Finalise certificate management tests.

Prove that user can request and revoke certificate for himself. Prove that user cannot request twice the certificate. Prove that user cannot request nor revoke certificate for another one.

Finalise certificate management tests.
Prove that user can request and revoke certificate for himself. Prove that user cannot request twice the certificate. Prove that user cannot request nor revoke certificate for another one.
e55b5bf8 · Łukasz Nowak · 86e8d3d0 · e55b5bf8
Commit e55b5bf8 authored Jun 16, 2011 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 13 deletions

master/product/Vifib/tests/testVifibSlapWebService.py master/product/Vifib/tests/testVifibSlapWebService.py +52 -13

No files found.
--- a/master/product/Vifib/tests/testVifibSlapWebService.py
+++ b/master/product/Vifib/tests/testVifibSlapWebService.py
@@ -6997,43 +6997,82 @@ class TestVifibSlapWebService(testVifibMixin):
  # Person using PKI/Slap interface
  ########################################

-  def test_person_request_new_certificate(self):
-    """Chekcs that Person is capable to ask for new certificate"""
-    self.login()
-    self.portal.portal_certificate_authority._checkCertificateAuthority()
-    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
-      'test_vifib_user_admin')
+  def _safe_revoke_certificate(self, person):
+    from AccessControl import getSecurityManager
+    user = getSecurityManager().getUser().getId()
    try:
+      self.login('ERP5TypeTestCase')
      person.revokeCertificate()
    except ValueError, err:
      if 'No certificate for' in err.message:
        pass
      else:
        raise
+    finally:
+      self.login(user)
+
+  def test_person_request_new_certificate(self):
+    """Checks that Person is capable to ask for new certificate"""
+    self.login()
+    self.portal.portal_certificate_authority._checkCertificateAuthority()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
+      'test_vifib_user_admin')
+    self._safe_revoke_certificate(person)
    self.login('test_vifib_user_admin')
-    transaction.commit()
    certificate = person.getCertificate()
-    raise NotImplementedError
+    self.assertTrue('CN=test_vifib_user_admin' in certificate['certificate'])

  def test_person_request_revoke_certificate(self):
    """Chekcs that Person is capable to ask for revocation of certificate"""
-    raise NotImplementedError
+    self.login()
+    self.portal.portal_certificate_authority._checkCertificateAuthority()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
+      'test_vifib_user_admin')
+    self._safe_revoke_certificate(person)
+    self.login('test_vifib_user_admin')
+    certificate = person.getCertificate()
+    self.assertTrue('CN=test_vifib_user_admin' in certificate['certificate'])
+    person.revokeCertificate()

  def test_person_request_new_certificate_twice(self):
    """Checks that if Person asks twice for a certificate the next call
       fails"""
-    raise NotImplementedError
+    self.login()
+    self.portal.portal_certificate_authority._checkCertificateAuthority()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
+      'test_vifib_user_admin')
+    self._safe_revoke_certificate(person)
+    self.login('test_vifib_user_admin')
+    certificate = person.getCertificate()
+    self.assertTrue('CN=test_vifib_user_admin' in certificate['certificate'])
+    self.assertRaises(ValueError, person.getCertificate)

  def test_person_request_certificate_for_another_person(self):
    """Checks that if Person tries to request ceritifcate for someone else it
    will fail"""
-    raise NotImplementedError
+    from AccessControl import Unauthorized
+    self.login()
+    self.portal.portal_certificate_authority._checkCertificateAuthority()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
+      'test_vifib_user_admin')
+    self._safe_revoke_certificate(person)
+    self.login('test_hr_admin')
+    self.assertRaises(Unauthorized, person.getCertificate)

  def test_person_request_revoke_certificate_for_another_person(self):
    """Checks that if Person tries to request ceritifcate for someone else it
    will fail"""
-    raise NotImplementedError
-
+    from AccessControl import Unauthorized
+    self.login()
+    self.portal.portal_certificate_authority._checkCertificateAuthority()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(
+      'test_vifib_user_admin')
+    self._safe_revoke_certificate(person)
+    self.login('test_vifib_user_admin')
+    certificate = person.getCertificate()
+    self.assertTrue('CN=test_vifib_user_admin' in certificate['certificate'])
+    self.login('test_hr_admin')
+    self.assertRaises(Unauthorized, person.revokeCertificate)

  def stepPersonRequestSlapSoftwareInstanceNotFoundResponse(self, sequence,
      **kw):