Commit 212a88f1 authored by Jérome Perrin's avatar Jérome Perrin

access_token: update test

 - plugin must be enabled for IAuthenticationPlugin
 - check complete authentication sequence, not just extraction
 - update scripts to new names
parent 7d456f98
...@@ -33,7 +33,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -33,7 +33,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
dispacher = pas.manage_addProduct['ERP5Security'] dispacher = pas.manage_addProduct['ERP5Security']
dispacher.addERP5AccessTokenExtractionPlugin(self.test_token_extraction_id) dispacher.addERP5AccessTokenExtractionPlugin(self.test_token_extraction_id)
getattr(pas, self.test_token_extraction_id).manage_activateInterfaces( getattr(pas, self.test_token_extraction_id).manage_activateInterfaces(
('IExtractionPlugin',)) ('IExtractionPlugin', 'IAuthenticationPlugin'))
elif len(access_extraction_list) == 1: elif len(access_extraction_list) == 1:
self.test_token_extraction_id = access_extraction_list[0].getId() self.test_token_extraction_id = access_extraction_list[0].getId()
elif len(access_extraction_list) > 1: elif len(access_extraction_list) > 1:
...@@ -51,8 +51,9 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -51,8 +51,9 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
return person return person
def _getTokenCredential(self, request): def _getTokenCredential(self, request):
"""Authenticate the request and return (user_id, login) or None if not authorized."""
plugin = getattr(self.portal.acl_users, self.test_token_extraction_id) plugin = getattr(self.portal.acl_users, self.test_token_extraction_id)
return plugin.extractCredentials(request) return plugin.authenticateCredentials(plugin.extractCredentials(request))
def _createRestrictedAccessToken(self, new_id, person, method, url_string): def _createRestrictedAccessToken(self, new_id, person, method, url_string):
access_token = self.portal.access_token_module.newContent( access_token = self.portal.access_token_module.newContent(
...@@ -91,7 +92,11 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -91,7 +92,11 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = self._getTokenCredential(self.portal.REQUEST) result = self._getTokenCredential(self.portal.REQUEST)
self.assertEqual(result.get('external_login'), person.Person_getUserId()) self.assertTrue(result)
user_id, login = result
self.assertEqual(user_id, person.Person_getUserId())
# tokens have a login value, for auditing purposes
self.assertIn('token', login)
def test_bad_token(self): def test_bad_token(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
...@@ -110,9 +115,9 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -110,9 +115,9 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = self._getTokenCredential(self.portal.REQUEST) result = self._getTokenCredential(self.portal.REQUEST)
self.assertEqual(result, {}) self.assertFalse(result)
def test_RestrictedAccessToken_getExternalLogin(self): def test_RestrictedAccessToken_getUserId(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "GET" access_method = "GET"
...@@ -127,12 +132,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -127,12 +132,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, person.Person_getUserId()) self.assertEqual(result, person.Person_getUserId())
self.assertEqual(access_token.getValidationState(), 'validated') self.assertEqual(access_token.getValidationState(), 'validated')
def test_RestrictedAccessToken_getExternalLogin_access_token_secret(self): def test_RestrictedAccessToken_getUserId_access_token_secret(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "GET" access_method = "GET"
...@@ -146,7 +151,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -146,7 +151,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["REQUEST_METHOD"] = access_method self.portal.REQUEST["REQUEST_METHOD"] = access_method
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
self.portal.REQUEST.form["access_token_secret"] = "XYXYXYXY" self.portal.REQUEST.form["access_token_secret"] = "XYXYXYXY"
...@@ -154,12 +159,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -154,12 +159,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, person.Person_getUserId()) self.assertEqual(result, person.Person_getUserId())
self.assertEqual(access_token.getValidationState(), 'validated') self.assertEqual(access_token.getValidationState(), 'validated')
def test_RestrictedAccessToken_getExternalLogin_no_agent(self): def test_RestrictedAccessToken_getUserId_no_agent(self):
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "GET" access_method = "GET"
access_token = self._createRestrictedAccessToken(self.new_id, access_token = self._createRestrictedAccessToken(self.new_id,
...@@ -173,10 +178,10 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -173,10 +178,10 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
def test_RestrictedAccessToken_getExternalLogin_wrong_values(self): def test_RestrictedAccessToken_getUserId_wrong_values(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "GET" access_method = "GET"
...@@ -185,7 +190,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -185,7 +190,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
access_method, access_method,
access_url) access_url)
self.tic() self.tic()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
access_token.validate() access_token.validate()
...@@ -195,22 +200,22 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -195,22 +200,22 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
self.portal.REQUEST.form["access_token_secret"] = access_token.getReference() self.portal.REQUEST.form["access_token_secret"] = access_token.getReference()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar" self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar"
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
access_token.invalidate() access_token.invalidate()
self.tic() self.tic()
result = access_token.RestrictedAccessToken_getExternalLogin() result = access_token.RestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
def test_OneTimeRestrictedAccessToken_getExternalLogin(self): def test_OneTimeRestrictedAccessToken_getUserId(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "GET" access_method = "GET"
...@@ -224,12 +229,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -224,12 +229,12 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["REQUEST_METHOD"] = access_method self.portal.REQUEST["REQUEST_METHOD"] = access_method
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
result = access_token.OneTimeRestrictedAccessToken_getExternalLogin() result = access_token.OneTimeRestrictedAccessToken_getUserId()
self.assertEqual(result, person.Person_getUserId()) self.assertEqual(result, person.Person_getUserId())
self.assertEqual(access_token.getValidationState(), 'invalidated') self.assertEqual(access_token.getValidationState(), 'invalidated')
def test_OneTimeRestrictedAccessToken_getExternalLogin_wrong_values(self): def test_OneTimeRestrictedAccessToken_getUserId_wrong_values(self):
person = self.person = self._createPerson(self.new_id) person = self.person = self._createPerson(self.new_id)
access_url = "http://exemple.com/foo" access_url = "http://exemple.com/foo"
access_method = "POST" access_method = "POST"
...@@ -238,7 +243,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -238,7 +243,7 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
access_method, access_method,
access_url) access_url)
self.tic() self.tic()
result = access_token.OneTimeRestrictedAccessToken_getExternalLogin() result = access_token.OneTimeRestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
access_token.validate() access_token.validate()
...@@ -247,10 +252,10 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase): ...@@ -247,10 +252,10 @@ class TestERP5AccessTokenSkins(ERP5TypeTestCase):
self.portal.REQUEST["REQUEST_METHOD"] = "GET" self.portal.REQUEST["REQUEST_METHOD"] = "GET"
self.portal.REQUEST["ACTUAL_URL"] = access_url self.portal.REQUEST["ACTUAL_URL"] = access_url
result = access_token.OneTimeRestrictedAccessToken_getExternalLogin() result = access_token.OneTimeRestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar" self.portal.REQUEST["ACTUAL_URL"] = "http://exemple.com/foo.bar"
result = access_token.OneTimeRestrictedAccessToken_getExternalLogin() result = access_token.OneTimeRestrictedAccessToken_getUserId()
self.assertEqual(result, None) self.assertEqual(result, None)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment