Commit 6940b138 by Vincent Pelletier

tests: Use self.request(..., basic='...') to simulate authentication.

__ac_name & __ac_password are only useful to get a cookie, so only use them
when the test is actually expecting a cookie.
parent bd9c5836
......@@ -28,6 +28,7 @@
#
##############################################################################
from functools import partial
import unittest
import urllib
from StringIO import StringIO
......@@ -603,10 +604,13 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
time.sleep(1)
self.assertTrue(login.isPasswordExpired())
publish = partial(
self.publish,
portal.absolute_url_path() + '/view',
basic=self.id() + ':password',
)
# User cannot login
path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s' % (
self.id(), 'password')
response = self.publish(path)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.tic()
......@@ -615,7 +619,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
portal_type='Credential Recovery')
# trying to login again does not create a new credential recovery
response = self.publish(path)
response = publish()
self.tic()
credential_recovery, = login.getDestinationDecisionRelatedValueList(
portal_type='Credential Recovery')
......@@ -640,24 +644,30 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
login.setPassword('used_ALREADY_1234')
self.tic()
path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s' %('test-05', 'used_ALREADY_1234')
response = self.publish(path)
response = self.publish(
portal.absolute_url_path() + '/view',
basic='test-05:used_ALREADY_1234',
)
self.assertTrue('Welcome to ERP5' in response.getBody())
self.assertFalse(login.isLoginBlocked())
publish = partial(
self.publish,
portal.absolute_url_path() + '/view',
basic='test-05:bad_test',
)
# fail request #1
path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s' %('test-05', 'bad_test')
response = self.publish(path)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.assertFalse(login.isLoginBlocked())
# fail request #2
response = self.publish(path)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.assertFalse(login.isLoginBlocked())
# fail request #3
response = self.publish(path)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form"))
self.assertTrue(login.isLoginBlocked())
......@@ -665,8 +675,12 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
# test message that account is blocked
self.assertTrue(login.isLoginBlocked())
path = portal.absolute_url_path() + '/logged_in?__ac_name=%s&__ac_password=%s' %('test-05', 'used_ALREADY_1234')
response = self.publish(path)
publish = partial(
self.publish,
portal.absolute_url_path() + '/logged_in',
basic='test-05:used_ALREADY_1234',
)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form?portal_status_message=Account is blocked."))
# test expire password message, first unblock it
......@@ -674,7 +688,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
preference.setPreferredMaxPasswordLifetimeDuration(0)
self.tic()
self._clearCache()
response = self.publish(path)
response = publish()
self.assertTrue(response.getHeader("Location").endswith("login_form?portal_status_message=Password is expired."))
self.assertTrue(login.isPasswordExpired())
......@@ -683,7 +697,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
preference.setPreferredPasswordLifetimeExpireWarningDuration(24)
self.tic()
self._clearCache()
response = self.publish(path)
response = publish()
self.assertTrue('Your password will expire' in response.getHeader("Location"))
self.assertTrue('You are advised to change it as soon as possible' in response.getHeader("Location"))
......@@ -692,8 +706,10 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
preference.setPreferredPasswordLifetimeExpireWarningDuration(12)
self.tic()
self._clearCache()
path = portal.absolute_url_path() + '/view?__ac_name=%s&__ac_password=%s' %('test-05', 'used_ALREADY_1234')
response = self.publish(path)
response = self.publish(
portal.absolute_url_path() + '/view',
basic='test-05:used_ALREADY_1234',
)
self.assertTrue('Welcome to ERP5' in response.getBody())
def test_ExpireOldAuthenticationEventList(self):
......
......@@ -898,6 +898,11 @@ class TestLocalRoleManagement(RoleManagementTestCase):
def testSimpleLocalRole(self):
"""Test simple case of setting a role.
"""
def viewSecurity():
return self.publish(
self.portal.absolute_url_path() + '/Base_viewSecurity',
basic='%s:%s' % (self.username, self.username),
)
self._getTypeInfo().newContent(portal_type='Role Information',
role_name='Assignor',
description='desc.',
......@@ -913,9 +918,7 @@ class TestLocalRoleManagement(RoleManagementTestCase):
# check if assignment change is effective immediately
self.login()
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
res = viewSecurity()
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']"], res.body)
assignment = self.person.newContent( portal_type='Assignment',
......@@ -923,15 +926,11 @@ class TestLocalRoleManagement(RoleManagementTestCase):
site='subcat',
function='another_subcat' )
assignment.open()
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
res = viewSecurity()
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']", "--> ['F2_G1_S1']"], res.body)
assignment.setGroup('another_subcat')
res = self.publish(self.portal.absolute_url_path() + \
'/Base_viewSecurity?__ac_name=%s&__ac_password=%s' % \
(self.username, self.username))
res = viewSecurity()
self.assertEqual([x for x in res.body.splitlines() if x.startswith('-->')],
["--> ['F1_G1_S1']", "--> ['F2_G2_S1']"], res.body)
self.abort()
......@@ -1181,11 +1180,15 @@ class TestKeyAuthentication(RoleManagementTestCase):
response = self.publish('%s/%s?__ac_key=%s' %(base_url, web_page.getReference(),
key))
self.assertEqual(response.getStatus(), 200)
response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % (
base_url, web_page.getReference(), reference, 'guest'))
response = self.publish(
base_url + '/' + web_page.getReference(),
basic=reference + ':guest',
)
self.assertEqual(response.getStatus(), 200)
response = self.publish('%s/%s?__ac_name=%s&__ac_password=%s' % (
base_url, web_page.getReference(), 'ERP5TypeTestCase', ''))
response = self.publish(
base_url + '/' + web_page.getReference(),
basic='ERP5TypeTestCase:',
)
self.assertEqual(response.getStatus(), 200)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment