[Checkins] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/ Restore credentials even when the plugin raises an exception.
Stefan H. Holek
stefan at epy.co.at
Sun Mar 1 14:51:22 EST 2009
Log message for revision 97400:
Restore credentials even when the plugin raises an exception.
Changed:
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py
A Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py
-=-
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-01 13:00:22 UTC (rev 97399)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-01 19:51:22 UTC (rev 97400)
@@ -609,13 +609,14 @@
if role_user_id is not None:
credentials['login'] = auth_user_id
- uid_and_info = auth.authenticateCredentials(
- credentials )
+ try:
+ uid_and_info = auth.authenticateCredentials(
+ credentials )
+ finally:
+ # Masquerading: Restore credentials
+ if role_user_id is not None:
+ credentials['login'] = login
- # Masquerading: Restore credentials before continue
- if role_user_id is not None:
- credentials['login'] = login
-
if uid_and_info is None:
continue
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py 2009-03-01 13:00:22 UTC (rev 97399)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py 2009-03-01 19:51:22 UTC (rev 97400)
@@ -24,15 +24,19 @@
from Testing.ZopeTestCase import user_password
from Testing.ZopeTestCase import user_role
-from base64 import encodestring
-user_auth = encodestring('%s:%s' % (user_name, user_password)).rstrip()
-
from Products.PluggableAuthService.interfaces.plugins import \
IAuthenticationPlugin, IUserEnumerationPlugin, IRolesPlugin, \
IRoleEnumerationPlugin, IRoleAssignerPlugin, \
IChallengePlugin, IExtractionPlugin, IUserAdderPlugin
+from base64 import encodestring
+def mkauth(name, password):
+ return encodestring('%s:%s' % (name, password)).rstrip()
+
+user_auth = mkauth(user_name, user_password)
+
+
class PASTestCase(ZopeTestCase.ZopeTestCase):
"""ZopeTestCase with a PAS instead of the default user folder
"""
Added: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py (rev 0)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py 2009-03-01 19:51:22 UTC (rev 97400)
@@ -0,0 +1,150 @@
+##############################################################################
+#
+# Copyright (c) 2009 Zope Corporation and Contributors. All Rights
+# Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this
+# distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+
+import unittest
+
+from Products.PluggableAuthService.tests import pastc
+
+from Products.PluggableAuthService.interfaces.plugins import IExtractionPlugin
+from Products.PluggableAuthService.utils import splitmasq
+from Products.PluggableAuthService.utils import joinmasq
+
+from AccessControl.SecurityManagement import getSecurityManager
+from AccessControl.Permissions import view as View
+
+
+class SplitMasqTests(unittest.TestCase):
+
+ def testSimpleId(self):
+ self.assertEqual(splitmasq('fred'), ('fred', None))
+
+ def testMasqueradingId(self):
+ self.assertEqual(splitmasq('fred/wilma'), ('fred', 'wilma'))
+
+ def testStartsWithSlash(self):
+ self.assertEqual(splitmasq('/fred'), ('/fred', None))
+
+ def testEndsWithSlash(self):
+ self.assertEqual(splitmasq('fred/'), ('fred/', None))
+
+ def testSpuriousSlash(self):
+ self.assertEqual(splitmasq('fred//wilma'), ('fred', '/wilma'))
+
+ def testSpuriousId(self):
+ self.assertEqual(splitmasq('fred/wilma/pebbles'), ('fred', 'wilma/pebbles'))
+
+ def testNoneId(self):
+ self.assertEqual(splitmasq(None), (None, None))
+
+ def testEmptyId(self):
+ self.assertEqual(splitmasq(''), ('', None))
+
+
+class JoinMasqTests(unittest.TestCase):
+
+ def testSimpleIds(self):
+ self.assertEqual(joinmasq('barney', 'betty'), 'barney/betty')
+
+ def testFirstIdNone(self):
