def test_on_permissions_everyone(app):
user = auth.HumanUser('jimmy')
permissions = set()
lg = ldap_groups.LdapGroupsAuthz(app)
lg.get_user_groups = lambda mail: []
lg.on_permissions_stale('sender', user, permissions)
eq_(permissions, set([p.test_lga.bar]))
def test_on_permissions_stale_groups_unknown_groups(app):
user = auth.HumanUser('jimmy')
permissions = set()
lg = ldap_groups.LdapGroupsAuthz(app)
lg.get_user_groups = lambda mail: ['group3', 'nosuch']
lg.on_permissions_stale('sender', user, permissions)
eq_(permissions, set([p.test_lga.bar]))
def test_on_permissions_stale_groups_unique(app):
user = auth.HumanUser('jimmy')
permissions = set()
lg = ldap_group_authz.LdapGroupsAuthz(app)
lg.get_user_groups = lambda mail: ['group1', 'group2']
lg.on_permissions_stale('sender', user, permissions)
eq_(permissions, set(
[p.test_lga.foo, p.test_lga.bar]))
def test_HumanUser_perms_in_session(app):
u = auth.HumanUser("*****@*****.**")
with app.test_request_context('/'):
session['perms'] = ['test_lib_auth.a']
session['perms_exp'] = time.time() + 10000
eq_(u.permissions, set([p.test_lib_auth.a]))
del session['perms']
# .. and still cached
eq_(u.permissions, set([p.test_lib_auth.a]))
def test_HumanUser(app):
u = auth.HumanUser("*****@*****.**")
eq_(u.type, 'human')
eq_(u.authenticated_email, '*****@*****.**')
eq_(str(u), 'human:[email protected]')
eq_(u.is_authenticated, True)
eq_(u.is_active, True)
eq_(u.is_anonymous, False)
with app.test_request_context('/'):
eq_(u.permissions, set())
def test_HumanUser_perms_session_expired(app):
@auth.permissions_stale.connect_via(app)
def set_perms(app, user, permissions):
permissions.add(p.test_lib_auth.a)
permissions.add(p.test_lib_auth.b)
u = auth.HumanUser("*****@*****.**")
with app.test_request_context('/'):
session['perms'] = ['test_lib_auth.a']
session['perms_exp'] = time.time() - 10000
eq_(u.permissions, set([p.test_lib_auth.a, p.test_lib_auth.b]))
eq_(sorted(session['perms']),
['test_lib_auth.a', 'test_lib_auth.b'])
assert session['perms_exp'] > time.time()
def login():
"""/userauth/login view; the frontend should apply its auth to this request
and identify the user for us"""
if 'environ' in config:
environ_key = config['environ']
email = request.environ.get(environ_key)
else:
header = config.get('header', 'REMOTE_USER')
email = request.headers.get(header)
if email:
login_user(auth.HumanUser(email))
return _finish_request()
else:
logger.warning("External authentication data for RELENGAPI_AUTHENTICATION not found")
abort(500)
def _make_app(self):
if self.options.get('reuse_app') and self._app:
return self._app
config = self.options.get('config', {}).copy()
config['TESTING'] = True
config[
'LOGIN_DISABLED'] = False # Make @login_required enforced in tests.
