def test__doAddUser_with_not_yet_encrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'not_yet_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
uf._doAddUser(USER_ID, PASSWORD, [], [])
user = uf.getUserById(USER_ID)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_not_yet_encrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'not_yet_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
uf._doAddUser(USER_ID, PASSWORD, [], [])
user = uf.getUserById(USER_ID)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_preencrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'already_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
uf._doAddUser(USER_ID, ENCRYPTED, [], [])
user = uf.getUserById(USER_ID)
self.assertEqual(user.__, ENCRYPTED)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_preencrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'already_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
uf._doAddUser(USER_ID, ENCRYPTED, [], [])
user = uf.getUserById(USER_ID)
self.assertEqual(user.__, ENCRYPTED)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def _makeSite(self):
import base64
from cStringIO import StringIO
import urllib
from AccessControl.User import UserFolder
from OFS.Folder import Folder
from OFS.DTMLMethod import DTMLMethod
root = Folder()
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous',)
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
users._doAddUser('isaac', 'pass-w', ('Son',), ())
root._setObject(users.id, users)
cc = self._makeOne()
cc.id = self._CC_ID
root._setObject(cc.id, cc)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager',)
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
req = makerequest(root, StringIO())
self._finally = req.close
credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
return root, cc, req, credentials
def _makeSite(self):
import base64
from cStringIO import StringIO
import urllib
from AccessControl.User import UserFolder
from OFS.Folder import Folder
from OFS.DTMLMethod import DTMLMethod
root = Folder()
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous', )
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
users._doAddUser('isaac', 'pass-w', ('Son', ), ())
root._setObject(users.id, users)
cc = self._makeOne()
cc.id = self._CC_ID
root._setObject(cc.id, cc)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager', )
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
req = makerequest(root, StringIO())
self._finally = req.close
credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
return root, cc, req, credentials
def test_store_user_folder(self):
conn = self.db.open()
try:
app = conn.root()['Application']
if hasattr(app, 'acl_users'):
app._delObject('acl_users')
f = UserFolder()
f.id = 'acl_users'
app._setObject(f.id, f, set_owner=0)
f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ())
f._doAddUser('joe', '123', ('Geek',), ())
transaction.commit()
# Be sure ZODB sees the unmanaged persistent objects
u = f.data['ned']
self.assertEqual(f.data._p_oid, 'unmanaged')
self.assertEqual(u._p_oid, 'unmanaged')
# Make some changes
u.roles = ('Knight', 'King')
u.domains = ('localhost',)
del f.data['joe'] # Test user deletion
transaction.commit()
conn2 = self.db.open()
try:
app = conn2.root()['Application']
ff = app.acl_users
self.assert_(aq_base(app.__allow_groups__) is aq_base(ff))
self.assertEqual(len(ff.data), 1)
user = ff.data['ned']
self.assertEqual(user.name, 'ned')
self.assertEqual(len(user.roles), 2)
self.assert_('Knight' in user.roles)
self.assert_('King' in user.roles)
self.assertEqual(user.domains, ('localhost',))
self.assert_(user is not u)
finally:
conn2.close()
finally:
conn.close()
def test_store_user_folder(self):
conn = self.db.open()
try:
app = conn.root()['Application']
if hasattr(app, 'acl_users'):
app._delObject('acl_users')
f = UserFolder()
f.id = 'acl_users'
app._setObject(f.id, f, set_owner=0)
f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ())
f._doAddUser('joe', '123', ('Geek', ), ())
transaction.commit()
# Be sure ZODB sees the unmanaged persistent objects
u = f.data['ned']
self.assertEqual(f.data._p_oid, 'unmanaged')
self.assertEqual(u._p_oid, 'unmanaged')
# Make some changes
u.roles = ('Knight', 'King')
u.domains = ('localhost', )
del f.data['joe'] # Test user deletion
transaction.commit()
conn2 = self.db.open()
try:
app = conn2.root()['Application']
ff = app.acl_users
self.assert_(aq_base(app.__allow_groups__) is aq_base(ff))
self.assertEqual(len(ff.data), 1)
user = ff.data['ned']
self.assertEqual(user.name, 'ned')
self.assertEqual(len(user.roles), 2)
self.assert_('Knight' in user.roles)
self.assert_('King' in user.roles)
self.assertEqual(user.domains, ('localhost', ))
self.assert_(user is not u)
finally:
conn2.close()
finally:
conn.close()
def setUp(self):
root = Folder()
self.root = root
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous', )
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
users._doAddUser('isaac', 'pass-w', ('Son', ), ())
root._setObject(users.id, users)
cc = CookieCrumbler()
cc.id = 'cookie_authentication'
root._setObject(cc.id, cc)
self.cc = getattr(root, cc.id)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager', )
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
self.responseOut = StringIO()
self.req = makerequest(root, self.responseOut)
self.credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
def setUp(self):
root = Folder()
self.root = root
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous',)
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
users._doAddUser('isaac', 'pass-w', ('Son',), ())
root._setObject(users.id, users)
cc = CookieCrumbler()
cc.id = 'cookie_authentication'
root._setObject(cc.id, cc)
self.cc = getattr(root, cc.id)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager',)
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
self.responseOut = StringIO()
self.req = makerequest(root, self.responseOut)
self.credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
class UserFolderTests(unittest.TestCase):
def setUp(self):
transaction.begin()
self.app = makerequest(Zope2.app())
try:
# Set up a user and role
self.uf = UserFolder().__of__(self.app)
self.uf._doAddUser('user1', 'secret', ['role1'], [])
self.app._addRole('role1')
self.app.manage_role('role1', ['View'])
# Set up a published object accessible to user
self.app.addDTMLMethod('doc', file='')
self.app.doc.manage_permission('View', ['role1'], acquire=0)
# Rig the REQUEST so it looks like we traversed to doc
self.app.REQUEST.set('PUBLISHED', self.app.doc)
self.app.REQUEST.set('PARENTS', [self.app])
self.app.REQUEST.steps = ['doc']
self.basic = 'Basic %s' % base64.encodestring('user1:secret')
except:
self.tearDown()
raise
def tearDown(self):
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
def login(self, name):
user = self.uf.getUserById(name)
user = user.__of__(self.uf)
newSecurityManager(None, user)
def test_z3interfaces(self):
from AccessControl.interfaces import IStandardUserFolder
from AccessControl.User import UserFolder
from zope.interface.verify import verifyClass
verifyClass(IStandardUserFolder, UserFolder)
def testGetUser(self):
self.failIfEqual(self.uf.getUser('user1'), None)
def testGetBadUser(self):
self.assertEqual(self.uf.getUser('user2'), None)
def testGetUserById(self):
self.failIfEqual(self.uf.getUserById('user1'), None)
def testGetBadUserById(self):
self.assertEqual(self.uf.getUserById('user2'), None)
def testGetUsers(self):
users = self.uf.getUsers()
self.failUnless(users)
self.assertEqual(users[0].getUserName(), 'user1')
def testGetUserNames(self):
names = self.uf.getUserNames()
self.failUnless(names)
self.assertEqual(names[0], 'user1')
def testIdentify(self):
name, password = self.uf.identify(self.basic)
self.assertEqual(name, 'user1')
self.assertEqual(password, 'secret')
def testGetRoles(self):
user = self.uf.getUser('user1')
self.failUnless('role1' in user.getRoles())
def testGetRolesInContext(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
roles = user.getRolesInContext(self.app)
self.failUnless('role1' in roles)
self.failUnless('Owner' in roles)
def testHasRole(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_role('role1', self.app))
def testHasLocalRole(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_role('Owner', self.app))
def testHasPermission(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_permission('View', self.app))
self.app.manage_role('role1', ['Add Folders'])
self.failUnless(user.has_permission('Add Folders', self.app))
def testHasLocalRolePermission(self):
user = self.uf.getUser('user1')
self.app.manage_role('Owner', ['Add Folders'])
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_permission('Add Folders', self.app))
def testAuthenticate(self):
user = self.uf.getUser('user1')
self.failUnless(user.authenticate('secret', self.app.REQUEST))
def testValidate(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['role1'])
self.failIfEqual(user, None)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithoutAuth(self):
user = self.uf.validate(self.app.REQUEST, '', ['role1'])
self.assertEqual(user, None)
def testValidateWithoutRoles(self):
