def test__findUser_with_groups_ignoring_one(self): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) foo = DummyPlugin() directlyProvides(foo, (IGroupsPlugin, )) foo.getGroupsForPrincipal = lambda user, req: ('group1', 'group2') bar = DummyPlugin() directlyProvides(bar, (IGroupsPlugin, )) bar.getGroupsForPrincipal = lambda user, req: ('group3', 'group4') zcuf._setObject('foo', foo) zcuf._setObject('bar', bar) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IGroupsPlugin, 'foo') plugins.activatePlugin(IGroupsPlugin, 'bar') user = zcuf._findUser(plugins, 'someone') groups = zcuf._getGroupsForPrincipal(user, plugins=plugins, ignore_plugins=('bar', )) self.assertEqual(len(groups), 2) self.failIf('bar:group3' in groups) self.failIf('bar:group4' in groups)
def _makeGroupPlugin(self, id, groups=()): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin gp = DummyGroupPlugin(id, groups=groups) directlyProvides( gp, (IGroupsPlugin,) ) return gp
def test__findUser_with_groups_ignoring_one( self ): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) foo = DummyPlugin() directlyProvides( foo, ( IGroupsPlugin, ) ) foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' ) bar = DummyPlugin() directlyProvides( bar, ( IGroupsPlugin, ) ) bar.getGroupsForPrincipal = lambda user, req: ( 'group3', 'group4' ) zcuf._setObject( 'foo', foo ) zcuf._setObject( 'bar', bar ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IGroupsPlugin , 'foo' ) plugins.activatePlugin( IGroupsPlugin , 'bar' ) user = zcuf._findUser( plugins, 'someone' ) groups = zcuf._getGroupsForPrincipal( user, plugins=plugins , ignore_plugins=( 'bar', ) ) self.assertEqual( len( groups ), 2 ) self.failIf( 'bar:group3' in groups ) self.failIf( 'bar:group4' in groups )
def test__extractUserIds_cache(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) login = DummyPlugin() directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin)) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject('login', login) extra = DummyPlugin() directlyProvides(extra, (IExtractionPlugin, IAuthenticationPlugin)) extra.extractCredentials = _extractExtra extra.authenticateCredentials = _authExtra zcuf._setObject('extra', extra) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'extra') plugins.activatePlugin(IExtractionPlugin, 'login') plugins.activatePlugin(IAuthenticationPlugin, 'extra') plugins.activatePlugin(IAuthenticationPlugin, 'login') cache = {} request = FauxRequest(form={ 'login': '******', 'password': '******' }, extra='qux') user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins, cache=cache) self.assertEqual(len(user_ids), 2) self.assertEqual(user_ids[0][0], 'extra__qux') self.assertEqual(user_ids[1][0], 'login__foo') self.assertEqual(len(cache), 2) self.failUnless([('login__foo', 'foo')] in cache.values()) self.failUnless([('extra__qux', 'qux')] in cache.values()) key = [x[0] for x in cache.items() if x[1] == [('login__foo', 'foo')]][0] cache[key].append(('forced__baz', 'baz')) user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins, cache=cache) self.assertEqual(len(user_ids), 3, user_ids) self.assertEqual(user_ids[0][0], 'extra__qux') self.assertEqual(user_ids[1][0], 'login__foo') self.assertEqual(user_ids[2][0], 'forced__baz')
def test__extractUserIds_broken_authenticator( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) borked = DummyPlugin() directlyProvides( borked, ( IAuthenticationPlugin, ) ) borked.authenticateCredentials = lambda creds: creds['nonesuch'] zcuf._setObject( 'borked', borked ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'borked' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins ) self.assertEqual( len( user_ids ), 1 ) self.assertEqual( user_ids[ 0 ][0], 'login__foo' )
