29 from cubicweb.devtools.fake import FakeRequest |
29 from cubicweb.devtools.fake import FakeRequest |
30 from cubicweb.web import LogOut, Redirect, INTERNAL_FIELD_VALUE |
30 from cubicweb.web import LogOut, Redirect, INTERNAL_FIELD_VALUE |
31 from cubicweb.web.views.basecontrollers import ViewController |
31 from cubicweb.web.views.basecontrollers import ViewController |
32 from cubicweb.web.application import anonymized_request |
32 from cubicweb.web.application import anonymized_request |
33 from cubicweb.dbapi import DBAPISession, _NeedAuthAccessMock |
33 from cubicweb.dbapi import DBAPISession, _NeedAuthAccessMock |
|
34 from cubicweb import repoapi |
34 |
35 |
35 class FakeMapping: |
36 class FakeMapping: |
36 """emulates a mapping module""" |
37 """emulates a mapping module""" |
37 def __init__(self): |
38 def __init__(self): |
38 self.ENTITIES_MAP = {} |
39 self.ENTITIES_MAP = {} |
334 req, origsession = self.init_authentication('cookie') |
335 req, origsession = self.init_authentication('cookie') |
335 # req.form['__login'] = address |
336 # req.form['__login'] = address |
336 # req.form['__password'] = self.admpassword |
337 # req.form['__password'] = self.admpassword |
337 # self.assertAuthFailure(req) |
338 # self.assertAuthFailure(req) |
338 # option allow-email-login set |
339 # option allow-email-login set |
339 origsession.login = address |
340 #origsession.login = address |
340 self.set_option('allow-email-login', True) |
341 self.set_option('allow-email-login', True) |
341 req.form['__login'] = address |
342 req.form['__login'] = address |
342 req.form['__password'] = self.admpassword |
343 req.form['__password'] = self.admpassword |
343 self.assertAuthSuccess(req, origsession) |
344 self.assertAuthSuccess(req, origsession) |
344 self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
345 self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
358 req.user = req.cnx = _NeedAuthAccessMock |
359 req.user = req.cnx = _NeedAuthAccessMock |
359 |
360 |
360 |
361 |
361 def _test_auth_anon(self, req): |
362 def _test_auth_anon(self, req): |
362 asession = self.app.get_session(req) |
363 asession = self.app.get_session(req) |
363 req.set_session(asession) |
364 # important otherwise _reset_cookie will not use the right session |
|
365 req.set_cnx(repoapi.ClientConnection(asession)) |
364 self.assertEqual(len(self.open_sessions), 1) |
366 self.assertEqual(len(self.open_sessions), 1) |
365 self.assertEqual(asession.login, 'anon') |
367 self.assertEqual(asession.login, 'anon') |
366 self.assertTrue(asession.anonymous_session) |
368 self.assertTrue(asession.anonymous_session) |
367 self._reset_cookie(req) |
369 self._reset_cookie(req) |
368 |
370 |
369 def _test_anon_auth_fail(self, req): |
371 def _test_anon_auth_fail(self, req): |
370 self.assertEqual(len(self.open_sessions), 1) |
372 self.assertEqual(1, len(self.open_sessions)) |
371 session = self.app.get_session(req) |
373 session = self.app.get_session(req) |
372 req.set_session(session) |
374 # important otherwise _reset_cookie will not use the right session |
|
375 req.set_cnx(repoapi.ClientConnection(session)) |
373 self.assertEqual(req.message, 'authentication failure') |
376 self.assertEqual(req.message, 'authentication failure') |
374 self.assertEqual(req.session.anonymous_session, True) |
377 self.assertEqual(req.session.anonymous_session, True) |
375 self.assertEqual(len(self.open_sessions), 1) |
378 self.assertEqual(1, len(self.open_sessions)) |
376 self._reset_cookie(req) |
379 self._reset_cookie(req) |
377 |
380 |
378 def test_http_auth_anon_allowed(self): |
381 def test_http_auth_anon_allowed(self): |
379 req, origsession = self.init_authentication('http', 'anon') |
382 req, origsession = self.init_authentication('http', 'anon') |
380 self._test_auth_anon(req) |
383 self._test_auth_anon(req) |
395 self._test_anon_auth_fail(req) |
398 self._test_anon_auth_fail(req) |
396 req.form['__login'] = self.admlogin |
399 req.form['__login'] = self.admlogin |
397 req.form['__password'] = self.admpassword |
400 req.form['__password'] = self.admpassword |
398 self.assertAuthSuccess(req, origsession) |
401 self.assertAuthSuccess(req, origsession) |
399 self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
402 self.assertRaises(LogOut, self.app_handle_request, req, 'logout') |
400 self.assertEqual(len(self.open_sessions), 0) |
403 self.assertEqual(0, len(self.open_sessions)) |
401 |
404 |
402 def test_anonymized_request(self): |
405 def test_anonymized_request(self): |
403 req = self.request() |
406 req = self.request() |
404 self.assertEqual(req.session.login, self.admlogin) |
407 self.assertEqual(self.admlogin, req.session.user.login) |
405 # admin should see anon + admin |
408 # admin should see anon + admin |
406 self.assertEqual(len(list(req.find_entities('CWUser'))), 2) |
409 self.assertEqual(2, len(list(req.find_entities('CWUser')))) |
407 with anonymized_request(req): |
410 with anonymized_request(req): |
408 self.assertEqual(req.session.login, 'anon') |
411 self.assertEqual('anon', req.session.login, 'anon') |
409 # anon should only see anon user |
412 # anon should only see anon user |
410 self.assertEqual(len(list(req.find_entities('CWUser'))), 1) |
413 self.assertEqual(1, len(list(req.find_entities('CWUser')))) |
411 self.assertEqual(req.session.login, self.admlogin) |
414 self.assertEqual(self.admlogin, req.session.login) |
412 self.assertEqual(len(list(req.find_entities('CWUser'))), 2) |
415 self.assertEqual(2, len(list(req.find_entities('CWUser')))) |
413 |
416 |
414 def test_non_regr_optional_first_var(self): |
417 def test_non_regr_optional_first_var(self): |
415 req = self.request() |
418 req = self.request() |
416 # expect a rset with None in [0][0] |
419 # expect a rset with None in [0][0] |
417 req.form['rql'] = 'rql:Any OV1, X WHERE X custom_workflow OV1?' |
420 req.form['rql'] = 'rql:Any OV1, X WHERE X custom_workflow OV1?' |