def test_is_permitted_account_doesnt_exist( modular_realm_authorizer, permission_resolver): """ when an account cannot be obtained from the account_store, all permissions checked return False """ mra = modular_realm_authorizer perm1 = permission_resolver('money:write:bankcheck_19911109069') perm2 = permission_resolver('money:withdrawal') perm3 = permission_resolver('leatherduffelbag:transport:theringer') perm4 = permission_resolver('leatherduffelbag:access:theringer') perms = [perm1, perm2, perm3, perm4] expected_results = frozenset([(perm1, False), (perm2, False), (perm3, False), (perm4, False)]) unrecognized_identifier = \ SimpleIdentifierCollection(source_name='AccountStoreRealm', identifier='jackietreehorn') event_detected = None def event_listener(identifiers=None, items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.RESULTS') results = mra.is_permitted(unrecognized_identifier, perms) assert (expected_results == results and frozenset(event_detected) == results)
def test_is_permitted_account_doesnt_exist(modular_realm_authorizer, permission_resolver): """ when an account cannot be obtained from the account_store, all permissions checked return False """ mra = modular_realm_authorizer perm1 = permission_resolver('money:write:bankcheck_19911109069') perm2 = permission_resolver('money:withdrawal') perm3 = permission_resolver('leatherduffelbag:transport:theringer') perm4 = permission_resolver('leatherduffelbag:access:theringer') perms = [perm1, perm2, perm3, perm4] expected_results = frozenset([(perm1, False), (perm2, False), (perm3, False), (perm4, False)]) unrecognized_identifier = \ SimpleIdentifierCollection(source_name='AccountStoreRealm', identifier='jackietreehorn') event_detected = None def event_listener(identifiers=None, items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.RESULTS') results = mra.is_permitted(unrecognized_identifier, perms) assert (expected_results == results and frozenset(event_detected) == results)
def test_session_manager_stop(session_manager, cache_handler, session_context, session_handler, capsys): """ test objective: aspects tested: - stop - _lookup_required_session """ sh = session_handler sm = session_manager sm.cache_handler = cache_handler sm.event_bus = event_bus event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.STOP') session = sm.start(session_context) # a DelegatingSession sessionid = session.session_id sm.stop(session.session_key, 'random') with pytest.raises(UnknownSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) out, err = capsys.readouterr() assert ('Coult not find session' in out and isinstance(event_detected.results, namedtuple))
def test_session_manager_stop( session_manager, cache_handler, session_context, session_handler, capsys): """ test objective: aspects tested: - stop - _lookup_required_session """ sh = session_handler sm = session_manager sm.cache_handler = cache_handler sm.event_bus = event_bus event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.STOP') session = sm.start(session_context) # a DelegatingSession sessionid = session.session_id sm.stop(session.session_key, 'random') with pytest.raises(UnknownSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) out, err = capsys.readouterr() assert ('Coult not find session' in out and isinstance(event_detected.results, namedtuple))
def test_seh_notify_stop(session_event_handler, session_key, thedude_identifier): seh = session_event_handler event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.STOP') mysession = session_tuple(thedude_identifier, session_key) seh.notify_stop(mysession) assert event_detected.session_key == mysession.session_key
def test_check_role_succeeds(modular_realm_authorizer, thedude_identifier): mra = modular_realm_authorizer roles = {'bankcustomer', 'courier', 'thief'} event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') assert (mra.check_role(thedude_identifier, roles, any) is None and frozenset(event_detected) == roles)
def test_check_permission_succeeds( permission_resolver, modular_realm_authorizer, authz_info, thedude_identifier, thedude_testpermissions): mra = modular_realm_authorizer tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') assert (mra.check_permission(thedude_identifier, tp['perms'], any) is None and event_detected == tp['perms'])
def test_authentication_using_accountstore_success( caplog, default_authenticator, valid_username_password_token, thedude_credentials): da = default_authenticator event_detected = None def event_listener(identifiers=None): nonlocal event_detected event_detected = identifiers event_bus.register(event_listener, 'AUTHENTICATION.SUCCEEDED') account = da.authenticate_account(valid_username_password_token) out = caplog.text assert (event_detected == account.account_id and ("Could not obtain cached" in out and "No account" not in out))
def test_check_permission_raises( permission_resolver, modular_realm_authorizer, authz_info, thedude_identifier, thedude_testpermissions): mra = modular_realm_authorizer tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') with pytest.raises(UnauthorizedException): mra.check_permission(thedude_identifier, tp['perms'], all) assert event_detected == tp['perms']
def test_check_role_raises(thedude_identifier, modular_realm_authorizer, clear_cached_authz_info): mra = modular_realm_authorizer roles = {'bankcustomer', 'courier', 'thief'} event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') with pytest.raises(UnauthorizedException): mra.check_role(thedude_identifier, roles, all) assert frozenset(event_detected) == roles
def test_check_permission_succeeds(permission_resolver, modular_realm_authorizer, authz_info, thedude_identifier, thedude_testpermissions): mra = modular_realm_authorizer tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') assert (mra.check_permission(thedude_identifier, tp['perms'], any) is None and event_detected == tp['perms'])
