示例#1
0
    def test__doAddUser_with_not_yet_encrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'not_yet_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)
        uf.encrypt_passwords = True
        self.failIf(uf._isPasswordEncrypted(PASSWORD))

        uf._doAddUser(USER_ID, PASSWORD, [], [])
        user = uf.getUserById(USER_ID)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))
示例#2
0
    def test__doAddUser_with_not_yet_encrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'not_yet_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)    
        uf.encrypt_passwords = True
        self.failIf(uf._isPasswordEncrypted(PASSWORD))

        uf._doAddUser(USER_ID, PASSWORD, [], [])
        user = uf.getUserById(USER_ID)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))
示例#3
0
    def test__doAddUser_with_preencrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'already_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)    
        uf.encrypt_passwords = True
        ENCRYPTED = uf._encryptPassword(PASSWORD)

        uf._doAddUser(USER_ID, ENCRYPTED, [], [])
        user = uf.getUserById(USER_ID)
        self.assertEqual(user.__, ENCRYPTED)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))
示例#4
0
    def test__doAddUser_with_preencrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'already_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)
        uf.encrypt_passwords = True
        ENCRYPTED = uf._encryptPassword(PASSWORD)

        uf._doAddUser(USER_ID, ENCRYPTED, [], [])
        user = uf.getUserById(USER_ID)
        self.assertEqual(user.__, ENCRYPTED)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))
示例#5
0
    def _makeSite(self):
        import base64
        from cStringIO import StringIO
        import urllib

        from AccessControl.User import UserFolder
        from OFS.Folder import Folder
        from OFS.DTMLMethod import DTMLMethod

        root = Folder()
        root.isTopLevelPrincipiaApplicationObject = 1  # User folder needs this
        root.getPhysicalPath = lambda: ()  # hack
        root._View_Permission = ('Anonymous',)

        users = UserFolder()
        users._setId('acl_users')
        users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
        users._doAddUser('isaac', 'pass-w', ('Son',), ())
        root._setObject(users.id, users)

        cc = self._makeOne()
        cc.id = self._CC_ID
        root._setObject(cc.id, cc)

        index = DTMLMethod()
        index.munge('This is the default view')
        index._setId('index_html')
        root._setObject(index.getId(), index)

        login = DTMLMethod()
        login.munge('Please log in first.')
        login._setId('login_form')
        root._setObject(login.getId(), login)

        protected = DTMLMethod()
        protected._View_Permission = ('Manager',)
        protected.munge('This is the protected view')
        protected._setId('protected')
        root._setObject(protected.getId(), protected)

        req = makerequest(root, StringIO())
        self._finally = req.close

        credentials = urllib.quote(
            base64.encodestring('abraham:pass-w').rstrip())

        return root, cc, req, credentials
示例#6
0
    def _makeSite(self):
        import base64
        from cStringIO import StringIO
        import urllib

        from AccessControl.User import UserFolder
        from OFS.Folder import Folder
        from OFS.DTMLMethod import DTMLMethod

        root = Folder()
        root.isTopLevelPrincipiaApplicationObject = 1  # User folder needs this
        root.getPhysicalPath = lambda: ()  # hack
        root._View_Permission = ('Anonymous', )

        users = UserFolder()
        users._setId('acl_users')
        users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
        users._doAddUser('isaac', 'pass-w', ('Son', ), ())
        root._setObject(users.id, users)

        cc = self._makeOne()
        cc.id = self._CC_ID
        root._setObject(cc.id, cc)

        index = DTMLMethod()
        index.munge('This is the default view')
        index._setId('index_html')
        root._setObject(index.getId(), index)

        login = DTMLMethod()
        login.munge('Please log in first.')
        login._setId('login_form')
        root._setObject(login.getId(), login)

        protected = DTMLMethod()
        protected._View_Permission = ('Manager', )
        protected.munge('This is the protected view')
        protected._setId('protected')
        root._setObject(protected.getId(), protected)

