summaryrefslogtreecommitdiff
path: root/tests/test_authentication.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/test_authentication.py')
-rw-r--r--tests/test_authentication.py792
1 files changed, 544 insertions, 248 deletions
diff --git a/tests/test_authentication.py b/tests/test_authentication.py
index 4fbc3fe2e..fc3e60587 100644
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -1,14 +1,13 @@
import unittest
import warnings
from pyramid import testing
-from pyramid.compat import (
- text_,
- bytes_,
- )
+from pyramid.compat import text_, bytes_
+
class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
def setUp(self):
from pyramid.interfaces import IDebugLogger
+
self.config = testing.setUp()
self.config.registry.registerUtility(self, IDebugLogger)
self.messages = []
@@ -21,9 +20,11 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
def _makeOne(self, userid=None, callback=None):
from pyramid.authentication import CallbackAuthenticationPolicy
+
class MyAuthenticationPolicy(CallbackAuthenticationPolicy):
def unauthenticated_userid(self, request):
return userid
+
policy = MyAuthenticationPolicy()
policy.debug = True
policy.callback = callback
@@ -38,7 +39,8 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
self.messages[0],
'tests.test_authentication.MyAuthenticationPolicy.'
'authenticated_userid: call to unauthenticated_userid returned '
- 'None; returning None')
+ 'None; returning None',
+ )
def test_authenticated_userid_no_callback(self):
request = DummyRequest(registry=self.config.registry)
@@ -47,14 +49,17 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
self.assertEqual(len(self.messages), 1)
self.assertEqual(
self.messages[0],
- "tests.test_authentication.MyAuthenticationPolicy."
+ "tests.test_authentication.MyAuthenticationPolicy."
"authenticated_userid: there was no groupfinder callback; "
- "returning 'fred'")
+ "returning 'fred'",
+ )
def test_authenticated_userid_with_callback_fail(self):
request = DummyRequest(registry=self.config.registry)
+
def callback(userid, request):
return None
+
policy = self._makeOne(userid='fred', callback=callback)
self.assertEqual(policy.authenticated_userid(request), None)
self.assertEqual(len(self.messages), 1)
@@ -62,12 +67,15 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
self.messages[0],
'tests.test_authentication.MyAuthenticationPolicy.'
'authenticated_userid: groupfinder callback returned None; '
- 'returning None')
+ 'returning None',
+ )
def test_authenticated_userid_with_callback_success(self):
request = DummyRequest(registry=self.config.registry)
+
def callback(userid, request):
return []
+
policy = self._makeOne(userid='fred', callback=callback)
self.assertEqual(policy.authenticated_userid(request), 'fred')
self.assertEqual(len(self.messages), 1)
@@ -75,7 +83,8 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
self.messages[0],
"tests.test_authentication.MyAuthenticationPolicy."
"authenticated_userid: groupfinder callback returned []; "
- "returning 'fred'")
+ "returning 'fred'",
+ )
def test_authenticated_userid_fails_cleaning_as_Authenticated(self):
request = DummyRequest(registry=self.config.registry)
@@ -87,7 +96,8 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
"tests.test_authentication.MyAuthenticationPolicy."
"authenticated_userid: use of userid 'system.Authenticated' is "
"disallowed by any built-in Pyramid security policy, returning "
- "None")
+ "None",
+ )
def test_authenticated_userid_fails_cleaning_as_Everyone(self):
request = DummyRequest(registry=self.config.registry)
@@ -99,107 +109,127 @@ class TestCallbackAuthenticationPolicyDebugging(unittest.TestCase):
"tests.test_authentication.MyAuthenticationPolicy."
