def setUp(self):
self.mgr = KeyManager()
del self.mgr[u"_system"]
self.mgr[u"_system"] = Keyring()
self.mgr[u"_system"].rotate()
self.mgr[u"one"] = Keyring()
self.mgr[u"one"].rotate()
self.mgr[u"two"] = Keyring()
self.mgr[u"two"].rotate()
def upgrade_keyring(context):
logger.info('upgrading keyring')
manager = getUtility(IKeyManager)
manager[u'_system'].fill()
if u'_anon' not in manager:
manager[u'_anon'] = Keyring()
manager[u'_anon'].fill()
if u'_forms' not in manager:
manager[u'_forms'] = Keyring()
manager[u'_forms'].fill()
logger.info('add keyring to zope root if not done already')
app = aq_parent(getSite())
sm = getSiteManager(app)
if sm.queryUtility(IKeyManager) is None:
obj = KeyManager()
sm.registerUtility(aq_base(obj), IKeyManager, '')
# disable CSRF protection which will fail due to
# using different secrets than when the authenticator
# was generated
request = getRequest()
if request is not None:
alsoProvides(request, IDisableCSRFProtection)
def importFinalSteps(context):
"""
Final Plone import steps.
"""
# Only run step if a flag file is present (e.g. not an extension profile)
if context.readDataFile('plone-final.txt') is None:
return
site = context.getSite()
setProfileVersion(site)
# Install our dependencies
st = getToolByName(site, "portal_setup")
st.runAllImportStepsFromProfile("profile-Products.CMFPlone:dependencies")
assignTitles(site)
replace_local_role_manager(site)
addCacheHandlers(site)
addCacheForResourceRegistry(site)
# check if zope root has keyring installed for CSRF protection
app = aq_parent(site)
sm = getSiteManager(app)
if sm.queryUtility(IKeyManager) is None:
obj = KeyManager()
sm.registerUtility(aq_base(obj), IKeyManager, '')
first_weekday_setup(context)
timezone_setup(context)
# setup resource overrides plone.resource
persistentDirectory = getUtility(IResourceDirectory, name="persistent")
if OVERRIDE_RESOURCE_DIRECTORY_NAME not in persistentDirectory:
persistentDirectory.makeDirectory(OVERRIDE_RESOURCE_DIRECTORY_NAME)
def setUp(self):
self.sm = getGlobalSiteManager()
self.manager = KeyManager(self.key_size)
self.sm.registerUtility(self.manager, provided=IKeyManager,
event=False)
# Tests modify the user object so we better make sure it is *our*
# user object and not the built-in Anonymous User.
newSecurityManager(None, User('dummy', 'secret', (), ()))
def setUp(self):
self.mgr=KeyManager()
del self.mgr[u"_system"]
self.mgr[u"_system"]=Keyring()
self.mgr[u"_system"].rotate()
self.mgr[u"one"]=Keyring()
self.mgr[u"one"].rotate()
self.mgr[u"two"]=Keyring()
self.mgr[u"two"].rotate()
def getRootKeyManager(root):
if not IApplication.providedBy(root):
return
try:
manager = root._key_manager
except AttributeError:
manager = root._key_manager = KeyManager()
safeWrite(root._key_manager)
safeWrite(root)
return manager
def install_acl_users(app, event):
logger = event.commit
uf = app.acl_users
found = uf.objectIds(['Plone Session Plugin'])
if not found:
# new root acl user implementation not installed yet
migrate_root_uf(app)
uf = app.acl_users # need to get new acl_users
plone_pas = uf.manage_addProduct['PlonePAS']
manage_addSessionPlugin(plone_pas, 'session')
activatePluginInterfaces(app, "session")
cookie_auth = uf.credentials_cookie_auth
cookie_auth.login_path = u'/@@secure-login'
uf.plugins.activatePlugin(
IChallengePlugin,
'credentials_cookie_auth'
)
# also delete basic auth
uf.manage_delObjects(['credentials_basic_auth'])