# Note - calling uf.validate without specifying roles will cause
# the security machinery to determine the needed roles by looking
# at the object itself (or its container). I'm putting this note
# in to clarify because the original test expected failure but it
# really should have expected success, since the user and the
# object being checked both have the role 'role1', even though no
# roles are passed explicitly to the userfolder validate method.
user = self.uf.validate(self.app.REQUEST, self.basic)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithEmptyRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, [])
self.assertEqual(user, None)
def testNotValidateWithWrongRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager'])
self.assertEqual(user, None)
def testAllowAccessToUser(self):
self.login('user1')
try:
self.app.restrictedTraverse('doc')
except Unauthorized:
self.fail('Unauthorized')
def testDenyAccessToAnonymous(self):
self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc')
def testMaxListUsers(self):
# create a folder-ish thing which contains a roleManager,
# then put an acl_users object into the folde-ish thing
class Folderish(BasicUserFolder):
def __init__(self, size, count):
self.maxlistusers = size
self.users = []
self.acl_users = self
self.__allow_groups__ = self
for i in xrange(count):
self.users.append("Nobody")
def getUsers(self):
return self.users
def user_names(self):
return self.getUsers()
tinyFolderOver = Folderish(15, 20)
tinyFolderUnder = Folderish(15, 10)
assert tinyFolderOver.maxlistusers == 15
assert tinyFolderUnder.maxlistusers == 15
assert len(tinyFolderOver.user_names()) == 20
assert len(tinyFolderUnder.user_names()) == 10
try:
list = tinyFolderOver.get_valid_userids()
assert 0, "Did not raise overflow error"
except OverflowError:
pass
try:
list = tinyFolderUnder.get_valid_userids()
pass
except OverflowError:
assert 0, "Raised overflow error erroneously"
def test__doAddUser_with_not_yet_encrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'not_yet_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
uf._doAddUser(USER_ID, PASSWORD, [], [])
user = uf.getUserById(USER_ID)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_preencrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'already_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
uf._doAddUser(USER_ID, ENCRYPTED, [], [])
user = uf.getUserById(USER_ID)
self.assertEqual(user.__, ENCRYPTED)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test_security_attributes(self):
conn = self.db.open()
try:
app = conn.root()['Application']
f = Folder()
f.id = 'Holidays'
app._setObject(f.id, f, set_owner=0)
f = app.Holidays
u = UserFolder()
u.id = 'acl_users'
f._setObject(u.id, u, set_owner=0)
u._doAddUser('shane', 'abcdefg', ('Elder',), ())
f._owner = (['Holidays', 'acl_users'], 'shane')
f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
f.__ac_local_roles__ = {'shane': ['Missionary']}
f._proxy_roles = ['Manager']
f._View_Permission = ('Owner', 'Elder')
f._Add_Folders_Permission = ['Elder']
transaction.commit()
conn2 = self.db.open()
try:
# Verify that loading works
app = conn2.root()['Application']
f2 = app.Holidays
user = f2.getOwner()
self.assertEqual(user.getUserName(), 'shane')
self.assert_('Elder' in user.getRoles())
self.assertEqual(
list(f2.__ac_roles__), ['Elder', 'Manager', 'Missionary'])
roles = {}
for role in list(user.getRolesInContext(f2)):
if role != 'Authenticated' and role != 'Anonymous':
roles[role] = 1
self.assertEqual(roles, {'Elder':1, 'Missionary':1})
self.assertEqual(tuple(f2._proxy_roles), ('Manager',))
self.assert_(isinstance(f2._View_Permission, TupleType),
"View permission should not be acquired")
self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
"Add Folders permission should be acquired")
roles = {}
for role in list(f2._View_Permission):
roles[role] = 1
self.assertEqual(roles, {'Elder':1, 'Owner':1})
# Write some changes to verify that changes work
f2._owner = None
del f2._proxy_roles
f2.__ac_roles__ += ('Teacher',)
transaction.commit()
finally:
conn2.close()
# Make sure the changes are seen
conn.sync()
self.assert_(f.getOwner() is None, f.getOwner())
self.assert_(not hasattr(f, '_proxy_roles'))
self.assertEqual(
list(f.__ac_roles__),
['Elder', 'Manager', 'Missionary', 'Teacher'])
finally:
conn.close()
def test_security_attributes(self):
conn = self.db.open()
try:
app = conn.root()['Application']
f = Folder()
f.id = 'Holidays'
app._setObject(f.id, f, set_owner=0)
f = app.Holidays
u = UserFolder()
u.id = 'acl_users'
f._setObject(u.id, u, set_owner=0)
u._doAddUser('shane', 'abcdefg', ('Elder', ), ())
f._owner = (['Holidays', 'acl_users'], 'shane')
f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
f.__ac_local_roles__ = {'shane': ['Missionary']}
f._proxy_roles = ['Manager']
f._View_Permission = ('Owner', 'Elder')
f._Add_Folders_Permission = ['Elder']
transaction.commit()
conn2 = self.db.open()
try:
# Verify that loading works
app = conn2.root()['Application']
f2 = app.Holidays
user = f2.getOwner()
self.assertEqual(user.getUserName(), 'shane')
self.assert_('Elder' in user.getRoles())
self.assertEqual(list(f2.__ac_roles__),
['Elder', 'Manager', 'Missionary'])
roles = {}
for role in list(user.getRolesInContext(f2)):
if role != 'Authenticated' and role != 'Anonymous':
roles[role] = 1
self.assertEqual(roles, {'Elder': 1, 'Missionary': 1})
self.assertEqual(tuple(f2._proxy_roles), ('Manager', ))
self.assert_(isinstance(f2._View_Permission, TupleType),
"View permission should not be acquired")
self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
"Add Folders permission should be acquired")
roles = {}
for role in list(f2._View_Permission):
roles[role] = 1
self.assertEqual(roles, {'Elder': 1, 'Owner': 1})
# Write some changes to verify that changes work
f2._owner = None
del f2._proxy_roles
f2.__ac_roles__ += ('Teacher', )
transaction.commit()
finally:
conn2.close()
# Make sure the changes are seen
conn.sync()
self.assert_(f.getOwner() is None, f.getOwner())
self.assert_(not hasattr(f, '_proxy_roles'))
self.assertEqual(list(f.__ac_roles__),
['Elder', 'Manager', 'Missionary', 'Teacher'])
finally:
conn.close()
class UserFolderTests(unittest.TestCase):
def setUp(self):
transaction.begin()
self.app = makerequest(Zope2.app())
try:
# Set up a user and role
self.uf = UserFolder().__of__(self.app)
self.uf._doAddUser('user1', 'secret', ['role1'], [])
self.app._addRole('role1')
self.app.manage_role('role1', ['View'])
# Set up a published object accessible to user
self.app.addDTMLMethod('doc', file='')
self.app.doc.manage_permission('View', ['role1'], acquire=0)
# Rig the REQUEST so it looks like we traversed to doc
self.app.REQUEST.set('PUBLISHED', self.app.doc)
self.app.REQUEST.set('PARENTS', [self.app])
self.app.REQUEST.steps = ['doc']
self.basic = 'Basic %s' % base64.encodestring('user1:secret')
except:
self.tearDown()
raise
def tearDown(self):
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
def login(self, name):
user = self.uf.getUserById(name)
user = user.__of__(self.uf)
newSecurityManager(None, user)
def test_z3interfaces(self):
from AccessControl.interfaces import IStandardUserFolder
from AccessControl.User import UserFolder
from zope.interface.verify import verifyClass
verifyClass(IStandardUserFolder, UserFolder)
def testGetUser(self):
self.failIfEqual(self.uf.getUser('user1'), None)
def testGetBadUser(self):
self.assertEqual(self.uf.getUser('user2'), None)
def testGetUserById(self):
self.failIfEqual(self.uf.getUserById('user1'), None)
def testGetBadUserById(self):
self.assertEqual(self.uf.getUserById('user2'), None)
def testGetUsers(self):
users = self.uf.getUsers()
self.failUnless(users)
self.assertEqual(users[0].getUserName(), 'user1')
def testGetUserNames(self):
names = self.uf.getUserNames()
self.failUnless(names)
self.assertEqual(names[0], 'user1')
def testIdentify(self):
name, password = self.uf.identify(self.basic)
self.assertEqual(name, 'user1')
self.assertEqual(password, 'secret')
def testGetRoles(self):
user = self.uf.getUser('user1')
self.failUnless('role1' in user.getRoles())