def test__findUser_with_userfactory_plugin( self ): from Products.PluggableAuthService.interfaces.plugins \ import IUserFactoryPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) bar = DummyPlugin() directlyProvides( bar, ( IUserFactoryPlugin, ) ) def _makeUser( user_id, name ): user = FauxUser( user_id ) user._name = name return user bar.createUser = _makeUser zcuf._setObject( 'bar', bar ) plugins = zcuf._getOb( 'plugins' ) real_user = zcuf._findUser( plugins, 'someone', 'to watch over me' ) self.failIf( real_user.__class__ is FauxUser ) plugins.activatePlugin( IUserFactoryPlugin , 'bar' ) faux_user = zcuf._findUser( plugins, 'someone', 'to watch over me' ) self.assertEqual( faux_user.getId(), 'someone' ) self.assertEqual( faux_user.getUserName(), 'to watch over me' ) self.failUnless( faux_user.__class__ is FauxUser )
def test__extractUserIds_one_extractor_two_authenticators(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) login = DummyPlugin() directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin)) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject('login', login) always = DummyPlugin() directlyProvides(always, (IAuthenticationPlugin, )) always.authenticateCredentials = lambda creds: ('baz', None) zcuf._setObject('always', always) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'login') plugins.activatePlugin(IAuthenticationPlugin, 'always') plugins.activatePlugin(IAuthenticationPlugin, 'login') request = FauxRequest(form={'login': '******', 'password': '******'}) user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins) self.assertEqual(len(user_ids), 2) self.assertEqual(user_ids[0][0], 'always__baz') self.assertEqual(user_ids[1][0], 'login__foo')
def test__findUser_with_userfactory_plugin(self): from Products.PluggableAuthService.interfaces.plugins \ import IUserFactoryPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) bar = DummyPlugin() directlyProvides(bar, (IUserFactoryPlugin, )) def _makeUser(user_id, name): user = FauxUser(user_id) user._name = name return user bar.createUser = _makeUser zcuf._setObject('bar', bar) plugins = zcuf._getOb('plugins') real_user = zcuf._findUser(plugins, 'someone', 'to watch over me') self.failIf(real_user.__class__ is FauxUser) plugins.activatePlugin(IUserFactoryPlugin, 'bar') faux_user = zcuf._findUser(plugins, 'someone', 'to watch over me') self.assertEqual(faux_user.getId(), 'someone') self.assertEqual(faux_user.getUserName(), 'to watch over me') self.failUnless(faux_user.__class__ is FauxUser)
def test__findUser_with_plugins(self): from Products.PluggableAuthService.interfaces.plugins \ import IPropertiesPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) foo = DummyPlugin() directlyProvides(foo, (IPropertiesPlugin, )) foo.getPropertiesForUser = lambda user, req: {'login': user.getId()} zcuf._setObject('foo', foo) bar = DummyPlugin() directlyProvides(bar, (IPropertiesPlugin, )) bar.getPropertiesForUser = lambda user, req: {'a': 0, 'b': 'bar'} zcuf._setObject('bar', bar) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IPropertiesPlugin, 'foo') plugins.activatePlugin(IPropertiesPlugin, 'bar') user = zcuf._findUser(plugins, 'someone') sheet_ids = user.listPropertysheets() self.assertEqual(len(sheet_ids), 2) self.failUnless('foo' in sheet_ids) self.failUnless('bar' in sheet_ids) foosheet = user['foo'] self.assertEqual(len(foosheet.propertyMap()), 1)