# for some reason, we need to install the initial user...
if not api.env.test_mode():
try:
uf.users.manage_addUser('admin', 'admin', 'admin', 'admin')
uf.roles.assignRoleToPrincipal('Manager', 'admin')
except KeyError:
pass # already a user
if logger is not None:
logger('Updated acl users')
km = getattr(app, 'key_manager', None)
if km is None:
km = KeyManager()
app.key_manager = km
app._p_changed = 1
if logger is not None:
logger('adding key manager')
sm = getGlobalSiteManager()
sm.registerUtility(km, IKeyManager)
def upgrade_keyring(context):
logger.info('upgrading keyring')
manager = getUtility(IKeyManager)
manager[u'_system'].fill()
if u'_anon' not in manager:
manager[u'_anon'] = Keyring()
manager[u'_anon'].fill()
if u'_forms' not in manager:
manager[u'_forms'] = Keyring()
manager[u'_forms'].fill()
logger.info('add keyring to zope root if not done already')
app = aq_parent(getSite())
sm = getSiteManager(app)
if sm.queryUtility(IKeyManager) is None:
obj = KeyManager()
sm.registerUtility(aq_base(obj), IKeyManager, '')
def setUp(self):
self.portal = self.layer['portal']
self.app = self.layer['app']
self.request = self.layer[
'request'] #makerequest(self.portal.aq_parent).REQUEST
# log all exceptions
self.portal.error_log._ignored_exceptions = ()
# Add an authenticator fpr plone.protect
provideUtility(KeyManager(), IKeyManager)
auth = self.portal.restrictedTraverse(
'@@authenticator').authenticator()
self.request['_authenticator'] = auth.split('"')[5]
self.portal_catalog = getToolByName(self.portal, 'portal_catalog')
self.bsc = getToolByName(self.portal, 'bika_setup_catalog')
self.workflow = getToolByName(self.portal, 'portal_workflow')
self.portal_registration = getToolByName(self.portal,
'portal_registration')
self.portal_groups = getToolByName(self.portal, 'portal_groups')
self.portal_membership = getToolByName(self.portal,
'portal_membership')
self.plone_utils = getToolByName(self.portal, 'plone_utils')
def testContainerIsPersistent(self):
mgr = KeyManager()
self.failUnless(
isinstance(mgr.__dict__["_SampleContainer__data"],
PersistentMapping))
def testSystemKeyringCreated(self):
mgr = KeyManager()
self.assertEqual(mgr.keys(), [u"_anon", u"_forms", u"_system"])
self.failUnless(mgr[u"_system"].current is not None)
class KeyManagerTests(TestCase):
def setUp(self):
self.mgr = KeyManager()
del self.mgr[u"_system"]
self.mgr[u"_system"] = Keyring()
self.mgr[u"_system"].rotate()
self.mgr[u"one"] = Keyring()
self.mgr[u"one"].rotate()
self.mgr[u"two"] = Keyring()
self.mgr[u"two"].rotate()
def testInterface(self):
verifyClass(IKeyManager, KeyManager)
def testSystemKeyringCreated(self):
mgr = KeyManager()
self.assertEqual(mgr.keys(), [u"_anon", u"_forms", u"_system"])
self.failUnless(mgr[u"_system"].current is not None)
def testContainerIsPersistent(self):
mgr = KeyManager()
self.failUnless(
isinstance(mgr.__dict__["_SampleContainer__data"],
PersistentMapping))
def testClear(self):
self.mgr.clear()
self.assertEqual(set(self.mgr[u"_system"]), set([None]))
self.assertNotEqual(set(self.mgr[u"one"]), set([None]))
self.assertNotEqual(set(self.mgr[u"two"]), set([None]))
def testClearGivenRing(self):
self.mgr.clear(u"one")
self.assertNotEqual(set(self.mgr[u"_system"]), set([None]))
self.assertEqual(set(self.mgr[u"one"]), set([None]))
self.assertNotEqual(set(self.mgr[u"two"]), set([None]))
def testClearAll(self):
self.mgr.clear(None)
self.assertEqual(set(self.mgr[u"_system"]), set([None]))
self.assertEqual(set(self.mgr[u"one"]), set([None]))
self.assertEqual(set(self.mgr[u"two"]), set([None]))
def testClearUnknownRing(self):
self.assertRaises(KeyError, self.mgr.clear, u"missing")
def testRotate(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate()
self.assertNotEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], current_sys)
self.assertEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], None)
self.assertEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], None)
def testRotateGivenRing(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate(u"one")
