You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
3.4 KiB
105 lines
3.4 KiB
''' Tests for ordr2.security ''' |
|
|
|
import pytest |
|
|
|
from . import app_config, dbsession, create_users |
|
|
|
|
|
# tests for ordr2.security.AuthenticationPolicy |
|
|
|
def test_authenticated_userid_no_user(): |
|
''' test if authenticated user id is None if no active user present ''' |
|
from pyramid.testing import DummyRequest |
|
from ordr2.security import AuthenticationPolicy |
|
|
|
request = DummyRequest(user=None) |
|
policy = AuthenticationPolicy(secret='') |
|
|
|
assert policy.authenticated_userid(request) is None |
|
|
|
|
|
def test_authenticated_userid_with_user(): |
|
''' test if authenticated user id is the id of the user ''' |
|
from pyramid.testing import DummyRequest |
|
from ordr2.models import User |
|
from ordr2.security import AuthenticationPolicy |
|
|
|
user = User(id=3) |
|
request = DummyRequest(user=user) |
|
policy = AuthenticationPolicy(secret='') |
|
|
|
assert policy.authenticated_userid(request) == 3 |
|
|
|
|
|
def test_effective_principals_no_user(): |
|
''' test the effective principals if no user is authenticated ''' |
|
from pyramid.testing import DummyRequest |
|
from pyramid.security import Everyone |
|
from ordr2.security import AuthenticationPolicy |
|
|
|
request = DummyRequest(user=None) |
|
policy = AuthenticationPolicy(secret='') |
|
|
|
assert policy.effective_principals(request) == [Everyone] |
|
|
|
|
|
@pytest.mark.parametrize( |
|
'role_name, role_principals', [ |
|
('UNVALIDATED', ['role:unvalidated']), |
|
('NEW', ['role:new']), |
|
('USER', ['role:user']), |
|
('PURCHASER', ['role:purchaser', 'role:user']), |
|
('ADMIN', ['role:admin', 'role:purchaser', 'role:user']), |
|
('INACTIVE', ['role:inactive']) |
|
] |
|
) |
|
def test_effective_principals_with_user(role_name, role_principals): |
|
''' test the effective principals if a user is authenticated ''' |
|
from pyramid.testing import DummyRequest |
|
from pyramid.security import Authenticated, Everyone |
|
from ordr2.models import User, Role |
|
from ordr2.security import AuthenticationPolicy |
|
|
|
role = Role[role_name] |
|
user = User(id=3, role=role) |
|
request = DummyRequest(user=user) |
|
policy = AuthenticationPolicy(secret='') |
|
|
|
expected = [Everyone, Authenticated, 'user:3'] |
|
expected.extend(role_principals) |
|
assert policy.effective_principals(request) == expected |
|
|
|
|
|
# tests for the get_user function |
|
|
|
def test_get_user_no_unauthenticated_user_id(): |
|
''' get_user() should return None if unauthenticated_userid is None ''' |
|
from pyramid.testing import DummyRequest |
|
from ordr2.security import get_user |
|
|
|
request = DummyRequest(unauthenticated_userid=None) |
|
|
|
assert get_user(request) is None |
|
|
|
|
|
@pytest.mark.parametrize( |
|
'user_id', [ |
|
3, # active user, must work |
|
pytest.mark.xfail(1), # inactive user, must fail |
|
pytest.mark.xfail(1969), # unknown user id, must fail |
|
] |
|
) |
|
def test_get_user_no_unauthenticated_user_id(user_id, dbsession): |
|
''' get_user() should return None if unauthenticated_userid is None ''' |
|
from collections import namedtuple |
|
from ordr2.models import User, Role |
|
from ordr2.security import get_user |
|
|
|
create_users(dbsession) |
|
# pyramid.testing.DummyRequest can't be used, since the parameter |
|
# unauthenticated_userid cannot be set. A named tuple is used instead |
|
Request = namedtuple('Request', 'dbsession, unauthenticated_userid') |
|
request = Request(dbsession=dbsession, unauthenticated_userid=user_id) |
|
user = get_user(request) |
|
|
|
assert isinstance(user, User)
|
|
|