        req = makerequest(root, StringIO())
        self._finally = req.close

        credentials = urllib.quote(
            base64.encodestring('abraham:pass-w').rstrip())

        return root, cc, req, credentials
示例#7
0
    def test_store_user_folder(self):
        conn = self.db.open()
        try:
            app = conn.root()['Application']
            if hasattr(app, 'acl_users'):
                app._delObject('acl_users')
            f = UserFolder()
            f.id = 'acl_users'
            app._setObject(f.id, f, set_owner=0)
            f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ())
            f._doAddUser('joe', '123', ('Geek',), ())
            transaction.commit()

            # Be sure ZODB sees the unmanaged persistent objects
            u = f.data['ned']
            self.assertEqual(f.data._p_oid, 'unmanaged')
            self.assertEqual(u._p_oid, 'unmanaged')

            # Make some changes
            u.roles = ('Knight', 'King')
            u.domains = ('localhost',)
            del f.data['joe']           # Test user deletion
            transaction.commit()

            conn2 = self.db.open()
            try:
                app = conn2.root()['Application']
                ff = app.acl_users
                self.assert_(aq_base(app.__allow_groups__) is aq_base(ff))
                self.assertEqual(len(ff.data), 1)
                user = ff.data['ned']
                self.assertEqual(user.name, 'ned')
                self.assertEqual(len(user.roles), 2)
                self.assert_('Knight' in user.roles)
                self.assert_('King' in user.roles)
                self.assertEqual(user.domains, ('localhost',))
                self.assert_(user is not u)
            finally:
                conn2.close()

        finally:
            conn.close()
示例#8
0
    def test_store_user_folder(self):
        conn = self.db.open()
        try:
            app = conn.root()['Application']
            if hasattr(app, 'acl_users'):
                app._delObject('acl_users')
            f = UserFolder()
            f.id = 'acl_users'
            app._setObject(f.id, f, set_owner=0)
            f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ())
            f._doAddUser('joe', '123', ('Geek', ), ())
            transaction.commit()

            # Be sure ZODB sees the unmanaged persistent objects
            u = f.data['ned']
            self.assertEqual(f.data._p_oid, 'unmanaged')
            self.assertEqual(u._p_oid, 'unmanaged')

            # Make some changes
            u.roles = ('Knight', 'King')
            u.domains = ('localhost', )
            del f.data['joe']  # Test user deletion
            transaction.commit()

            conn2 = self.db.open()
            try:
                app = conn2.root()['Application']
                ff = app.acl_users
                self.assert_(aq_base(app.__allow_groups__) is aq_base(ff))
                self.assertEqual(len(ff.data), 1)
                user = ff.data['ned']
                self.assertEqual(user.name, 'ned')
                self.assertEqual(len(user.roles), 2)
                self.assert_('Knight' in user.roles)
                self.assert_('King' in user.roles)
                self.assertEqual(user.domains, ('localhost', ))
                self.assert_(user is not u)
            finally:
                conn2.close()

        finally:
            conn.close()
示例#9
0
    def setUp(self):
        root = Folder()
        self.root = root
        root.isTopLevelPrincipiaApplicationObject = 1  # User folder needs this
        root.getPhysicalPath = lambda: ()  # hack
        root._View_Permission = ('Anonymous', )

        users = UserFolder()
        users._setId('acl_users')
        users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
        users._doAddUser('isaac', 'pass-w', ('Son', ), ())
        root._setObject(users.id, users)

        cc = CookieCrumbler()
        cc.id = 'cookie_authentication'
        root._setObject(cc.id, cc)
        self.cc = getattr(root, cc.id)

        index = DTMLMethod()
        index.munge('This is the default view')
        index._setId('index_html')
        root._setObject(index.getId(), index)

        login = DTMLMethod()
        login.munge('Please log in first.')
        login._setId('login_form')
        root._setObject(login.getId(), login)

        protected = DTMLMethod()
        protected._View_Permission = ('Manager', )
        protected.munge('This is the protected view')
        protected._setId('protected')
        root._setObject(protected.getId(), protected)

        self.responseOut = StringIO()
        self.req = makerequest(root, self.responseOut)

        self.credentials = urllib.quote(
            base64.encodestring('abraham:pass-w').rstrip())
示例#10
0
    def setUp(self):
        root = Folder()
        self.root = root
        root.isTopLevelPrincipiaApplicationObject = 1  # User folder needs this
        root.getPhysicalPath = lambda: ()  # hack
        root._View_Permission = ('Anonymous',)

        users = UserFolder()
        users._setId('acl_users')
        users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
        users._doAddUser('isaac', 'pass-w', ('Son',), ())
        root._setObject(users.id, users)

        cc = CookieCrumbler()
        cc.id = 'cookie_authentication'
        root._setObject(cc.id, cc)
        self.cc = getattr(root, cc.id)

        index = DTMLMethod()
        index.munge('This is the default view')
        index._setId('index_html')
        root._setObject(index.getId(), index)

        login = DTMLMethod()
        login.munge('Please log in first.')
        login._setId('login_form')
        root._setObject(login.getId(), login)

        protected = DTMLMethod()
        protected._View_Permission = ('Manager',)
        protected.munge('This is the protected view')
        protected._setId('protected')
        root._setObject(protected.getId(), protected)

        self.responseOut = StringIO()
        self.req = makerequest(root, self.responseOut)

        self.credentials = urllib.quote(
            base64.encodestring('abraham:pass-w').rstrip())
示例#11
0
class UserFolderTests(unittest.TestCase):

    def setUp(self):
        transaction.begin()
        self.app = makerequest(Zope2.app())
        try:
            # Set up a user and role
            self.uf = UserFolder().__of__(self.app)    
            self.uf._doAddUser('user1', 'secret', ['role1'], [])
            self.app._addRole('role1')
            self.app.manage_role('role1', ['View'])
            # Set up a published object accessible to user
            self.app.addDTMLMethod('doc', file='')
            self.app.doc.manage_permission('View', ['role1'], acquire=0)
            # Rig the REQUEST so it looks like we traversed to doc
            self.app.REQUEST.set('PUBLISHED', self.app.doc)
            self.app.REQUEST.set('PARENTS', [self.app])
            self.app.REQUEST.steps = ['doc']
            self.basic = 'Basic %s' % base64.encodestring('user1:secret')
        except:
            self.tearDown()
            raise

    def tearDown(self):
        noSecurityManager()
        transaction.abort()
        self.app._p_jar.close()

    def login(self, name):
        user = self.uf.getUserById(name)
        user = user.__of__(self.uf)
        newSecurityManager(None, user)

    def test_z3interfaces(self):
        from AccessControl.interfaces import IStandardUserFolder
        from AccessControl.User import UserFolder
        from zope.interface.verify import verifyClass

        verifyClass(IStandardUserFolder, UserFolder)

    def testGetUser(self):
        self.failIfEqual(self.uf.getUser('user1'), None)

    def testGetBadUser(self):
        self.assertEqual(self.uf.getUser('user2'), None)

    def testGetUserById(self):
        self.failIfEqual(self.uf.getUserById('user1'), None)

    def testGetBadUserById(self):
        self.assertEqual(self.uf.getUserById('user2'), None)

    def testGetUsers(self):
        users = self.uf.getUsers()
        self.failUnless(users)
        self.assertEqual(users[0].getUserName(), 'user1')

    def testGetUserNames(self):
        names = self.uf.getUserNames()
        self.failUnless(names)
        self.assertEqual(names[0], 'user1')

    def testIdentify(self):
        name, password = self.uf.identify(self.basic)
        self.assertEqual(name, 'user1')
        self.assertEqual(password, 'secret')

    def testGetRoles(self):
        user = self.uf.getUser('user1')
        self.failUnless('role1' in user.getRoles())