+ self.assertEqual(joinmasq(None, 'betty'), None)
+
+ def testSecondIdNone(self):
+ self.assertEqual(joinmasq('barney', None), 'barney')
+
+ def testBothIdsNone(self):
+ self.assertEqual(joinmasq(None, None), None)
+
+ def testFirstIdEmpty(self):
+ self.assertEqual(joinmasq('', 'betty'), '')
+
+ def testSecondIdEmpty(self):
+ self.assertEqual(joinmasq('barney', ''), 'barney')
+
+ def testBothIdsEmpty(self):
+ self.assertEqual(joinmasq('', ''), '')
+
+
+class MasqueradingTests(pastc.PASTestCase):
+
+ def afterSetUp(self):
+ self.pas = self.folder.acl_users
+ # Create a masquerading user
+ self.pas.users.addUser('fred', 'fred', 'r0ck')
+ self.pas.roles.assignRoleToPrincipal('Manager', 'fred')
+ # Create a masqueraded user
+ self.pas.users.addUser('wilma', 'wilma', 'geheim')
+ self.pas.roles.assignRoleToPrincipal(pastc.user_role, 'wilma')
+ # Create a protected document
+ self.folder.manage_addDTMLMethod('doc', file='the document')
+ self.doc = self.folder.doc
+ self.doc.manage_permission(View, [pastc.user_role], acquire=False)
+
+ def test__extractUserIds(self):
+ request = self.app.REQUEST
+ request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
+
+ user_id, info = self.pas._extractUserIds(request, self.pas.plugins)[0]
+ self.assertEqual(user_id, 'fred/wilma')
+ self.assertEqual(info, 'fred/wilma')
+
+ def test__findUser(self):
+ user = self.pas._findUser(self.pas.plugins, 'fred/wilma')
+ self.assertEqual(user.getId(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+ def test__verifyUser(self):
+ info = self.pas._verifyUser(self.pas.plugins, 'fred/wilma')
+ self.assertEqual(info['id'], 'wilma')
+ self.assertEqual(info['login'], 'wilma')
+
+ def test_getUser(self):
+ user = self.pas.getUser('fred/wilma')
+ self.assertEqual(user.getId(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+ def test_getUserById(self):
+ user = self.pas.getUserById('fred/wilma')
+ self.assertEqual(user.getId(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+ def test_validate(self):
+ # Rig the request so it looks like we traversed to doc
+ request = self.app.REQUEST
+ request['PUBLISHED'] = self.doc
+ request['PARENTS'] = [self.app, self.folder]
+ request.steps = list(self.doc.getPhysicalPath())
+ request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
+
+ user = self.pas.validate(request)
+ self.failIf(user is None)
+ self.assertEqual(user.getId(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+ user = getSecurityManager().getUser()
+ self.failIf(user is None)
+ self.assertEqual(user.getId(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+
+def test_suite():
+ return unittest.TestSuite((
+ unittest.makeSuite(SplitMasqTests),
+ unittest.makeSuite(JoinMasqTests),
+ unittest.makeSuite(MasqueradingTests),
+ ))
+
+if __name__ == '__main__':
+ unittest.main(defaultTest='test_suite')
+
Property changes on: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
___________________________________________________________________
Added: svn:keywords
+ Id
Added: svn:eol-style
+ native
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py 2009-03-01 13:00:22 UTC (rev 97399)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py 2009-03-01 19:51:22 UTC (rev 97400)
@@ -217,12 +217,13 @@
def splitmasq( user_id ):
if user_id is not None:
- if user_id.find(_MASQ) > 0:
- return user_id.split(_MASQ, 1)
- return user_id, None
+ split = user_id.split(_MASQ, 1)
+ if len(split) == 2 and '' not in split:
+ return tuple(split)
+ return (user_id, None)
def joinmasq( auth_user_id, role_user_id ):
- if None in (auth_user_id, role_user_id):
+ if not auth_user_id or not role_user_id:
return auth_user_id
return _MASQ.join((auth_user_id, role_user_id))
More information about the Checkins
mailing list