CPI Ordering System (the old version)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

105 lines
3.4 KiB

''' Tests for ordr2.security '''
import pytest
from . import app_config, dbsession, create_users
# tests for ordr2.security.AuthenticationPolicy
def test_authenticated_userid_no_user():
''' test if authenticated user id is None if no active user present '''
from pyramid.testing import DummyRequest
from ordr2.security import AuthenticationPolicy
request = DummyRequest(user=None)
policy = AuthenticationPolicy(secret='')
assert policy.authenticated_userid(request) is None
def test_authenticated_userid_with_user():
''' test if authenticated user id is the id of the user '''
from pyramid.testing import DummyRequest
from ordr2.models import User
from ordr2.security import AuthenticationPolicy
user = User(id=3)
request = DummyRequest(user=user)
policy = AuthenticationPolicy(secret='')
assert policy.authenticated_userid(request) == 3
def test_effective_principals_no_user():
''' test the effective principals if no user is authenticated '''
from pyramid.testing import DummyRequest
from pyramid.security import Everyone
from ordr2.security import AuthenticationPolicy
request = DummyRequest(user=None)
policy = AuthenticationPolicy(secret='')
assert policy.effective_principals(request) == [Everyone]
@pytest.mark.parametrize(
'role_name, role_principals', [
('UNVALIDATED', ['role:unvalidated']),
('NEW', ['role:new']),
('USER', ['role:user']),
('PURCHASER', ['role:purchaser', 'role:user']),
('ADMIN', ['role:admin', 'role:purchaser', 'role:user']),
('INACTIVE', ['role:inactive'])
]
)
def test_effective_principals_with_user(role_name, role_principals):
''' test the effective principals if a user is authenticated '''
from pyramid.testing import DummyRequest
from pyramid.security import Authenticated, Everyone
from ordr2.models import User, Role
from ordr2.security import AuthenticationPolicy
role = Role[role_name]
user = User(id=3, role=role)
request = DummyRequest(user=user)
policy = AuthenticationPolicy(secret='')
expected = [Everyone, Authenticated, 'user:3']
expected.extend(role_principals)
assert policy.effective_principals(request) == expected
# tests for the get_user function
def test_get_user_no_unauthenticated_user_id():
''' get_user() should return None if unauthenticated_userid is None '''
from pyramid.testing import DummyRequest
from ordr2.security import get_user
request = DummyRequest(unauthenticated_userid=None)
assert get_user(request) is None
@pytest.mark.parametrize(
'user_id', [
3, # active user, must work
pytest.mark.xfail(1), # inactive user, must fail
pytest.mark.xfail(1969), # unknown user id, must fail
]
)
def test_get_user_no_unauthenticated_user_id(user_id, dbsession):
''' get_user() should return None if unauthenticated_userid is None '''
from collections import namedtuple
from ordr2.models import User, Role
from ordr2.security import get_user
create_users(dbsession)
# pyramid.testing.DummyRequest can't be used, since the parameter
# unauthenticated_userid cannot be set. A named tuple is used instead
Request = namedtuple('Request', 'dbsession, unauthenticated_userid')
request = Request(dbsession=dbsession, unauthenticated_userid=user_id)
user = get_user(request)
assert isinstance(user, User)