    def testGetRolesInContext(self):
        user = self.uf.getUser('user1')
        self.app.manage_addLocalRoles('user1', ['Owner'])
        roles = user.getRolesInContext(self.app)
        self.failUnless('role1' in roles)
        self.failUnless('Owner' in roles)

    def testHasRole(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.has_role('role1', self.app))

    def testHasLocalRole(self):
        user = self.uf.getUser('user1')
        self.app.manage_addLocalRoles('user1', ['Owner'])
        self.failUnless(user.has_role('Owner', self.app))

    def testHasPermission(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.has_permission('View', self.app))
        self.app.manage_role('role1', ['Add Folders'])
        self.failUnless(user.has_permission('Add Folders', self.app))

    def testHasLocalRolePermission(self):
        user = self.uf.getUser('user1')
        self.app.manage_role('Owner', ['Add Folders'])
        self.app.manage_addLocalRoles('user1', ['Owner'])
        self.failUnless(user.has_permission('Add Folders', self.app))
        
    def testAuthenticate(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.authenticate('secret', self.app.REQUEST))

    def testValidate(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, ['role1'])
        self.failIfEqual(user, None)
        self.assertEqual(user.getUserName(), 'user1')

    def testNotValidateWithoutAuth(self):
        user = self.uf.validate(self.app.REQUEST, '', ['role1'])
        self.assertEqual(user, None)

    def testValidateWithoutRoles(self):
        # Note - calling uf.validate without specifying roles will cause
        # the security machinery to determine the needed roles by looking
        # at the object itself (or its container). I'm putting this note
        # in to clarify because the original test expected failure but it
        # really should have expected success, since the user and the
        # object being checked both have the role 'role1', even though no
        # roles are passed explicitly to the userfolder validate method.
        user = self.uf.validate(self.app.REQUEST, self.basic)
        self.assertEqual(user.getUserName(), 'user1')

    def testNotValidateWithEmptyRoles(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, [])
        self.assertEqual(user, None)

    def testNotValidateWithWrongRoles(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager'])
        self.assertEqual(user, None)

    def testAllowAccessToUser(self):
        self.login('user1')
        try:
            self.app.restrictedTraverse('doc')
        except Unauthorized:
            self.fail('Unauthorized')

    def testDenyAccessToAnonymous(self):
        self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc')

    def testMaxListUsers(self):
        # create a folder-ish thing which contains a roleManager,
        # then put an acl_users object into the folde-ish thing

        class Folderish(BasicUserFolder):
            def __init__(self, size, count):
                self.maxlistusers = size
                self.users = []
                self.acl_users = self
                self.__allow_groups__ = self
                for i in xrange(count):
                    self.users.append("Nobody")

            def getUsers(self):
                return self.users

            def user_names(self):
                return self.getUsers()


        tinyFolderOver = Folderish(15, 20)
        tinyFolderUnder = Folderish(15, 10)

        assert tinyFolderOver.maxlistusers == 15
        assert tinyFolderUnder.maxlistusers == 15
        assert len(tinyFolderOver.user_names()) == 20
        assert len(tinyFolderUnder.user_names()) == 10

        try:
            list = tinyFolderOver.get_valid_userids()
            assert 0, "Did not raise overflow error"
        except OverflowError:
            pass

        try:
            list = tinyFolderUnder.get_valid_userids()
            pass
        except OverflowError:
            assert 0, "Raised overflow error erroneously"

    def test__doAddUser_with_not_yet_encrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'not_yet_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)    
        uf.encrypt_passwords = True
        self.failIf(uf._isPasswordEncrypted(PASSWORD))

        uf._doAddUser(USER_ID, PASSWORD, [], [])
        user = uf.getUserById(USER_ID)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))

    def test__doAddUser_with_preencrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'already_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)    
        uf.encrypt_passwords = True
        ENCRYPTED = uf._encryptPassword(PASSWORD)

        uf._doAddUser(USER_ID, ENCRYPTED, [], [])
        user = uf.getUserById(USER_ID)
        self.assertEqual(user.__, ENCRYPTED)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))
示例#12
0
    def test_security_attributes(self):
        conn = self.db.open()
        try:
            app = conn.root()['Application']
            f = Folder()
            f.id = 'Holidays'
            app._setObject(f.id, f, set_owner=0)
            f = app.Holidays
            u = UserFolder()
            u.id = 'acl_users'
            f._setObject(u.id, u, set_owner=0)
            u._doAddUser('shane', 'abcdefg', ('Elder',), ())

            f._owner = (['Holidays', 'acl_users'], 'shane')
            f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
            f.__ac_local_roles__ = {'shane': ['Missionary']}
            f._proxy_roles = ['Manager']
            f._View_Permission = ('Owner', 'Elder')
            f._Add_Folders_Permission = ['Elder']

            transaction.commit()

            conn2 = self.db.open()
            try:
                # Verify that loading works
                app = conn2.root()['Application']
                f2 = app.Holidays
                user = f2.getOwner()
                self.assertEqual(user.getUserName(), 'shane')
                self.assert_('Elder' in user.getRoles())
                self.assertEqual(
                    list(f2.__ac_roles__), ['Elder', 'Manager', 'Missionary'])

                roles = {}
                for role in list(user.getRolesInContext(f2)):
                    if role != 'Authenticated' and role != 'Anonymous':
                        roles[role] = 1
                self.assertEqual(roles, {'Elder':1, 'Missionary':1})
                self.assertEqual(tuple(f2._proxy_roles), ('Manager',))

                self.assert_(isinstance(f2._View_Permission, TupleType),
                             "View permission should not be acquired")
                self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
                             "Add Folders permission should be acquired")
                roles = {}
                for role in list(f2._View_Permission):
                    roles[role] = 1
                self.assertEqual(roles, {'Elder':1, 'Owner':1})

                # Write some changes to verify that changes work
                f2._owner = None
                del f2._proxy_roles
                f2.__ac_roles__ += ('Teacher',)
                transaction.commit()
            finally:
                conn2.close()

            # Make sure the changes are seen
            conn.sync()
            self.assert_(f.getOwner() is None, f.getOwner())
            self.assert_(not hasattr(f, '_proxy_roles'))
            self.assertEqual(
                list(f.__ac_roles__),
                ['Elder', 'Manager', 'Missionary', 'Teacher'])
        finally:
            conn.close()
示例#13
0
    def test_security_attributes(self):
        conn = self.db.open()
        try:
            app = conn.root()['Application']
            f = Folder()
            f.id = 'Holidays'
            app._setObject(f.id, f, set_owner=0)
            f = app.Holidays
            u = UserFolder()
            u.id = 'acl_users'
            f._setObject(u.id, u, set_owner=0)
            u._doAddUser('shane', 'abcdefg', ('Elder', ), ())

            f._owner = (['Holidays', 'acl_users'], 'shane')
            f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
            f.__ac_local_roles__ = {'shane': ['Missionary']}
            f._proxy_roles = ['Manager']
            f._View_Permission = ('Owner', 'Elder')
            f._Add_Folders_Permission = ['Elder']

            transaction.commit()

            conn2 = self.db.open()
            try:
                # Verify that loading works
                app = conn2.root()['Application']
                f2 = app.Holidays
                user = f2.getOwner()
                self.assertEqual(user.getUserName(), 'shane')
                self.assert_('Elder' in user.getRoles())
                self.assertEqual(list(f2.__ac_roles__),
                                 ['Elder', 'Manager', 'Missionary'])

                roles = {}
                for role in list(user.getRolesInContext(f2)):
                    if role != 'Authenticated' and role != 'Anonymous':
                        roles[role] = 1
                self.assertEqual(roles, {'Elder': 1, 'Missionary': 1})
                self.assertEqual(tuple(f2._proxy_roles), ('Manager', ))

                self.assert_(isinstance(f2._View_Permission, TupleType),
                             "View permission should not be acquired")
                self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
                             "Add Folders permission should be acquired")
                roles = {}
                for role in list(f2._View_Permission):
                    roles[role] = 1
                self.assertEqual(roles, {'Elder': 1, 'Owner': 1})