def test__findUser_with_plugins( self ): from Products.PluggableAuthService.interfaces.plugins \ import IPropertiesPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) foo = DummyPlugin() directlyProvides( foo, ( IPropertiesPlugin, ) ) foo.getPropertiesForUser = lambda user, req: { 'login': user.getId() } zcuf._setObject( 'foo', foo ) bar = DummyPlugin() directlyProvides( bar, ( IPropertiesPlugin, ) ) bar.getPropertiesForUser = lambda user, req: { 'a': 0, 'b': 'bar' } zcuf._setObject( 'bar', bar ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IPropertiesPlugin , 'foo' ) plugins.activatePlugin( IPropertiesPlugin , 'bar' ) user = zcuf._findUser( plugins, 'someone' ) sheet_ids = user.listPropertysheets() self.assertEqual( len( sheet_ids ), 2 ) self.failUnless( 'foo' in sheet_ids ) self.failUnless( 'bar' in sheet_ids ) foosheet = user[ 'foo' ] self.assertEqual( len( foosheet.propertyMap() ), 1 )
def test__extractUserIds_broken_authenticator(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) login = DummyPlugin() directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin)) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject('login', login) borked = DummyPlugin() directlyProvides(borked, (IAuthenticationPlugin, )) borked.authenticateCredentials = lambda creds: creds['nonesuch'] zcuf._setObject('borked', borked) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'login') plugins.activatePlugin(IAuthenticationPlugin, 'borked') plugins.activatePlugin(IAuthenticationPlugin, 'login') request = FauxRequest(form={'login': '******', 'password': '******'}) user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins) self.assertEqual(len(user_ids), 1) self.assertEqual(user_ids[0][0], 'login__foo')
def _makeGroupPlugin(self, id, groups=()): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin gp = DummyGroupPlugin(id, groups=groups) directlyProvides(gp, (IGroupsPlugin, )) return gp
def _makeGroupEnumerator( self, group_id ): from Products.PluggableAuthService.interfaces.plugins \ import IGroupEnumerationPlugin enumerator = DummyGroupEnumerator( group_id ) directlyProvides( enumerator, ( IGroupEnumerationPlugin, ) ) return enumerator
def _makeUserEnumerator( self, user_id, login=None ): from Products.PluggableAuthService.interfaces.plugins \ import IUserEnumerationPlugin enumerator = DummyUserEnumerator( user_id, login ) directlyProvides( enumerator, ( IUserEnumerationPlugin, ) ) return enumerator
def _makeUserEnumerator(self, user_id, login=None): from Products.PluggableAuthService.interfaces.plugins \ import IUserEnumerationPlugin enumerator = DummyUserEnumerator(user_id, login) directlyProvides(enumerator, (IUserEnumerationPlugin, )) return enumerator
def _makeGroupEnumerator(self, group_id): from Products.PluggableAuthService.interfaces.plugins \ import IGroupEnumerationPlugin enumerator = DummyGroupEnumerator(group_id) directlyProvides(enumerator, (IGroupEnumerationPlugin, )) return enumerator
def _makeSuperEnumerator( self, user_id, login, group_id ): from Products.PluggableAuthService.interfaces.plugins \ import IUserEnumerationPlugin from Products.PluggableAuthService.interfaces.plugins \ import IGroupEnumerationPlugin enumerator = DummySuperEnumerator( user_id, login, group_id ) directlyProvides( enumerator, ( IUserEnumerationPlugin, IGroupEnumerationPlugin ) ) return enumerator
def _makeSuperEnumerator(self, user_id, login, group_id): from Products.PluggableAuthService.interfaces.plugins \ import IUserEnumerationPlugin from Products.PluggableAuthService.interfaces.plugins \ import IGroupEnumerationPlugin enumerator = DummySuperEnumerator(user_id, login, group_id) directlyProvides(enumerator, (IUserEnumerationPlugin, IGroupEnumerationPlugin)) return enumerator