"authenticated_userid: use of userid 'system.Everyone' is "
"disallowed by any built-in Pyramid security policy, returning "
- "None")
+ "None",
+ )
def test_effective_principals_no_unauthenticated_userid(self):
request = DummyRequest(registry=self.config.registry)
policy = self._makeOne()
- self.assertEqual(policy.effective_principals(request),
- ['system.Everyone'])
+ self.assertEqual(
+ policy.effective_principals(request), ['system.Everyone']
+ )
self.assertEqual(len(self.messages), 1)
self.assertEqual(
self.messages[0],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: unauthenticated_userid returned None; "
- "returning ['system.Everyone']")
+ "returning ['system.Everyone']",
+ )
def test_effective_principals_no_callback(self):
request = DummyRequest(registry=self.config.registry)
policy = self._makeOne(userid='fred')
self.assertEqual(
policy.effective_principals(request),
- ['system.Everyone', 'system.Authenticated', 'fred'])
+ ['system.Everyone', 'system.Authenticated', 'fred'],
+ )
self.assertEqual(len(self.messages), 2)
self.assertEqual(
self.messages[0],
'tests.test_authentication.MyAuthenticationPolicy.'
'effective_principals: groupfinder callback is None, so groups '
- 'is []')
+ 'is []',
+ )
self.assertEqual(
self.messages[1],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: returning effective principals: "
- "['system.Everyone', 'system.Authenticated', 'fred']")
+ "['system.Everyone', 'system.Authenticated', 'fred']",
+ )
def test_effective_principals_with_callback_fail(self):
request = DummyRequest(registry=self.config.registry)
+
def callback(userid, request):
return None
+
policy = self._makeOne(userid='fred', callback=callback)
self.assertEqual(
- policy.effective_principals(request), ['system.Everyone'])
+ policy.effective_principals(request), ['system.Everyone']
+ )
self.assertEqual(len(self.messages), 2)
self.assertEqual(
self.messages[0],
'tests.test_authentication.MyAuthenticationPolicy.'
'effective_principals: groupfinder callback returned None as '
- 'groups')
+ 'groups',
+ )
self.assertEqual(
self.messages[1],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: returning effective principals: "
- "['system.Everyone']")
+ "['system.Everyone']",
+ )
def test_effective_principals_with_callback_success(self):
request = DummyRequest(registry=self.config.registry)
+
def callback(userid, request):
return []
+
policy = self._makeOne(userid='fred', callback=callback)
self.assertEqual(
policy.effective_principals(request),
- ['system.Everyone', 'system.Authenticated', 'fred'])
+ ['system.Everyone', 'system.Authenticated', 'fred'],
+ )
self.assertEqual(len(self.messages), 2)
self.assertEqual(
self.messages[0],
'tests.test_authentication.MyAuthenticationPolicy.'
- 'effective_principals: groupfinder callback returned [] as groups')
+ 'effective_principals: groupfinder callback returned [] as groups',
+ )
self.assertEqual(
self.messages[1],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: returning effective principals: "
- "['system.Everyone', 'system.Authenticated', 'fred']")
+ "['system.Everyone', 'system.Authenticated', 'fred']",
+ )
def test_effective_principals_with_unclean_principal_Authenticated(self):
request = DummyRequest(registry=self.config.registry)
policy = self._makeOne(userid='system.Authenticated')
self.assertEqual(
- policy.effective_principals(request),
- ['system.Everyone'])
+ policy.effective_principals(request), ['system.Everyone']
+ )
self.assertEqual(len(self.messages), 1)
self.assertEqual(
self.messages[0],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: unauthenticated_userid returned disallowed "
"'system.Authenticated'; returning ['system.Everyone'] as if it "
- "was None")
+ "was None",
+ )
def test_effective_principals_with_unclean_principal_Everyone(self):
request = DummyRequest(registry=self.config.registry)
policy = self._makeOne(userid='system.Everyone')
self.assertEqual(
- policy.effective_principals(request),
- ['system.Everyone'])
+ policy.effective_principals(request), ['system.Everyone']
+ )
self.assertEqual(len(self.messages), 1)
self.assertEqual(
self.messages[0],
"tests.test_authentication.MyAuthenticationPolicy."
