[Checkins] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/ Add global on/off switch via environment variable.
Stefan H. Holek
stefan at epy.co.at
Tue Mar 3 07:58:45 EST 2009
Log message for revision 97438:
Add global on/off switch via environment variable.
Changed:
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py
-=-
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-03 09:30:22 UTC (rev 97437)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-03 12:58:44 UTC (rev 97438)
@@ -21,6 +21,7 @@
import sys
import re
import types
+import os
from ZPublisher import BeforeTraverse
@@ -86,6 +87,7 @@
from utils import createViewName
from utils import createKeywords
from utils import classImplements
+from utils import masquerading
from utils import splitmasq
security = ModuleSecurityInfo(
@@ -735,8 +737,11 @@
security.declarePrivate( '_canMasquerade' )
def _canMasquerade( self, plugins, user_id, name=None, request=None ):
- """ Return True if user_id has the Manager role.
+ """ Return True if masquerading is enabled and user_id has the Manager role.
"""
+ if not masquerading():
+ return False
+
user = self._createUser( plugins, user_id, name )
rolemakers = plugins.listPlugins( IRolesPlugin )
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py 2009-03-03 09:30:22 UTC (rev 97437)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py 2009-03-03 12:58:44 UTC (rev 97438)
@@ -14,10 +14,12 @@
##############################################################################
import unittest
+import os
from Products.PluggableAuthService.tests import pastc
from Products.PluggableAuthService.interfaces.plugins import IExtractionPlugin
+from Products.PluggableAuthService.utils import masquerading
from Products.PluggableAuthService.utils import splitmasq
from AccessControl.SecurityManagement import getSecurityManager
@@ -67,7 +69,13 @@
self.doc.manage_permission(View, [pastc.user_role], acquire=False)
# Start out as Anonymous User
self.logout()
+ # Enable masquerading
+ masquerading(True)
+ def afterClear(self):
+ # Disable masquerading
+ masquerading(False)
+
def test__extractUserIds(self):
request = self.app.REQUEST
request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
@@ -79,6 +87,15 @@
self.assertEqual(user_id, 'wilma_id')
self.assertEqual(info, 'wilma')
+ def test__extractUserIds_masquerading_disabled(self):
+ request = self.app.REQUEST
+ request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
+
+ masquerading(False)
+
+ uids = self.pas._extractUserIds(request, self.pas.plugins)
+ self.assertEqual(len(uids), 0)
+
def test__extractUserIds_masquerading_denied(self):
request = self.app.REQUEST
request._auth = 'Basic %s' % pastc.mkauth('wilma/fred', 'geheim')
@@ -102,17 +119,36 @@
request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
user = self.pas.validate(request)
- self.failIf(user is None)
+ self.failIfEqual(user, None)
self.assertEqual(user.getId(), 'wilma_id')
self.assertEqual(user.getUserName(), 'wilma')
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
user = getSecurityManager().getUser()
- self.failIf(user is None)
+ self.failIfEqual(user, None)
self.assertEqual(user.getId(), 'wilma_id')
self.assertEqual(user.getUserName(), 'wilma')
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+ def test_validate_masquerading_disabled(self):
+ # Rig the request so it looks like we traversed to doc
+ request = self.app.REQUEST
+ request['PUBLISHED'] = self.doc
+ request['PARENTS'] = [self.folder, self.app]
+ request.steps = list(self.doc.getPhysicalPath())
+ request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
+
+ masquerading(False)
+
+ user = self.pas.validate(request)
+ self.assertEqual(user, None)
+
+ user = getSecurityManager().getUser()
+ self.failIfEqual(user, None)
+ self.assertEqual(user.getId(), None)
+ self.assertEqual(user.getUserName(), 'Anonymous User')
+ self.assertEqual(user.getRoles(), ('Anonymous',))
+
def test_validate_masquerading_denied(self):
# Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
@@ -125,7 +161,7 @@
self.assertEqual(user, None)
user = getSecurityManager().getUser()
- self.failIf(user is None)
+ self.failIfEqual(user, None)
self.assertEqual(user.getId(), None)
self.assertEqual(user.getUserName(), 'Anonymous User')
self.assertEqual(user.getRoles(), ('Anonymous',))
@@ -142,7 +178,7 @@
self.assertEqual(user, None)
user = getSecurityManager().getUser()
- self.failIf(user is None)
+ self.failIfEqual(user, None)
self.assertEqual(user.getId(), None)
self.assertEqual(user.getUserName(), 'Anonymous User')
self.assertEqual(user.getRoles(), ('Anonymous',))
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py 2009-03-03 09:30:22 UTC (rev 97437)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/utils.py 2009-03-03 12:58:44 UTC (rev 97438)
@@ -210,9 +210,17 @@
return {'keywords': keywords.hexdigest()}
+
#
# Masquerading helpers
#
+_ENVAR = 'PAS_MASQUERADING'
+
+def masquerading( enabled=None ):
+ if enabled is not None:
+ os.environ[_ENVAR] = enabled and 'on' or 'off'
+ return os.environ.get(_ENVAR, '') == 'on'
+
_MASQ = '/'
def splitmasq( user_id ):
More information about the Checkins
mailing list