def test_encrypt_decrypt(text):
encrypted = cryptutil.encrypt(text)
self.assertNotEqual(text, encrypted,
"encrypted text (%s) should not match original (%s)" % (encrypted, text))
decrypted = cryptutil.decrypt(encrypted)
self.assertEqual(text, decrypted,
"decrypted text (%s) should match original encrypted text (%s)" % (decrypted, text))
def __init__(self, username=None, password=None, request=None):
if request is not None and request.user.is_authenticated() and \
FEDORA_PASSWORD_SESSION_KEY in request.session:
username = request.user.username
password = cryptutil.decrypt(request.session[FEDORA_PASSWORD_SESSION_KEY])
else:
if username is None and hasattr(settings, 'FEDORA_USER'):
username = settings.FEDORA_USER
# look for FEDORA_PASSWORD first
if password is None and hasattr(settings, 'FEDORA_PASSWORD'):
password = settings.FEDORA_PASSWORD
# then look for FEDORA_PASS, but warn if it is present
elif password is None and hasattr(settings, 'FEDORA_PASS'):
password = settings.FEDORA_PASS
# this method should no longer be needed - default pid logic moved to DigitalObject
warnings.warn("""For security reasons, you should use FEDORA_PASSWORD instead of FEDORA_PASS for Fedora credentials in your django settings. The FEDORA_PASS setting is deprecated.""",
DeprecationWarning)
super(Repository, self).__init__(_connection, username, password)
if hasattr(settings, 'FEDORA_PIDSPACE'):
self.default_pidspace = settings.FEDORA_PIDSPACE
def test_login_and_store_credentials_in_session(self):
# only testing custom logic, which happens on POST
# everything else is handled by django.contrib.auth
from mock import Mock, patch
mockrequest = Mock()
mockrequest.method = 'POST'
def not_logged_in(rqst):
rqst.user.is_authenticated.return_value = False
def set_logged_in(rqst):
rqst.user.is_authenticated.return_value = True
rqst.POST.get.return_value = "TEST_PASSWORD"
# failed login
with patch('eulcore.django.fedora.views.authviews.login',
new=Mock(side_effect=not_logged_in)):
mockrequest.session = dict()
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(FEDORA_PASSWORD_SESSION_KEY not in mockrequest.session,
'user password for fedora should not be stored in session on failed login')
# successful login
with patch('eulcore.django.fedora.views.authviews.login',
new=Mock(side_effect=set_logged_in)):
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(FEDORA_PASSWORD_SESSION_KEY in mockrequest.session,
'user password for fedora should be stored in session on successful login')
# test password stored in the mock request
pwd = mockrequest.POST.get()
# encrypted password stored in session
sessionpwd = mockrequest.session[FEDORA_PASSWORD_SESSION_KEY]
self.assertNotEqual(pwd, sessionpwd,
'password should not be stored in the session without encryption')
self.assertEqual(pwd, cryptutil.decrypt(sessionpwd),
'user password stored in session is encrypted')