def test_validate_simple_authenticated( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, \ IAuthenticationPlugin, \ IUserEnumerationPlugin, \ IRolesPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) olivier = DummyPlugin() directlyProvides( olivier, ( IUserEnumerationPlugin, IRolesPlugin ) ) olivier.enumerateUsers = lambda id: id == 'foo' or None olivier.getRolesForPrincipal = lambda user, req: ( user.getId() == 'login__olivier' and ( 'Hamlet', ) or () ) zcuf._setObject( 'olivier', olivier ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) plugins.activatePlugin( IUserEnumerationPlugin, 'olivier' ) plugins.activatePlugin( IRolesPlugin, 'olivier' ) rc, root, folder, object = self._makeTree() index = FauxObject( 'index_html' ) index.__roles__ = ( 'Hamlet', ) acquired_index = index.__of__( root ).__of__( object ) request = FauxRequest( ( 'folder', 'object', 'index_html' ) , RESPONSE=FauxResponse() , PARENTS=[ object, folder, root ] , PUBLISHED=acquired_index.__of__( object ) , form={ 'login' : 'olivier' , 'password' : 'arras' } ) wrapped = zcuf.__of__( root ) validated = wrapped.validate( request ) self.assertEqual( validated.getUserName(), 'olivier' )
def test__extractUserIds_two_extractors_two_authenticators( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) extra = DummyPlugin() directlyProvides( extra, ( IExtractionPlugin, IAuthenticationPlugin ) ) extra.extractCredentials = _extractExtra extra.authenticateCredentials = _authExtra zcuf._setObject( 'extra', extra ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'extra' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'extra' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins ) self.assertEqual( len( user_ids ), 1 ) self.assertEqual( user_ids[ 0 ][0], 'login__foo' ) request[ 'extra' ] = 'qux' user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins ) self.assertEqual( len( user_ids ), 2, user_ids ) self.assertEqual( user_ids[ 0 ][0], 'extra__qux' ) self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
def test_validate_simple_anonymous( self ): from AccessControl.SpecialUsers import nobody from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, \ IAuthenticationPlugin, \ IUserEnumerationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) foo = DummyPlugin() directlyProvides( foo, ( IUserEnumerationPlugin, ) ) foo.enumerateUsers = lambda id: id == 'foo' or None zcuf._setObject( 'foo', foo ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) plugins.activatePlugin( IUserEnumerationPlugin, 'foo' ) rc, root, folder, object = self._makeTree() index = FauxObject( 'index_html' ) index.__roles__ = ( 'Anonymous', ) acquired_index = index.__of__( root ).__of__( object ) request = FauxRequest( ( 'folder', 'object', 'index_html' ) , RESPONSE=FauxResponse() , PARENTS=[ object, folder, root ] , PUBLISHED=acquired_index , form={} ) wrapped = zcuf.__of__( root ) validated = wrapped.validate( request ) self.assertEqual( validated.getUserName(), nobody.getUserName() )
def manage_updateInterfaces(self, interfaces, RESPONSE=None): """ For ZMI update of interfaces. """ pas_instance = self._getPAS() plugins = pas_instance._getOb('plugins') new_interfaces = [] for interface in interfaces: new_interfaces.append(plugins._getInterfaceFromName(interface)) directlyProvides(self, *new_interfaces) if RESPONSE is not None: RESPONSE.redirect('%s/manage_workspace' '?manage_tabs_message=' 'Interfaces+updated.' % self.absolute_url())
def manage_updateInterfaces( self, interfaces, RESPONSE=None ): """ For ZMI update of interfaces. """ parent = aq_parent( aq_inner( self ) ) plugins = parent._getOb( 'plugins' ) new_interfaces = [] for interface in interfaces: new_interfaces.append( plugins._getInterfaceFromName( interface ) ) directlyProvides( self, *new_interfaces ) if RESPONSE is not None: RESPONSE.redirect('%s/manage_workspace' '?manage_tabs_message=' 'Interfaces+updated.' % self.absolute_url())
def test_validate_with_anonymous_factory( self ): from Products.PluggableAuthService.interfaces.plugins \ import IAnonymousUserFactoryPlugin def _makeAnon(): user = FauxUser( None , name='New Anonymous User' , roles=() , groups={ 'All People Everywhere Ever' : 1 } ) return user plugins = self._makePlugins() zcuf = self._makeOne( plugins ) nested = self._makeOne( plugins ) anon = DummyPlugin() directlyProvides( anon, ( IAnonymousUserFactoryPlugin, ) ) anon.createAnonymousUser = _makeAnon zcuf._setObject( 'anon', anon ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IAnonymousUserFactoryPlugin, 'anon' ) rc, root, folder, object = self._makeTree() index = FauxObject( 'index_html' ) index.__roles__ = ( 'Anonymous', ) acquired_index = index.__of__( root ).__of__( object ) request = FauxRequest( ( 'folder', 'object', 'index_html' ) , RESPONSE=FauxResponse() , PARENTS=[ object, folder, root ] , PUBLISHED=acquired_index , form={} ) root._setObject( 'acl_users', zcuf ) root_users = root.acl_users root_validated = root_users.validate( request ) self.assertEqual( root_validated.getUserName(), 'New Anonymous User' ) self.assertEqual( root_validated.getGroups() , [ 'All People Everywhere Ever' ] )
def _delOb( self, id ): """ Override ObjectManager's _delOb to account for removing any interface assertions the object might implement. """ myId = self.getId() pas_instance = self._getPAS() plugins = pas_instance._getOb( 'plugins' ) curr_interfaces = Set(providedBy(self)) del_interfaces = Set([x for x in providedBy(self) if id in x.names()]) for interface in del_interfaces: if myId in plugins.listPluginIds( interface ): plugins.deactivatePlugin( interface, myId ) delattr( self, id ) directlyProvides( self, *(list(curr_interfaces - del_interfaces)) )
def manage_updateInterfaces( self, interfaces, RESPONSE=None ): """ For ZMI update of interfaces. """ pas_instance = self._getPAS() plugins = pas_instance._getOb( 'plugins' ) new_interfaces = [] for interface in interfaces: new_interfaces.append( plugins._getInterfaceFromName( interface ) ) klass_interfaces = [x for x in implementedBy(ScriptablePlugin)] directlyProvides( self, *(klass_interfaces + new_interfaces) ) if RESPONSE is not None: RESPONSE.redirect('%s/manage_workspace' '?manage_tabs_message=' 'Interfaces+updated.' % self.absolute_url())
def _delOb(self, id): """ Override ObjectManager's _delOb to account for removing any interface assertions the object might implement. """ myId = self.getId() pas_instance = self._getPAS() plugins = pas_instance._getOb('plugins') curr_interfaces = Set(providedBy(self)) del_interfaces = Set([x for x in providedBy(self) if id in x.names()]) for interface in del_interfaces: if myId in plugins.listPluginIds(interface): plugins.deactivatePlugin(interface, myId) delattr(self, id) directlyProvides(self, *(list(curr_interfaces - del_interfaces)))
def test__delOb_unregisters_plugin(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, \ IAuthenticationPlugin, \ IUserEnumerationPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) login = DummyPlugin() directlyProvides(login, (IExtractionPlugin, IAuthenticationPlugin)) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject('login', login) foo = DummyPlugin() directlyProvides(foo, (IUserEnumerationPlugin, )) foo.enumerateUsers = lambda id: id == 'foo' or None zcuf._setObject('foo', foo) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'login') plugins.activatePlugin(IAuthenticationPlugin, 'login') plugins.activatePlugin(IUserEnumerationPlugin, 'foo') self.failUnless(plugins.listPlugins(IExtractionPlugin)) self.failUnless(plugins.listPlugins(IAuthenticationPlugin)) self.failUnless(plugins.listPlugins(IUserEnumerationPlugin)) zcuf._delOb('foo') self.failUnless(plugins.listPlugins(IExtractionPlugin)) self.failUnless(plugins.listPlugins(IAuthenticationPlugin)) self.failIf(plugins.listPlugins(IUserEnumerationPlugin)) zcuf._delOb('login') self.failIf(plugins.listPlugins(IExtractionPlugin)) self.failIf(plugins.listPlugins(IAuthenticationPlugin)) self.failIf(plugins.listPlugins(IUserEnumerationPlugin))