self.assertEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], None)
self.assertNotEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], current_one)
self.assertEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], None)
def testRotateAll(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate(None)
self.assertNotEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], current_sys)
self.assertNotEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], current_one)
self.assertNotEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], current_two)
def testRotateUnknownRing(self):
self.assertRaises(KeyError, self.mgr.clear, u"missing")
def testSecret(self):
self.mgr[u"_system"][0] = marker
self.failUnless(self.mgr.secret() is marker)
def testSecretGivenRing(self):
self.mgr[u"one"][0] = marker
self.failUnless(self.mgr.secret(u"one") is marker)
def testSecretUnknownRing(self):
self.assertRaises(KeyError, self.mgr.secret, u"missing")
class KeyManagerTests(TestCase):
def setUp(self):
self.mgr=KeyManager()
del self.mgr[u"_system"]
self.mgr[u"_system"]=Keyring()
self.mgr[u"_system"].rotate()
self.mgr[u"one"]=Keyring()
self.mgr[u"one"].rotate()
self.mgr[u"two"]=Keyring()
self.mgr[u"two"].rotate()
def testInterface(self):
verifyClass(IKeyManager, KeyManager)
def testSystemKeyringCreated(self):
mgr=KeyManager()
self.assertEqual(set(mgr), {u"_anon", u"_forms", u"_system"})
self.assertTrue(mgr[u"_system"].current is not None)
def testContainerIsPersistent(self):
mgr=KeyManager()
self.assertTrue(isinstance(mgr.__dict__["_SampleContainer__data"],
PersistentMapping))
def testClear(self):
self.mgr.clear()
self.assertEqual(set(self.mgr[u"_system"]), set([None]))
self.assertNotEqual(set(self.mgr[u"one"]), set([None]))
self.assertNotEqual(set(self.mgr[u"two"]), set([None]))
def testClearGivenRing(self):
self.mgr.clear(u"one")
self.assertNotEqual(set(self.mgr[u"_system"]), set([None]))
self.assertEqual(set(self.mgr[u"one"]), set([None]))
self.assertNotEqual(set(self.mgr[u"two"]), set([None]))
def testClearAll(self):
self.mgr.clear(None)
self.assertEqual(set(self.mgr[u"_system"]), set([None]))
self.assertEqual(set(self.mgr[u"one"]), set([None]))
self.assertEqual(set(self.mgr[u"two"]), set([None]))
def testClearUnknownRing(self):
self.assertRaises(KeyError, self.mgr.clear, u"missing")
def testRotate(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate()
self.assertNotEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], current_sys)
self.assertEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], None)
self.assertEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], None)
def testRotateGivenRing(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate(u"one")
self.assertEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], None)
self.assertNotEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], current_one)
self.assertEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], None)
def testRotateAll(self):
current_sys = self.mgr[u"_system"].current
current_one = self.mgr[u"one"].current
current_two = self.mgr[u"two"].current
self.mgr.rotate(None)
self.assertNotEqual(self.mgr[u"_system"].current, current_sys)
self.assertEqual(self.mgr[u"_system"][1], current_sys)
self.assertNotEqual(self.mgr[u"one"].current, current_one)
self.assertEqual(self.mgr[u"one"][1], current_one)
self.assertNotEqual(self.mgr[u"two"].current, current_two)
self.assertEqual(self.mgr[u"two"][1], current_two)
def testRotateUnknownRing(self):
self.assertRaises(KeyError, self.mgr.clear, u"missing")
def testSecret(self):
self.mgr[u"_system"][0]=marker
self.assertTrue(self.mgr.secret() is marker)
def testSecretGivenRing(self):
self.mgr[u"one"][0]=marker
self.assertTrue(self.mgr.secret(u"one") is marker)
def testSecretUnknownRing(self):
self.assertRaises(KeyError, self.mgr.secret, u"missing")
def testSystemKeyringCreated(self):
mgr=KeyManager()
self.assertEqual(mgr.keys(), [u"_anon", u"_forms", u"_system"])
self.failUnless(mgr[u"_system"].current is not None)
