def test_logging_in_and_logging_out(self):
# A test showing that we can authenticate the request after
# logInPrincipal() is called, and after logoutPerson() we can no
# longer authenticate it.
# This is to setup an interaction so that we can call logInPrincipal
# below.
login('*****@*****.**')
logInPrincipal(self.request, self.principal, '*****@*****.**')
session = ISession(self.request)
# logInPrincipal() stores the account ID in a variable named
# 'accountid'.
self.assertEqual(
session['launchpad.authenticateduser']['accountid'],
int(self.principal.id))
# Ensure we are using cookie auth.
self.assertIsNotNone(
self.request.response.getCookie(config.launchpad_session.cookie)
)
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.assertEqual(self.principal.id, principal.id)
logoutPerson(self.request)
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.assertIsNone(principal)
def test_logging_in_and_logging_out(self):
# A test showing that we can authenticate the request after
# logInPrincipal() is called, and after logoutPerson() we can no
# longer authenticate it.
# This is to setup an interaction so that we can call logInPrincipal
# below.
login('*****@*****.**')
logInPrincipal(self.request, self.principal, '*****@*****.**')
session = ISession(self.request)
# logInPrincipal() stores the account ID in a variable named
# 'accountid'.
self.failUnlessEqual(
session['launchpad.authenticateduser']['accountid'],
int(self.principal.id))
# Ensure we are using cookie auth.
self.assertIsNotNone(
self.request.response.getCookie(config.launchpad_session.cookie)
)
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.failUnlessEqual(self.principal.id, principal.id)
logoutPerson(self.request)
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.failUnless(principal is None)
def continue_action(self, action, data):
email = data['email']
principal = getUtility(IPlacelessLoginSource).getPrincipalByLogin(
email)
logInPrincipal(self.request, principal, email)
# Update the attribute holding the cached user.
self._account = principal.account
return self.renderOpenIDResponse(self.createPositiveResponse())
def continue_action(self, action, data):
email = data['email']
principal = getUtility(IPlacelessLoginSource).getPrincipalByLogin(
email)
logInPrincipal(self.request, principal, email)
# Update the attribute holding the cached user.
self._account = principal.account
return self.renderOpenIDResponse(self.createPositiveResponse())
def test_CookieLogoutPage(self):
# This test shows that the CookieLogoutPage redirects as we expect:
# first to loggerhead for it to log out (see bug 574493) and then
# to our OpenId provider for it to log out (see bug 568106). This
# will need to be readdressed when we want to accept other OpenId
# providers, unfortunately.
# This is to setup an interaction so that we can call logInPrincipal
# below.
login('*****@*****.**')
logInPrincipal(self.request, self.principal, '*****@*****.**')
# Normally CookieLogoutPage is magically mixed in with a base class
# that accepts context and request and sets up other things. We're
# just going to put the request on the base class ourselves for this
# test.
view = CookieLogoutPage()
view.request = self.request
# We need to set the session cookie so it can be expired.
self.request.response.setCookie(
config.launchpad_session.cookie, 'xxx')
# Now we logout.
result = view.logout()
# We should, in fact, be logged out (this calls logoutPerson).
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.failUnless(principal is None)
# The view should have redirected us, with no actual response body.
self.assertEquals(self.request.response.getStatus(), 302)
self.assertEquals(result, '')
# We are redirecting to Loggerhead, to ask it to logout.
location = lazr.uri.URI(self.request.response.getHeader('location'))
self.assertEquals(location.host, 'bazaar.launchpad.dev')
self.assertEquals(location.scheme, 'https')
self.assertEquals(location.path, '/+logout')
# That page should then redirect to our OpenId provider to logout,
# which we provide in our query string. See
# launchpad_loggerhead.tests.TestLogout for the pertinent tests.
query = cgi.parse_qs(location.query)
self.assertEquals(
query['next_to'][0], 'http://testopenid.dev/+logout')
def test_CookieLogoutPage(self):
# This test shows that the CookieLogoutPage redirects as we expect:
# first to loggerhead for it to log out (see bug 574493) and then
# to our OpenId provider for it to log out (see bug 568106). This
# will need to be readdressed when we want to accept other OpenId
# providers, unfortunately.
# This is to setup an interaction so that we can call logInPrincipal
# below.
login('*****@*****.**')
logInPrincipal(self.request, self.principal, '*****@*****.**')
# Normally CookieLogoutPage is magically mixed in with a base class
# that accepts context and request and sets up other things. We're
# just going to put the request on the base class ourselves for this
# test.
view = CookieLogoutPage()
view.request = self.request
# We need to set the session cookie so it can be expired.
self.request.response.setCookie(
config.launchpad_session.cookie, 'xxx')
# Now we logout.
result = view.logout()
# We should, in fact, be logged out (this calls logoutPerson).
principal = getUtility(IPlacelessAuthUtility).authenticate(
self.request)
self.assertIsNone(principal)
# The view should have redirected us, with no actual response body.
self.assertEqual(self.request.response.getStatus(), 302)
self.assertEqual(result, '')
# We are redirecting to Loggerhead, to ask it to logout.
location = lazr.uri.URI(self.request.response.getHeader('location'))
self.assertEqual(location.host, 'bazaar.launchpad.dev')
self.assertEqual(location.scheme, 'https')
self.assertEqual(location.path, '/+logout')
# That page should then redirect to our OpenId provider to logout,
# which we provide in our query string. See
# launchpad_loggerhead.tests.TestLogout for the pertinent tests.
query = cgi.parse_qs(location.query)
self.assertEqual(query['next_to'][0], 'http://testopenid.dev/+logout')
def login_as_person(person):
"""This is a helper function designed to be used within a fixture.
Provide a person, such as one generated by LaunchpadObjectFactory, and
the browser will become logged in as this person.
Explicit tear-down is unnecessary because the database is reset at the end
of every test, and the cookie is discarded.
"""
if person.is_team:
raise AssertionError("Please do not try to login as a team")
email = removeSecurityProxy(person.preferredemail).email
request = get_current_browser_request()
assert request is not None, "We do not have a browser request."
authutil = getUtility(IPlacelessAuthUtility)
principal = authutil.getPrincipalByLogin(email)
launchbag = getUtility(IOpenLaunchBag)
launchbag.setLogin(email)
logInPrincipal(request, principal, email)
def logInPrincipalByEmail(self, email):
"""Login the principal with the given email address."""
loginsource = getUtility(IPlacelessLoginSource)
principal = loginsource.getPrincipalByLogin(email)
logInPrincipal(self.request, principal, email)
def logInPrincipalByEmail(self, email):
"""Login the principal with the given email address."""
loginsource = getUtility(IPlacelessLoginSource)
principal = loginsource.getPrincipalByLogin(email)
logInPrincipal(self.request, principal, email)