def test__delOb_unregisters_plugin( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, \ IAuthenticationPlugin, \ IUserEnumerationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) foo = DummyPlugin() directlyProvides( foo, ( IUserEnumerationPlugin, ) ) foo.enumerateUsers = lambda id: id == 'foo' or None zcuf._setObject( 'foo', foo ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) plugins.activatePlugin( IUserEnumerationPlugin, 'foo' ) self.failUnless( plugins.listPlugins( IExtractionPlugin ) ) self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) ) self.failUnless( plugins.listPlugins( IUserEnumerationPlugin ) ) zcuf._delOb( 'foo' ) self.failUnless( plugins.listPlugins( IExtractionPlugin ) ) self.failUnless( plugins.listPlugins( IAuthenticationPlugin ) ) self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) ) zcuf._delOb( 'login' ) self.failIf( plugins.listPlugins( IExtractionPlugin ) ) self.failIf( plugins.listPlugins( IAuthenticationPlugin ) ) self.failIf( plugins.listPlugins( IUserEnumerationPlugin ) )
def test_authenticate_emergency_user_with_broken_extractor( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin from AccessControl.User import UnrestrictedUser from Products.PluggableAuthService import PluggableAuthService old_eu = PluggableAuthService.emergency_user eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () ) PluggableAuthService.emergency_user = eu plugins = self._makePlugins() zcuf = self._makeOne( plugins ) borked = DummyPlugin() directlyProvides( borked, ( IExtractionPlugin, ) ) borked.extractCredentials = lambda req: 'abc' zcuf._setObject( 'borked', borked ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'borked' ) request = FauxRequest( form={ 'login' : eu.getUserName() , 'password' : eu._getPassword() } ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins ) self.assertEqual( len( user_ids ), 1 ) self.assertEqual( user_ids[ 0 ][0], 'foo' ) PluggableAuthService.emergency_user = old_eu
def test_authenticate_emergency_user_with_broken_extractor(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin from AccessControl.User import UnrestrictedUser from Products.PluggableAuthService import PluggableAuthService old_eu = PluggableAuthService.emergency_user eu = UnrestrictedUser('foo', 'bar', ('manage', ), ()) PluggableAuthService.emergency_user = eu plugins = self._makePlugins() zcuf = self._makeOne(plugins) borked = DummyPlugin() directlyProvides(borked, (IExtractionPlugin, )) borked.extractCredentials = lambda req: 'abc' zcuf._setObject('borked', borked) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'borked') request = FauxRequest(form={ 'login': eu.getUserName(), 'password': eu._getPassword() }) user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins) self.assertEqual(len(user_ids), 1) self.assertEqual(user_ids[0][0], 'foo') PluggableAuthService.emergency_user = old_eu
def _delOb(self, id): """ Override ObjectManager's _delOb to account for removing any interface assertions the object might implement. """ myId = self.getId() pas_instance = self._getPAS() plugins = pas_instance._getOb('plugins') del_interfaces = filter(lambda x: id in x.names(), self.__implements__) trimmed_interfaces = [ x for x in self.__implements__ if x not in (del_interfaces + self.__class__.__implements__) ] for interface in del_interfaces: if myId in plugins.listPluginIds(interface): plugins.deactivatePlugin(interface, myId) delattr(self, id) directlyProvides(self, *trimmed_interfaces)
def _delOb( self, id ): """ Override ObjectManager's _delOb to account for removing any interface assertions the object might implement. """ myId = self.getId() parent = aq_parent( aq_inner( self ) ) plugins = parent._getOb( 'plugins' ) del_interfaces = filter( lambda x: id in x.names() , self.__implements__ ) trimmed_interfaces = [ x for x in self.__implements__ if x not in ( del_interfaces + self.__class__.__implements__ ) ] for interface in del_interfaces: if myId in plugins.listPluginIds( interface ): plugins.deactivatePlugin( interface, myId ) delattr( self, id ) directlyProvides( self, *trimmed_interfaces )