def test_has_role(valid_username_password_token, thedude_testroles, new_subject, authz_info, thedude_credentials): tr = thedude_testroles event_detected = None def event_listener(identifiers=None, items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.RESULTS') new_subject.login(valid_username_password_token) result = new_subject.has_role(tr['roles']) assert (tr['expected_results'] == result and frozenset(event_detected) == result) new_subject.logout()
def test_check_role_succeeds( authz_info, new_subject, thedude_testroles, valid_username_password_token, thedude_credentials): tr = thedude_testroles event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') new_subject.login(valid_username_password_token) assert (new_subject.check_role(tr['roles'], any) is None and event_detected == tr['roles']) new_subject.logout()
def test_authentication_using_accountstore_pw_failure( caplog, default_authenticator, invalid_username_password_token, thedude_credentials): da = default_authenticator event_detected = None def event_listener(username=None): nonlocal event_detected event_detected = username event_bus.register(event_listener, 'AUTHENTICATION.FAILED') with pytest.raises(AuthenticationException): account = da.authenticate_account(invalid_username_password_token) out = caplog.text assert (event_detected == account.account_id and ("Could not obtain cached" in out and "No account" not in out))
def test_check_permission_raises(permission_resolver, modular_realm_authorizer, authz_info, thedude_identifier, thedude_testpermissions): mra = modular_realm_authorizer tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') with pytest.raises(UnauthorizedException): mra.check_permission(thedude_identifier, tp['perms'], all) assert event_detected == tp['perms']
def test_check_role_succeeds(authz_info, new_subject, thedude_testroles, valid_username_password_token, thedude_credentials): tr = thedude_testroles event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') new_subject.login(valid_username_password_token) assert (new_subject.check_role(tr['roles'], any) is None and event_detected == tr['roles']) new_subject.logout()
def test_is_permitted(permission_resolver, modular_realm_authorizer, authz_info, thedude_identifier, thedude_testpermissions): """ get a frozenset of tuple(s), containing the Permission and a Boolean indicating whether the permission is granted """ mra = modular_realm_authorizer tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.RESULTS') results = mra.is_permitted(thedude_identifier, tp['perms']) assert (tp['expected_results'] == results and frozenset(event_detected) == results)
def test_authentication_using_accountstore_user_not_found( default_authenticator): da = default_authenticator event_detected = None def event_listener(username=None): nonlocal event_detected event_detected = username event_bus.register(event_listener, 'AUTHENTICATION.FAILED') dumb_token = UsernamePasswordToken(username='******', password='******', remember_me=False, host='127.0.0.1') with pytest.raises(AuthenticationException): da.authenticate_account(dumb_token) assert (event_detected == dumb_token.username)
def test_check_role_raises(authz_info, new_subject, thedude_testroles, valid_username_password_token, thedude_credentials): tr = thedude_testroles event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') new_subject.login(valid_username_password_token) with pytest.raises(UnauthorizedException): new_subject.check_role(tr['roles'], all) assert event_detected == tr['roles'] new_subject.logout()
def test_check_role_raises( authz_info, new_subject, thedude_testroles, valid_username_password_token, thedude_credentials): tr = thedude_testroles event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') new_subject.login(valid_username_password_token) with pytest.raises(UnauthorizedException): new_subject.check_role(tr['roles'], all) assert event_detected == tr['roles'] new_subject.logout()
def test_has_role(modular_realm_authorizer, thedude_identifier): mra = modular_realm_authorizer roles = {'bankcustomer', 'courier', 'thief'} expected_results = frozenset([('bankcustomer', True), ('courier', True), ('thief', False)]) event_detected = None def event_listener(identifiers=None, items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.RESULTS') result = mra.has_role(thedude_identifier, roles) assert (expected_results == result and frozenset(event_detected) == result)
def test_check_permission_raises( permission_resolver, authz_info, thedude_testpermissions, new_subject, valid_username_password_token, thedude_credentials): tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') new_subject.login(valid_username_password_token) with pytest.raises(UnauthorizedException): new_subject.check_permission(tp['perms'], all) assert event_detected == tp['perms'] new_subject.logout()
def test_sh_stopped_session(session_handler, cache_handler, session, monkeypatch): """ test objective: validate stopped session handling session_handler aspects tested: - create_session - do_get_session - on_change - validate - on_invalidation - before_invalid_notification - after_stopped """ ch = cache_handler sh = session_handler monkeypatch.setattr(sh, 'auto_touch', False) sh.cache_handler = cache_handler event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.STOP') session.set_internal_attribute( 'DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678') sessionid = sh.create_session(session) cachedsession = ch.get(domain='session', identifier=sessionid) now = datetime.datetime.now(pytz.utc) cachedsession.stop_timestamp = now ch.set(domain='session', identifier=sessionid, value=cachedsession) with pytest.raises(InvalidSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) assert event_detected.identifiers
