Merge pull request #3465 from luhn/security-policy

Security policy implementation
author: Michael Merickel <michael@merickel.org> 2019-09-30 22:23:02 -0500
committer: GitHub <noreply@github.com> 2019-09-30 22:23:02 -0500
commit: 849463d3c2f5ad2c89b3d10a2abce63e4892082d (patch)
tree: 5bc507d427d8d2000c59ad7837cc03099decf1b5 /tests/test_config
parent: ada0a977d9190520c21ffaf9500860db2f3a1b3e (diff)
parent: cdb26610782176955cd8cfb0b3c3e242ca819f74 (diff)
download: pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.gz
pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.bz2
pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.zip
4 files changed, 63 insertions, 35 deletions
diff --git a/tests/test_config/test_init.py b/tests/test_config/test_init.py
index ce2b042ec..661654ef0 100644
--- a/tests/test_config/test_init.py
+++ b/tests/test_config/test_init.py
@@ -205,6 +205,15 @@ class ConfiguratorTests(unittest.TestCase):
         result = config.registry.getUtility(IDebugLogger)
         self.assertEqual(logger, result)
 
+    def test_ctor_security_policy(self):
+        from pyramid.interfaces import ISecurityPolicy
+
+        policy = object()
+        config = self._makeOne(security_policy=policy)
+        config.commit()
+        result = config.registry.getUtility(ISecurityPolicy)
+        self.assertEqual(policy, result)
+
     def test_ctor_authentication_policy(self):
         from pyramid.interfaces import IAuthenticationPolicy
 
diff --git a/tests/test_config/test_security.py b/tests/test_config/test_security.py
index 6257960b8..0ae199239 100644
--- a/tests/test_config/test_security.py
+++ b/tests/test_config/test_security.py
@@ -11,6 +11,28 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         config = Configurator(*arg, **kw)
         return config
 
+    def test_set_security_policy(self):
+        from pyramid.interfaces import ISecurityPolicy
+
+        config = self._makeOne()
+        policy = object()
+        config.set_security_policy(policy)
+        config.commit()
+        self.assertEqual(config.registry.getUtility(ISecurityPolicy), policy)
+
+    def test_set_authentication_policy_with_security_policy(self):
+        from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+
+        config = self._makeOne()
+        security_policy = object()
+        authn_policy = object()
+        authz_policy = object()
+        config.registry.registerUtility(security_policy, ISecurityPolicy)
+        config.registry.registerUtility(authz_policy, IAuthorizationPolicy)
+        config.set_authentication_policy(authn_policy)
+        self.assertRaises(ConfigurationError, config.commit)
+
     def test_set_authentication_policy_no_authz_policy(self):
         config = self._makeOne()
         policy = object()
@@ -27,6 +49,8 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
     def test_set_authentication_policy_with_authz_policy(self):
         from pyramid.interfaces import IAuthenticationPolicy
         from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+        from pyramid.security import LegacySecurityPolicy
 
         config = self._makeOne()
         authn_policy = object()
@@ -37,10 +61,15 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(
             config.registry.getUtility(IAuthenticationPolicy), authn_policy
         )
+        self.assertIsInstance(
+            config.registry.getUtility(ISecurityPolicy), LegacySecurityPolicy
+        )
 
     def test_set_authentication_policy_with_authz_policy_autocommit(self):
         from pyramid.interfaces import IAuthenticationPolicy
         from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+        from pyramid.security import LegacySecurityPolicy
 
         config = self._makeOne(autocommit=True)
         authn_policy = object()
@@ -51,6 +80,9 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(
             config.registry.getUtility(IAuthenticationPolicy), authn_policy
         )
+        self.assertIsInstance(
+            config.registry.getUtility(ISecurityPolicy), LegacySecurityPolicy
+        )
 
     def test_set_authorization_policy_no_authn_policy(self):
         config = self._makeOne()
diff --git a/tests/test_config/test_testing.py b/tests/test_config/test_testing.py
index 0fb73d268..500aedeae 100644
--- a/tests/test_config/test_testing.py
+++ b/tests/test_config/test_testing.py
@@ -1,7 +1,7 @@
 import unittest
 from zope.interface import implementer
 
-from pyramid.security import AuthenticationAPIMixin, AuthorizationAPIMixin
+from pyramid.security import SecurityAPIMixin, AuthenticationAPIMixin
 from pyramid.util import text_
 from . import IDummy
 
@@ -17,28 +17,20 @@ class TestingConfiguratorMixinTests(unittest.TestCase):
         from pyramid.testing import DummySecurityPolicy
 
         config = self._makeOne(autocommit=True)
-        config.testing_securitypolicy(
-            'user', ('group1', 'group2'), permissive=False
-        )
-        from pyramid.interfaces import IAuthenticationPolicy
-        from pyramid.interfaces import IAuthorizationPolicy
+        config.testing_securitypolicy('user', permissive=False)
+        from pyramid.interfaces import ISecurityPolicy
 
-        ut = config.registry.getUtility(IAuthenticationPolicy)
-        self.assertTrue(isinstance(ut, DummySecurityPolicy))
-        ut = config.registry.getUtility(IAuthorizationPolicy)
-        self.assertEqual(ut.userid, 'user')
-        self.assertEqual(ut.groupids, ('group1', 'group2'))
-        self.assertEqual(ut.permissive, False)
+        policy = config.registry.getUtility(ISecurityPolicy)
+        self.assertTrue(isinstance(policy, DummySecurityPolicy))
+        self.assertEqual(policy.identity, 'user')
+        self.assertEqual(policy.permissive, False)
 
     def test_testing_securitypolicy_remember_result(self):
         from pyramid.security import remember
 
         config = self._makeOne(autocommit=True)
         pol = config.testing_securitypolicy(
-            'user',
-            ('group1', 'group2'),
-            permissive=False,
-            remember_result=True,
+            'user', permissive=False, remember_result=True
         )
         request = DummyRequest()
         request.registry = config.registry
@@ -51,7 +43,7 @@ class TestingConfiguratorMixinTests(unittest.TestCase):
 
         config = self._makeOne(autocommit=True)
         pol = config.testing_securitypolicy(
-            'user', ('group1', 'group2'), permissive=False, forget_result=True
+            'user', permissive=False, forget_result=True
         )
         request = DummyRequest()
         request.registry = config.registry
@@ -232,7 +224,7 @@ class DummyEvent:
     pass
 
 
-class DummyRequest(AuthenticationAPIMixin, AuthorizationAPIMixin):
+class DummyRequest(SecurityAPIMixin, AuthenticationAPIMixin):
     def __init__(self, environ=None):
         if environ is None:
             environ = {}
diff --git a/tests/test_config/test_views.py b/tests/test_config/test_views.py
index 685b81a0f..28b7a9fb1 100644
--- a/tests/test_config/test_views.py
+++ b/tests/test_config/test_views.py
@@ -2059,22 +2059,19 @@ class TestViewsConfigurationMixin(unittest.TestCase):
         outerself = self
 
         class DummyPolicy(object):
-            def effective_principals(self, r):
+            def identify(self, r):
                 outerself.assertEqual(r, request)
-                return ['abc']
+                return 123
 
-            def permits(self, context, principals, permission):
+            def permits(self, r, context, identity, permission):
+                outerself.assertEqual(r, request)
                 outerself.assertEqual(context, None)
-                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(identity, 123)
                 outerself.assertEqual(permission, 'view')
                 return True
 
         policy = DummyPolicy()
-        config = self._makeOne(
-            authorization_policy=policy,
-            authentication_policy=policy,
-            autocommit=True,
-        )
+        config = self._makeOne(security_policy=policy, autocommit=True)
         config.add_view(view=view1, permission='view', renderer=null_renderer)
         view = self._getViewCallable(config)
         request = self._makeRequest(config)
@@ -2087,22 +2084,20 @@ class TestViewsConfigurationMixin(unittest.TestCase):
         outerself = self
 
         class DummyPolicy(object):
-            def effective_principals(self, r):
+            def identify(self, r):
                 outerself.assertEqual(r, request)
-                return ['abc']
+                return 123
 
-            def permits(self, context, principals, permission):
+            def permits(self, r, context, identity, permission):
+                outerself.assertEqual(r, request)
                 outerself.assertEqual(context, None)
-                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(identity, 123)
                 outerself.assertEqual(permission, 'view')
                 return True
 
         policy = DummyPolicy()
         config = self._makeOne(
-            authorization_policy=policy,
-            authentication_policy=policy,
-            default_permission='view',
-            autocommit=True,
+            security_policy=policy, default_permission='view', autocommit=True
         )
         config.add_view(view=view1, renderer=null_renderer)
         view = self._getViewCallable(config)
author	Michael Merickel <michael@merickel.org>	2019-09-30 22:23:02 -0500
committer	GitHub <noreply@github.com>	2019-09-30 22:23:02 -0500
commit	849463d3c2f5ad2c89b3d10a2abce63e4892082d (patch)
tree	5bc507d427d8d2000c59ad7837cc03099decf1b5 /tests/test_config
parent	ada0a977d9190520c21ffaf9500860db2f3a1b3e (diff)
parent	cdb26610782176955cd8cfb0b3c3e242ca819f74 (diff)
download	pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.gz pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.tar.bz2 pyramid-849463d3c2f5ad2c89b3d10a2abce63e4892082d.zip