def test__findUser_with_groups(self): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin plugins = self._makePlugins() zcuf = self._makeOne(plugins) foo = DummyPlugin() directlyProvides(foo, (IGroupsPlugin, )) foo.getGroupsForPrincipal = lambda user, req: ('group1', 'group2') zcuf._setObject('foo', foo) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IGroupsPlugin, 'foo') user = zcuf._findUser(plugins, 'someone') groups = user.getGroups() self.assertEqual(len(groups), 2) self.failUnless('foo__group1' in groups) self.failUnless('foo__group2' in groups)
def test__findUser_with_groups( self ): from Products.PluggableAuthService.interfaces.plugins \ import IGroupsPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) foo = DummyPlugin() directlyProvides( foo, ( IGroupsPlugin, ) ) foo.getGroupsForPrincipal = lambda user, req: ( 'group1', 'group2' ) zcuf._setObject( 'foo', foo ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IGroupsPlugin , 'foo' ) user = zcuf._findUser( plugins, 'someone' ) groups = user.getGroups() self.assertEqual( len( groups ), 2 ) self.failUnless( 'foo__group1' in groups ) self.failUnless( 'foo__group2' in groups )
def test__extractUserIds_one_extractor_two_authenticators( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) always = DummyPlugin() directlyProvides( always, ( IAuthenticationPlugin, ) ) always.authenticateCredentials = lambda creds: ('baz', None) zcuf._setObject( 'always', always ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'always' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) request = FauxRequest( form={ 'login' : 'foo', 'password' : 'bar' } ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins ) self.assertEqual( len( user_ids ), 2 ) self.assertEqual( user_ids[ 0 ][0], 'always__baz' ) self.assertEqual( user_ids[ 1 ][0], 'login__foo' )
def test__extractUserIds_cache( self ): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin plugins = self._makePlugins() zcuf = self._makeOne( plugins ) login = DummyPlugin() directlyProvides( login, ( IExtractionPlugin, IAuthenticationPlugin ) ) login.extractCredentials = _extractLogin login.authenticateCredentials = _authLogin zcuf._setObject( 'login', login ) extra = DummyPlugin() directlyProvides( extra, ( IExtractionPlugin, IAuthenticationPlugin ) ) extra.extractCredentials = _extractExtra extra.authenticateCredentials = _authExtra zcuf._setObject( 'extra', extra ) plugins = zcuf._getOb( 'plugins' ) plugins.activatePlugin( IExtractionPlugin, 'extra' ) plugins.activatePlugin( IExtractionPlugin, 'login' ) plugins.activatePlugin( IAuthenticationPlugin, 'extra' ) plugins.activatePlugin( IAuthenticationPlugin, 'login' ) cache = {} request = FauxRequest( form={ 'login' : 'foo' , 'password' : 'bar' } , extra='qux' ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins , cache=cache ) self.assertEqual( len( user_ids ), 2 ) self.assertEqual( user_ids[ 0 ][0], 'extra__qux' ) self.assertEqual( user_ids[ 1 ][0], 'login__foo' ) self.assertEqual( len( cache ), 2 ) self.failUnless( [ ('login__foo', 'foo') ] in cache.values() ) self.failUnless( [ ('extra__qux', 'qux') ] in cache.values() ) key = [ x[0] for x in cache.items() if x[1] == [('login__foo', 'foo')] ][0] cache[ key ].append( ('forced__baz', 'baz' ) ) user_ids = zcuf._extractUserIds( request=request , plugins=zcuf.plugins , cache=cache ) self.assertEqual( len( user_ids ), 3, user_ids ) self.assertEqual( user_ids[ 0 ][0], 'extra__qux' ) self.assertEqual( user_ids[ 1 ][0], 'login__foo' ) self.assertEqual( user_ids[ 2 ][0], 'forced__baz' )