def test_sh_stopped_session( session_handler, cache_handler, session, monkeypatch): """ test objective: validate stopped session handling session_handler aspects tested: - create_session - do_get_session - on_change - validate - on_invalidation - before_invalid_notification - after_stopped """ ch = cache_handler sh = session_handler monkeypatch.setattr(sh, 'auto_touch', False) sh.cache_handler = cache_handler event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.STOP') session.set_internal_attribute('DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678') sessionid = sh.create_session(session) cachedsession = ch.get(domain='session', identifier=sessionid) now = datetime.datetime.now(pytz.utc) cachedsession.stop_timestamp = now ch.set(domain='session', identifier=sessionid, value=cachedsession) with pytest.raises(InvalidSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) assert event_detected.identifiers
def test_authenticated_subject_check_permission_succeeds( authz_info, thedude_testpermissions, new_subject, valid_username_password_token, thedude_credentials): tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.GRANTED') new_subject.login(valid_username_password_token) check = new_subject.check_permission(tp['perms'], any) assert (check is None and event_detected == tp['perms']) new_subject.logout() with pytest.raises(UnauthenticatedException): new_subject.check_permission(tp['perms'], any)
def test_authentication_using_cache_pw_failure( caplog, default_authenticator, invalid_username_password_token, cache_handler, thedude_credentials): da = default_authenticator event_detected = None def event_listener(username=None): nonlocal event_detected event_detected = username event_bus.register(event_listener, 'AUTHENTICATION.FAILED') cred = Credential(thedude_credentials) cache_handler.set(domain='credentials', identifier='thedude', value=cred) with pytest.raises(AuthenticationException): da.authenticate_account(invalid_username_password_token) out = caplog.text assert (event_detected == invalid_username_password_token.username and ("Could not obtain cached" not in out))
def test_authentication_using_cache_success( caplog, default_authenticator, invalid_username_password_token, valid_username_password_token, cache_handler, thedude_credentials): da = default_authenticator event_detected = None def event_listener(identifiers=None): nonlocal event_detected event_detected = identifiers event_bus.register(event_listener, 'AUTHENTICATION.SUCCEEDED') with pytest.raises(AuthenticationException): da.authenticate_account(invalid_username_password_token) account = da.authenticate_account(valid_username_password_token) out = caplog.text assert (event_detected == account.account_id and ("Could not obtain cached" not in out) and account.account_id == valid_username_password_token.identifier)
def test_sh_expired_session(session_handler, cache_handler, session, myminutes): """ test objective: validate idle and absolute timeout expiration handling session_handler aspects tested: - create_session - do_get_session - on_change - validate - on_expiration - before_invalid_notification """ sh = session_handler sh.auto_touch = False sh.cache_handler = cache_handler event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.EXPIRE') session.set_internal_attribute( 'DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678') sessionid = sh.create_session(session) cachedsession = sh.do_get_session(DefaultSessionKey(sessionid)) now = datetime.datetime.now(pytz.utc) minutes_ago = datetime.timedelta(minutes=myminutes) cachedsession.last_access_time = now - minutes_ago sh.on_change(cachedsession) with pytest.raises(ExpiredSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) assert event_detected.items.identifiers
def test_sh_expired_session( session_handler, cache_handler, session, myminutes): """ test objective: validate idle and absolute timeout expiration handling session_handler aspects tested: - create_session - do_get_session - on_change - validate - on_expiration - before_invalid_notification """ sh = session_handler sh.auto_touch = False sh.cache_handler = cache_handler event_detected = None def event_listener(items=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'SESSION.EXPIRE') session.set_internal_attribute('DefaultSubjectContext.IDENTIFIERS_SESSION_KEY', 'user12345678') sessionid = sh.create_session(session) cachedsession = sh.do_get_session(DefaultSessionKey(sessionid)) now = datetime.datetime.now(pytz.utc) minutes_ago = datetime.timedelta(minutes=myminutes) cachedsession.last_access_time = now - minutes_ago sh.on_change(cachedsession) with pytest.raises(ExpiredSessionException): sh.do_get_session(DefaultSessionKey(sessionid)) assert event_detected.items.identifiers
def test_check_permission_raises(permission_resolver, authz_info, thedude_testpermissions, new_subject, valid_username_password_token, thedude_credentials): tp = thedude_testpermissions event_detected = None def event_listener(identifiers=None, items=None, logical_operator=None): nonlocal event_detected event_detected = items event_bus.register(event_listener, 'AUTHORIZATION.DENIED') new_subject.login(valid_username_password_token) with pytest.raises(UnauthorizedException): new_subject.check_permission(tp['perms'], all) assert event_detected == tp['perms'] new_subject.logout()
def test_session_manager_start(session_manager, cache_handler, session_context): """ test objective: aspects tested: - _create_session - create_exposed_session """ sm = session_manager sm.cache_handler = cache_handler sm.event_bus = event_bus event_detected = None def event_listener(session_id=None): nonlocal event_detected event_detected = session_id event_bus.register(event_listener, 'SESSION.START') session = sm.start(session_context) assert (isinstance(session, DelegatingSession) and event_detected)