CPI Ordering System (the old version)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.

117 lines
3.9 KiB

''' Tests for ordr2.security '''
import pytest
from . import app_config, dbsession, create_users
# tests for ordr2.security.AuthenticationPolicy
def test_authenticated_userid_no_user():
''' test if authenticated user id is None if no active user present '''
from pyramid.testing import DummyRequest
from ordr2.security import AuthenticationPolicy
request = DummyRequest(user=None)
policy = AuthenticationPolicy(secret='')
assert policy.authenticated_userid(request) is None
def test_authenticated_userid_with_user():
''' test if authenticated user id is the id of the user '''
from pyramid.testing import DummyRequest
from ordr2.models import User
from ordr2.security import AuthenticationPolicy
user = User(id=3)
request = DummyRequest(user=user)
policy = AuthenticationPolicy(secret='')
assert policy.authenticated_userid(request) == 3
def test_effective_principals_no_user():
''' test the effective principals if no user is authenticated '''
from pyramid.testing import DummyRequest
from pyramid.security import Everyone
from ordr2.security import AuthenticationPolicy
request = DummyRequest(user=None)
policy = AuthenticationPolicy(secret='')
assert policy.effective_principals(request) == [Everyone]
@pytest.mark.parametrize(
'role_name, role_principals', [
('UNVALIDATED', ['role:unvalidated']),
('NEW', ['role:new']),
('USER', ['role:user']),
('PURCHASER', ['role:purchaser', 'role:user']),
('ADMIN', ['role:admin', 'role:purchaser', 'role:user']),
('INACTIVE', ['role:inactive'])
]
)
def test_effective_principals_with_user(role_name, role_principals):
''' test the effective principals if a user is authenticated '''
from pyramid.testing import DummyRequest
from pyramid.security import Authenticated, Everyone
from ordr2.models import User, Role
from ordr2.security import AuthenticationPolicy
role = Role[role_name]
user = User(id=3, role=role)
request = DummyRequest(user=user)
policy = AuthenticationPolicy(secret='')
expected = [Everyone, Authenticated, 'user:3']
expected.extend(role_principals)
assert policy.effective_principals(request) == expected
# tests for the get_user function
def test_get_user_no_unauthenticated_user_id():
''' get_user() should return None if unauthenticated_userid is None '''
from pyramid.testing import DummyRequest
from ordr2.security import get_user
request = DummyRequest(unauthenticated_userid=None)
assert get_user(request) is None
@pytest.mark.parametrize('user_id', [3, 4, 5])
def test_get_user_known_authenticated_user_id(user_id, dbsession):
''' get_user() should return user instance on known active user '''
from collections import namedtuple
from ordr2.models import User, Role
from ordr2.security import get_user
create_users(dbsession)
# pyramid.testing.DummyRequest can't be used, since the parameter
# unauthenticated_userid cannot be set. A named tuple is used instead
Request = namedtuple('Request', 'dbsession, unauthenticated_userid')
request = Request(dbsession=dbsession, unauthenticated_userid=user_id)
user = get_user(request)
assert isinstance(user, User)
@pytest.mark.parametrize('user_id', [1, 2, 6, 1969])
def test_get_user_with_unknown_or_inactive_id(user_id, dbsession):
''' get_user() should return None on inactive users or unknown ids '''
from collections import namedtuple
from ordr2.models import User, Role
from ordr2.security import get_user
create_users(dbsession)
# pyramid.testing.DummyRequest can't be used, since the parameter
# unauthenticated_userid cannot be set. A named tuple is used instead
Request = namedtuple('Request', 'dbsession, unauthenticated_userid')
request = Request(dbsession=dbsession, unauthenticated_userid=user_id)
user = get_user(request)
assert user is None