config['SECRET_KEY'] = 'test'
config['SQLALCHEMY_DATABASE_URIS'] = uris = {}
dbnames = self.options.get('databases', [])
for dbname in dbnames:
uris[dbname] = 'sqlite://'
app = relengapi.app.create_app(test_config=config)
# translate 'perms' into a logged-in, human user
user = None
if 'perms' in self.options:
perms = self.options.get('perms')
user = auth.HumanUser('*****@*****.**')
user._permissions = perms
# otherwise, set up logged-in user
elif 'user' in self.options:
user = self.options.get('user')
if user:
@app.before_request
def set_user():
auth.login_manager.reload_user(user)
# set up the requested DBs
for dbname in dbnames:
meta = app.db.metadata[dbname]
engine = app.db.engine(dbname)
meta.create_all(bind=engine)
self._app = app
if 'app_setup' in self.options:
self.options['app_setup'](app)
return app
def test_user_loader():
eq_(auth._user_loader('human:[email protected]'),
auth.HumanUser('*****@*****.**'))
def test_on_permissions_stale_not_user(app):
user = auth.HumanUser('jimmy')
permissions = set()
lg = ldap_groups.LdapGroupsAuthz(app)
lg.on_permissions_stale('sender', user, permissions)
eq_(permissions, set())
from . import BUILDDIR_REL_PREFIX
from . import BUILDER_REL_PREFIX
_clobber_args = {
'branch': 'branch',
'builddir': 'builddir',
}
_clobber_args_with_slave = {
'branch': 'other_branch',
'builddir': 'other_builddir',
'slave': 'specific_slave',
}
auth_user = auth.HumanUser('*****@*****.**')
auth_user._permissions = set([p.clobberer.post.clobber])
test_context = TestContext(databases=[DB_DECLARATIVE_BASE],
user=auth_user,
reuse_app=True)
_last_clobber_args = deepcopy(_clobber_args)
_last_clobber_args['buildername'] = 'buildername'
_last_clobber_args_with_slave = deepcopy(_clobber_args_with_slave)
_last_clobber_args_with_slave['buildername'] = 'other_buildername'
@test_context
def test_clobber_request(client):
session = test_context._app.db.session(DB_DECLARATIVE_BASE)
def userperms(perms, email='*****@*****.**'):
u = auth.HumanUser(email)
u._permissions = set(perms)
return u
def rl(req):
if 'user' in req.headers:
return auth.HumanUser(req.headers['user'])
@with_setup(clear_loaders, clear_loaders)
def test_request_loader_not_set():
bad_user = auth.HumanUser('*****@*****.**')
bad_user._permissions = 'not-a-set'
auth._request_loaders = [lambda req: bad_user]
assert_raises(TypeError, lambda:
auth._request_loader(None))
@test_context
def test_login_request(client):
assert 'A valid login is required' in client.get('/login_request').data
@test_context.specialize(user=auth.HumanUser('jeanne'))
def test_login_request_logged_in(client):
resp = client.get('/login_request')
eq_((resp.status_code, resp.headers[
'location']), (302, 'http://localhost/'))
@test_context.specialize(user=auth.HumanUser('jeanne'))
def test_login_request_logged_in_next(client):
resp = client.get('/login_request?next=/foo')
eq_((resp.status_code, resp.headers[
'location']), (302, 'http://localhost/foo'))
@test_context
def test_clear_perms_cache(app):
def browser_id_user_loader(login_info):
if login_info['status'] != 'okay':
return None
return auth.HumanUser(login_info['email'])
def userperms(perms, email='*****@*****.**'):
u = auth.HumanUser(email)
u._permissions = set(perms)
return u
def test_request_loader_not_set():
bad_user = auth.HumanUser('*****@*****.**')
bad_user._permissions = 'not-a-set'
auth._request_loaders = [lambda req: bad_user]
assert_raises(TypeError, lambda:
auth._request_loader(None))
def login():
login_user(auth.HumanUser(config['email']))
return _finish_request()
def test_on_permissions_stale_not_user():
user = auth.HumanUser('*****@*****.**')
permissions = set()
static.on_permissions_stale(perm_map, 'sender', user, permissions)
eq_(permissions, set())
def userperms(perms, email='me'):
u = auth.HumanUser(email)
u._permissions = set(perms)
return u
def test_on_permissions_stale():
user = auth.HumanUser('*****@*****.**')
permissions = set()
static.on_permissions_stale(perm_map, 'sender', user, permissions)
eq_(permissions, set(
[p.test_static.foo, p.test_static.bar]))
