|
|
|
import pytest
|
|
|
|
|
|
|
|
from pyramid.testing import DummyRequest
|
|
|
|
|
|
|
|
from . import app_config, dbsession, get_example_user
|
|
|
|
|
|
|
|
|
|
|
|
def test_crypt_context_to_settings():
|
|
|
|
from ordr.security import crypt_context_settings_to_string
|
|
|
|
settings = {
|
|
|
|
'no_prefix': 'should not appear',
|
|
|
|
'prefix.something': 'left unchanged',
|
|
|
|
'prefix.schemes': 'adjust list',
|
|
|
|
'prefix.depreceated': 'do, not, adjust, this, list'
|
|
|
|
}
|
|
|
|
result = crypt_context_settings_to_string(settings, 'prefix.')
|
|
|
|
expected_lines = {
|
|
|
|
'[passlib]',
|
|
|
|
'something = left unchanged',
|
|
|
|
'schemes = adjust,list',
|
|
|
|
'depreceated = do, not, adjust, this, list',
|
|
|
|
}
|
|
|
|
assert set(result.split('\n')) == expected_lines
|
|
|
|
|
|
|
|
|
|
|
|
def test_authentication_policy_authenticated_user_id_no_user():
|
|
|
|
from ordr.security import AuthenticationPolicy
|
|
|
|
ap = AuthenticationPolicy('')
|
|
|
|
request = DummyRequest(user=None)
|
|
|
|
assert ap.authenticated_userid(request) is None
|
|
|
|
|
|
|
|
|
|
|
|
def test_authentication_policy_authenticated_user_id_with_user():
|
|
|
|
from ordr.security import AuthenticationPolicy
|
|
|
|
from ordr.models import User
|
|
|
|
ap = AuthenticationPolicy('')
|
|
|
|
request = DummyRequest(user=User(id=123))
|
|
|
|
assert ap.authenticated_userid(request) == 123
|
|
|
|
|
|
|
|
|
|
|
|
def test_authentication_policy_effective_principals_no_user():
|
|
|
|
from ordr.security import AuthenticationPolicy
|
|
|
|
from pyramid.security import Everyone
|
|
|
|
request = DummyRequest(user=None)
|
|
|
|
ap = AuthenticationPolicy('')
|
|
|
|
result = ap.effective_principals(request)
|
|
|
|
assert result == [Everyone]
|
|
|
|
|
|
|
|
|
|
|
|
def test_authentication_policy_effective_principals_no_user():
|
|
|
|
from ordr.security import AuthenticationPolicy
|
|
|
|
from ordr.models import User, Role
|
|
|
|
from pyramid.security import Authenticated, Everyone
|
|
|
|
ap = AuthenticationPolicy('')
|
|
|
|
user = User(id=123, role=Role.PURCHASER)
|
|
|
|
request = DummyRequest(user=user)
|
|
|
|
result = ap.effective_principals(request)
|
|
|
|
expected = [
|
|
|
|
Everyone,
|
|
|
|
Authenticated,
|
|
|
|
'user:123',
|
|
|
|
'role:purchaser',
|
|
|
|
'role:user'
|
|
|
|
]
|
|
|
|
assert result == expected
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
|
|
'uauid,role_name', [
|
|
|
|
(3, 'USER'),
|
|
|
|
(4, 'PURCHASER'),
|
|
|
|
(5, 'ADMIN'),
|
|
|
|
]
|
|
|
|
)
|
|
|
|
def test_get_user_returns_user(dbsession, uauid, role_name):
|
|
|
|
from ordr.security import get_user
|
|
|
|
from ordr.models import User, Role
|
|
|
|
# this is a dirty hack, but DummyRequest does not accept setting an
|
|
|
|
# unauthenticated_userid
|
|
|
|
from pyramid.testing import DummyResource
|
|
|
|
request = DummyResource(unauthenticated_userid=uauid, dbsession=dbsession)
|
|
|
|
user_role = Role[role_name]
|
|
|
|
user = get_example_user(user_role)
|
|
|
|
dbsession.add(user)
|
|
|
|
dbsession.flush()
|
|
|
|
assert get_user(request) == user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
|
|
'uauid,role_name', [
|
|
|
|
(1, 'UNVALIDATED'),
|
|
|
|
(2, 'NEW'),
|
|
|
|
(6, 'INACTIVE'),
|
|
|
|
(2, 'USER'),
|
|
|
|
(None, 'USER'),
|
|
|
|
]
|
|
|
|
)
|
|
|
|
def test_get_user_returns_none(dbsession, uauid, role_name):
|
|
|
|
from ordr.security import get_user
|
|
|
|
from ordr.models import User, Role
|
|
|
|
# this is a dirty hack, but DummyRequest does not accept setting an
|
|
|
|
# unauthenticated_userid
|
|
|
|
from pyramid.testing import DummyResource
|
|
|
|
request = DummyResource(unauthenticated_userid=uauid, dbsession=dbsession)
|
|
|
|
user_role = Role[role_name]
|
|
|
|
user = get_example_user(user_role)
|
|
|
|
dbsession.add(user)
|
|
|
|
dbsession.flush()
|
|
|
|
assert get_user(request) is None
|