                # Write some changes to verify that changes work
                f2._owner = None
                del f2._proxy_roles
                f2.__ac_roles__ += ('Teacher', )
                transaction.commit()
            finally:
                conn2.close()

            # Make sure the changes are seen
            conn.sync()
            self.assert_(f.getOwner() is None, f.getOwner())
            self.assert_(not hasattr(f, '_proxy_roles'))
            self.assertEqual(list(f.__ac_roles__),
                             ['Elder', 'Manager', 'Missionary', 'Teacher'])
        finally:
            conn.close()
示例#14
0
class UserFolderTests(unittest.TestCase):
    def setUp(self):
        transaction.begin()
        self.app = makerequest(Zope2.app())
        try:
            # Set up a user and role
            self.uf = UserFolder().__of__(self.app)
            self.uf._doAddUser('user1', 'secret', ['role1'], [])
            self.app._addRole('role1')
            self.app.manage_role('role1', ['View'])
            # Set up a published object accessible to user
            self.app.addDTMLMethod('doc', file='')
            self.app.doc.manage_permission('View', ['role1'], acquire=0)
            # Rig the REQUEST so it looks like we traversed to doc
            self.app.REQUEST.set('PUBLISHED', self.app.doc)
            self.app.REQUEST.set('PARENTS', [self.app])
            self.app.REQUEST.steps = ['doc']
            self.basic = 'Basic %s' % base64.encodestring('user1:secret')
        except:
            self.tearDown()
            raise

    def tearDown(self):
        noSecurityManager()
        transaction.abort()
        self.app._p_jar.close()

    def login(self, name):
        user = self.uf.getUserById(name)
        user = user.__of__(self.uf)
        newSecurityManager(None, user)

    def test_z3interfaces(self):
        from AccessControl.interfaces import IStandardUserFolder
        from AccessControl.User import UserFolder
        from zope.interface.verify import verifyClass

        verifyClass(IStandardUserFolder, UserFolder)

    def testGetUser(self):
        self.failIfEqual(self.uf.getUser('user1'), None)

    def testGetBadUser(self):
        self.assertEqual(self.uf.getUser('user2'), None)

    def testGetUserById(self):
        self.failIfEqual(self.uf.getUserById('user1'), None)

    def testGetBadUserById(self):
        self.assertEqual(self.uf.getUserById('user2'), None)

    def testGetUsers(self):
        users = self.uf.getUsers()
        self.failUnless(users)
        self.assertEqual(users[0].getUserName(), 'user1')

    def testGetUserNames(self):
        names = self.uf.getUserNames()
        self.failUnless(names)
        self.assertEqual(names[0], 'user1')

    def testIdentify(self):
        name, password = self.uf.identify(self.basic)
        self.assertEqual(name, 'user1')
        self.assertEqual(password, 'secret')

    def testGetRoles(self):
        user = self.uf.getUser('user1')
        self.failUnless('role1' in user.getRoles())

    def testGetRolesInContext(self):
        user = self.uf.getUser('user1')
        self.app.manage_addLocalRoles('user1', ['Owner'])
        roles = user.getRolesInContext(self.app)
        self.failUnless('role1' in roles)
        self.failUnless('Owner' in roles)

    def testHasRole(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.has_role('role1', self.app))

    def testHasLocalRole(self):
        user = self.uf.getUser('user1')
        self.app.manage_addLocalRoles('user1', ['Owner'])
        self.failUnless(user.has_role('Owner', self.app))

    def testHasPermission(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.has_permission('View', self.app))
        self.app.manage_role('role1', ['Add Folders'])
        self.failUnless(user.has_permission('Add Folders', self.app))

    def testHasLocalRolePermission(self):
        user = self.uf.getUser('user1')
        self.app.manage_role('Owner', ['Add Folders'])
        self.app.manage_addLocalRoles('user1', ['Owner'])
        self.failUnless(user.has_permission('Add Folders', self.app))

    def testAuthenticate(self):
        user = self.uf.getUser('user1')
        self.failUnless(user.authenticate('secret', self.app.REQUEST))

    def testValidate(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, ['role1'])
        self.failIfEqual(user, None)
        self.assertEqual(user.getUserName(), 'user1')

    def testNotValidateWithoutAuth(self):
        user = self.uf.validate(self.app.REQUEST, '', ['role1'])
        self.assertEqual(user, None)

    def testValidateWithoutRoles(self):
        # Note - calling uf.validate without specifying roles will cause
        # the security machinery to determine the needed roles by looking
        # at the object itself (or its container). I'm putting this note
        # in to clarify because the original test expected failure but it
        # really should have expected success, since the user and the
        # object being checked both have the role 'role1', even though no
        # roles are passed explicitly to the userfolder validate method.
        user = self.uf.validate(self.app.REQUEST, self.basic)
        self.assertEqual(user.getUserName(), 'user1')

    def testNotValidateWithEmptyRoles(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, [])
        self.assertEqual(user, None)

    def testNotValidateWithWrongRoles(self):
        user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager'])
        self.assertEqual(user, None)

    def testAllowAccessToUser(self):
        self.login('user1')
        try:
            self.app.restrictedTraverse('doc')
        except Unauthorized:
            self.fail('Unauthorized')

    def testDenyAccessToAnonymous(self):
        self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc')

    def testMaxListUsers(self):
        # create a folder-ish thing which contains a roleManager,
        # then put an acl_users object into the folde-ish thing

        class Folderish(BasicUserFolder):
            def __init__(self, size, count):
                self.maxlistusers = size
                self.users = []
                self.acl_users = self
                self.__allow_groups__ = self
                for i in xrange(count):
                    self.users.append("Nobody")

            def getUsers(self):
                return self.users

            def user_names(self):
                return self.getUsers()

        tinyFolderOver = Folderish(15, 20)
        tinyFolderUnder = Folderish(15, 10)

        assert tinyFolderOver.maxlistusers == 15
        assert tinyFolderUnder.maxlistusers == 15
        assert len(tinyFolderOver.user_names()) == 20
        assert len(tinyFolderUnder.user_names()) == 10

        try:
            list = tinyFolderOver.get_valid_userids()
            assert 0, "Did not raise overflow error"
        except OverflowError:
            pass

        try:
            list = tinyFolderUnder.get_valid_userids()
            pass
        except OverflowError:
            assert 0, "Raised overflow error erroneously"

    def test__doAddUser_with_not_yet_encrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'not_yet_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)
        uf.encrypt_passwords = True
        self.failIf(uf._isPasswordEncrypted(PASSWORD))

        uf._doAddUser(USER_ID, PASSWORD, [], [])
        user = uf.getUserById(USER_ID)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))

    def test__doAddUser_with_preencrypted_passwords(self):
        # See collector #1869 && #1926
        from AccessControl.AuthEncoding import pw_validate

        USER_ID = 'already_encrypted'
        PASSWORD = '******'

        uf = UserFolder().__of__(self.app)
        uf.encrypt_passwords = True
        ENCRYPTED = uf._encryptPassword(PASSWORD)

        uf._doAddUser(USER_ID, ENCRYPTED, [], [])
        user = uf.getUserById(USER_ID)
        self.assertEqual(user.__, ENCRYPTED)
        self.failUnless(uf._isPasswordEncrypted(user.__))
        self.failUnless(pw_validate(user.__, PASSWORD))