1
0
Fork 0
wuttaweb/tests/test_auth.py

146 lines
4.9 KiB
Python
Raw Permalink Normal View History

# -*- coding: utf-8; -*-
from unittest import TestCase
from unittest.mock import MagicMock
from pyramid import testing
from wuttjamaican.conf import WuttaConfig
from wuttaweb import auth as mod
class TestLoginUser(TestCase):
def test_basic(self):
config = WuttaConfig()
app = config.get_app()
model = app.model
request = testing.DummyRequest(wutta_config=config)
user = model.User(username='barney')
headers = mod.login_user(request, user)
self.assertEqual(headers, [])
class TestLogoutUser(TestCase):
def test_basic(self):
config = WuttaConfig()
request = testing.DummyRequest(wutta_config=config)
request.session.delete = MagicMock()
headers = mod.logout_user(request)
request.session.delete.assert_called_once_with()
self.assertEqual(headers, [])
class TestWuttaSecurityPolicy(TestCase):
def setUp(self):
self.config = WuttaConfig(defaults={
'wutta.db.default.url': 'sqlite://',
})
self.request = testing.DummyRequest()
self.pyramid_config = testing.setUp(request=self.request, settings={
'wutta_config': self.config,
})
self.app = self.config.get_app()
model = self.app.model
model.Base.metadata.create_all(bind=self.config.appdb_engine)
self.session = self.app.make_session()
self.user = model.User(username='barney')
self.session.add(self.user)
self.session.commit()
self.policy = self.make_policy()
def tearDown(self):
testing.tearDown()
def make_policy(self):
return mod.WuttaSecurityPolicy(db_session=self.session)
def test_remember(self):
uuid = self.user.uuid
self.assertIsNotNone(uuid)
self.assertIsNone(self.policy.session_helper.authenticated_userid(self.request))
self.policy.remember(self.request, uuid)
self.assertEqual(self.policy.session_helper.authenticated_userid(self.request), uuid)
def test_forget(self):
uuid = self.user.uuid
self.policy.remember(self.request, uuid)
self.assertEqual(self.policy.session_helper.authenticated_userid(self.request), uuid)
self.policy.forget(self.request)
self.assertIsNone(self.policy.session_helper.authenticated_userid(self.request))
def test_identity(self):
# no identity
user = self.policy.identity(self.request)
self.assertIsNone(user)
# identity is remembered (must use new policy to bust cache)
self.policy = self.make_policy()
uuid = self.user.uuid
self.assertIsNotNone(uuid)
self.policy.remember(self.request, uuid)
user = self.policy.identity(self.request)
self.assertIs(user, self.user)
# invalid identity yields no user
self.policy = self.make_policy()
self.policy.remember(self.request, 'bogus-user-uuid')
user = self.policy.identity(self.request)
self.assertIsNone(user)
def test_authenticated_userid(self):
# no identity
uuid = self.policy.authenticated_userid(self.request)
self.assertIsNone(uuid)
# identity is remembered (must use new policy to bust cache)
self.policy = self.make_policy()
self.policy.remember(self.request, self.user.uuid)
uuid = self.policy.authenticated_userid(self.request)
self.assertEqual(uuid, self.user.uuid)
def test_permits(self):
auth = self.app.get_auth_handler()
model = self.app.model
# anon has no perms
self.assertFalse(self.policy.permits(self.request, None, 'foo.bar'))
# but we can grant it
anons = auth.get_role_anonymous(self.session)
self.user.roles.append(anons)
auth.grant_permission(anons, 'foo.bar')
self.session.commit()
# and then perm check is satisfied
self.assertTrue(self.policy.permits(self.request, None, 'foo.bar'))
# now, create a separate role and grant another perm
# (but user does not yet belong to this role)
role = model.Role(name='whatever')
self.session.add(role)
auth.grant_permission(role, 'baz.edit')
self.session.commit()
# so far then, user does not have the permission
self.policy = self.make_policy()
self.policy.remember(self.request, self.user.uuid)
self.assertFalse(self.policy.permits(self.request, None, 'baz.edit'))
# but if we assign user to role, perm check should pass
self.user.roles.append(role)
self.session.commit()
self.assertTrue(self.policy.permits(self.request, None, 'baz.edit'))
# now let's try another perm - we won't grant it, but will
# confirm user is denied access unless they become root
self.assertFalse(self.policy.permits(self.request, None, 'some-root-perm'))
self.request.is_root = True
self.assertTrue(self.policy.permits(self.request, None, 'some-root-perm'))