def testGetRolesInContext(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
roles = user.getRolesInContext(self.app)
self.failUnless('role1' in roles)
self.failUnless('Owner' in roles)
def testHasRole(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_role('role1', self.app))
def testHasLocalRole(self):
user = self.uf.getUser('user1')
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_role('Owner', self.app))
def testHasPermission(self):
user = self.uf.getUser('user1')
self.failUnless(user.has_permission('View', self.app))
self.app.manage_role('role1', ['Add Folders'])
self.failUnless(user.has_permission('Add Folders', self.app))
def testHasLocalRolePermission(self):
user = self.uf.getUser('user1')
self.app.manage_role('Owner', ['Add Folders'])
self.app.manage_addLocalRoles('user1', ['Owner'])
self.failUnless(user.has_permission('Add Folders', self.app))
def testAuthenticate(self):
user = self.uf.getUser('user1')
self.failUnless(user.authenticate('secret', self.app.REQUEST))
def testValidate(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['role1'])
self.failIfEqual(user, None)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithoutAuth(self):
user = self.uf.validate(self.app.REQUEST, '', ['role1'])
self.assertEqual(user, None)
def testValidateWithoutRoles(self):
# Note - calling uf.validate without specifying roles will cause
# the security machinery to determine the needed roles by looking
# at the object itself (or its container). I'm putting this note
# in to clarify because the original test expected failure but it
# really should have expected success, since the user and the
# object being checked both have the role 'role1', even though no
# roles are passed explicitly to the userfolder validate method.
user = self.uf.validate(self.app.REQUEST, self.basic)
self.assertEqual(user.getUserName(), 'user1')
def testNotValidateWithEmptyRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, [])
self.assertEqual(user, None)
def testNotValidateWithWrongRoles(self):
user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager'])
self.assertEqual(user, None)
def testAllowAccessToUser(self):
self.login('user1')
try:
self.app.restrictedTraverse('doc')
except Unauthorized:
self.fail('Unauthorized')
def testDenyAccessToAnonymous(self):
self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc')
def testMaxListUsers(self):
# create a folder-ish thing which contains a roleManager,
# then put an acl_users object into the folde-ish thing
class Folderish(BasicUserFolder):
def __init__(self, size, count):
self.maxlistusers = size
self.users = []
self.acl_users = self
self.__allow_groups__ = self
for i in xrange(count):
self.users.append("Nobody")
def getUsers(self):
return self.users
def user_names(self):
return self.getUsers()
tinyFolderOver = Folderish(15, 20)
tinyFolderUnder = Folderish(15, 10)
assert tinyFolderOver.maxlistusers == 15
assert tinyFolderUnder.maxlistusers == 15
assert len(tinyFolderOver.user_names()) == 20
assert len(tinyFolderUnder.user_names()) == 10
try:
list = tinyFolderOver.get_valid_userids()
assert 0, "Did not raise overflow error"
except OverflowError:
pass
try:
list = tinyFolderUnder.get_valid_userids()
pass
except OverflowError:
assert 0, "Raised overflow error erroneously"
def test__doAddUser_with_not_yet_encrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'not_yet_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
self.failIf(uf._isPasswordEncrypted(PASSWORD))
uf._doAddUser(USER_ID, PASSWORD, [], [])
user = uf.getUserById(USER_ID)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
def test__doAddUser_with_preencrypted_passwords(self):
# See collector #1869 && #1926
from AccessControl.AuthEncoding import pw_validate
USER_ID = 'already_encrypted'
PASSWORD = '******'
uf = UserFolder().__of__(self.app)
uf.encrypt_passwords = True
ENCRYPTED = uf._encryptPassword(PASSWORD)
uf._doAddUser(USER_ID, ENCRYPTED, [], [])
user = uf.getUserById(USER_ID)
self.assertEqual(user.__, ENCRYPTED)
self.failUnless(uf._isPasswordEncrypted(user.__))
self.failUnless(pw_validate(user.__, PASSWORD))
