carolUser, z.v), 1)
def test_output_write_policies_involving_this_can_update(self):
x = ProtectedRef(0, None
, lambda v: lambda ictxt: lambda _:
v == 0 and ictxt == self.aliceUser)
x.update(self.aliceUser, self.aliceUser, 1)
print x.v.prettyPrint()
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 1)
x.update(self.aliceUser, self.aliceUser, 3)
print x.v.prettyPrint()
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 1)
def test_output_write_policy_with_this_cannot_update(self):
x = ProtectedRef(0, None
, lambda v: lambda ictxt: lambda _octxt:
(not (v == 3)) and ictxt == self.aliceUser)
x.update(self.aliceUser, self.aliceUser, 1)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 1)
x.update(self.aliceUser, self.aliceUser, 3)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 3)
x.update(self.aliceUser, self.aliceUser, 5)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v), 3)
def test_prevent_flow_of_operations_on_untrusted_writes(self):
x = ProtectedRef(0, None, self.allowUserWrite(self.aliceUser))
x.update(self.aliceUser, self.aliceUser, 42)
y = ProtectedRef(1, None, self.allowUserWrite(self.bobUser))
y.update(self.bobUser, self.bobUser, 43)
z = ProtectedRef(0, None, self.allowUserWrite(self.carolUser))
z.update(self.carolUser, self.carolUser, x.v + y.v)
self.assertEqual(JeevesLib.concretize(self.aliceUser, z.v), 1)
self.assertEqual(JeevesLib.concretize(self.bobUser, z.v), 1)
self.assertEqual(JeevesLib.concretize(self.carolUser, z.v), 1)
def test_see_Address(self):
self.assertEqual(
JeevesLib.concretize(self.jeanyangProfile, self.jean.Address)
, self.house1)
self.assertEqual(
JeevesLib.concretize(self.arielProfile, self.jean.Address.Street)
, None)
self.assertEqual(
JeevesLib.concretize(self.arielProfile, self.jean.Address.ZipCode)
, "14800")
def test_combining_write_policies_in_operation(self): x = ProtectedRef(0, None, self.allowUserWrite(self.bobUser)) x.update(self.bobUser, self.bobUser, 42) y = ProtectedRef(2, None , lambda _this: lambda ictxt: lambda octxt: ictxt == self.aliceUser and octxt == self.bobUser) y.update(self.aliceUser, self.aliceUser, 43) self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v + y.v), 44) self.assertEqual(JeevesLib.concretize(self.bobUser, x.v + y.v), 85) self.assertEqual(JeevesLib.concretize(self.carolUser, x.v + y.v), 44)
def test_restrict_all_permissive(self):
JeevesLib.clear_cache()
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda _: True)
self.assertTrue(JeevesLib.concretize(None, x))
# Now we test the cache.
self.assertTrue(JeevesLib.concretize(None, x))
self.assertEqual(len(JeevesLib.get_cache()), 1)
def test_restrict_with_sensitivevalue(self):
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda y: y == 2)
value = JeevesLib.mkSensitive(x, 42, 41)
valueConcrete = JeevesLib.concretize(2, value)
self.assertEquals(valueConcrete, 42)
valueConcrete = JeevesLib.concretize(1, value)
self.assertEquals(valueConcrete, 41)
def test_combining_write_policies_in_operation(self):
x = ProtectedRef(0, None, self.allowUserWrite(self.bobUser))
x.update(self.bobUser, self.bobUser, 42)
y = ProtectedRef(
2, None, lambda _this: lambda ictxt: lambda octxt: ictxt == self.
aliceUser and octxt == self.bobUser)
y.update(self.aliceUser, self.aliceUser, 43)
self.assertEqual(JeevesLib.concretize(self.aliceUser, x.v + y.v), 44)
self.assertEqual(JeevesLib.concretize(self.bobUser, x.v + y.v), 85)
self.assertEqual(JeevesLib.concretize(self.carolUser, x.v + y.v), 44)
def test_jmap_for(self):
x = JeevesLib.mkLabel("x")
JeevesLib.restrict(x, lambda ctxt: ctxt)
l = JeevesLib.mkSensitive(x, [0, 1, 2], [3, 4, 5, 6])
m = 0
for t in l:
m = m + t * t
self.assertEqual(JeevesLib.concretize(True, m), 5)
self.assertEqual(JeevesLib.concretize(False, m), 86)
def test_jmap_for(self):
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda ctxt : ctxt)
l = JeevesLib.mkSensitive(x, [0,1,2], [3,4,5,6])
m = 0
for t in l:
m = m + t*t
self.assertEqual(JeevesLib.concretize(True, m), 5)
self.assertEqual(JeevesLib.concretize(False, m), 86)
def test_restrict_with_context(self):
JeevesLib.clear_cache()
x = JeevesLib.mkLabel('x')
JeevesLib.restrict(x, lambda y: y == 2)
self.assertTrue(JeevesLib.concretize(2, x))
self.assertTrue(JeevesLib.concretize(2, x))
self.assertFalse(JeevesLib.concretize(3, x))
self.assertFalse(JeevesLib.concretize(3, x))
def testTimeSensitiveRelease(self):
auctionEndTime = 10
policy = lambda oc: oc.time > auctionEndTime
aliceBid = Bid(3, self.aliceUser, policy)
self.assertEqual(3
, JeevesLib.concretize(
AuctionContext(self.bobUser, 11, []), aliceBid.value))
self.assertEqual(-1
, JeevesLib.concretize(
AuctionContext(self.bobUser, 10, []), aliceBid.value))
def test_prevent_implicit_flows_of_confidential_values(self):
x = ProtectedRef(0, None
, lambda _this: lambda ictxt: lambda octxt:
ictxt == self.aliceUser and octxt == self.aliceUser)
x.update(self.aliceUser, self.aliceUser, 42)
y = ProtectedRef(1, None
, lambda _this: lambda ictxt: lambda octxt:
ictxt == self.bobUser or ictxt == self.aliceUser)
y.update(self.bobUser, self.bobUser, 2 if x.v == 42 else 3)
self.assertEqual(JeevesLib.concretize(self.aliceUser, y.v), 2)
self.assertEqual(JeevesLib.concretize(self.bobUser, y.v), 3)
def testLogin(self):
self.assertEqual(
JeevesLib.concretize(
self.aliceUser,
Authentication.login(self.aliceUser, self.alicePwd)),
self.aliceUser)
self.assertEqual(
JeevesLib.concretize(
self.aliceUser, Authentication.login(self.aliceUser,
"otherPwd")),
Principal.NullUser())