"effective_principals: unauthenticated_userid returned disallowed "
"'system.Everyone'; returning ['system.Everyone'] as if it "
- "was None")
+ "was None",
+ )
+
class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import RepozeWho1AuthenticationPolicy
+
return RepozeWho1AuthenticationPolicy
def _makeOne(self, identifier_name='auth_tkt', callback=None):
@@ -208,11 +238,13 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_class_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthenticationPolicy
+
verifyClass(IAuthenticationPolicy, self._getTargetClass())
def test_instance_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyObject
from pyramid.interfaces import IAuthenticationPolicy
+
verifyObject(IAuthenticationPolicy, self._makeOne())
def test_unauthenticated_userid_returns_None(self):
@@ -222,7 +254,8 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_unauthenticated_userid(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred'}})
+ {'repoze.who.identity': {'repoze.who.userid': 'fred'}}
+ )
policy = self._makeOne()
self.assertEqual(policy.unauthenticated_userid(request), 'fred')
@@ -233,48 +266,61 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_authenticated_userid(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred'}})
+ {'repoze.who.identity': {'repoze.who.userid': 'fred'}}
+ )
policy = self._makeOne()
self.assertEqual(policy.authenticated_userid(request), 'fred')
def test_authenticated_userid_repoze_who_userid_is_None(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':None}})
+ {'repoze.who.identity': {'repoze.who.userid': None}}
+ )
policy = self._makeOne()
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid_with_callback_returns_None(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred'}})
+ {'repoze.who.identity': {'repoze.who.userid': 'fred'}}
+ )
+
def callback(identity, request):
return None
+
policy = self._makeOne(callback=callback)
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid_with_callback_returns_something(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred'}})
+ {'repoze.who.identity': {'repoze.who.userid': 'fred'}}
+ )
+
def callback(identity, request):
return ['agroup']
+
policy = self._makeOne(callback=callback)
self.assertEqual(policy.authenticated_userid(request), 'fred')
def test_authenticated_userid_unclean_principal_Authenticated(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'system.Authenticated'}}
- )
+ {
+ 'repoze.who.identity': {
+ 'repoze.who.userid': 'system.Authenticated'
+ }
+ }
+ )
policy = self._makeOne()
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid_unclean_principal_Everyone(self):
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'system.Everyone'}}
- )
+ {'repoze.who.identity': {'repoze.who.userid': 'system.Everyone'}}
+ )
policy = self._makeOne()
self.assertEqual(policy.authenticated_userid(request), None)
def test_effective_principals_None(self):
from pyramid.security import Everyone
+
request = DummyRequest({})
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
@@ -282,56 +328,86 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_effective_principals_userid_only(self):
from pyramid.security import Everyone
from pyramid.security import Authenticated
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred'}})
+ {'repoze.who.identity': {'repoze.who.userid': 'fred'}}
+ )
policy = self._makeOne()
- self.assertEqual(policy.effective_principals(request),
- [Everyone, Authenticated, 'fred'])
+ self.assertEqual(
+ policy.effective_principals(request),
+ [Everyone, Authenticated, 'fred'],
+ )
def test_effective_principals_userid_and_groups(self):
from pyramid.security import Everyone
from pyramid.security import Authenticated
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred',
- 'groups':['quux', 'biz']}})
+ {
+ 'repoze.who.identity': {
+ 'repoze.who.userid': 'fred',
+ 'groups': ['quux', 'biz'],
+ }
+ }
+ )
+
def callback(identity, request):
return identity['groups']
+
policy = self._makeOne(callback=callback)
- self.assertEqual(policy.effective_principals(request),
- [Everyone, Authenticated, 'fred', 'quux', 'biz'])
+ self.assertEqual(
+ policy.effective_principals(request),
+ [Everyone, Authenticated, 'fred', 'quux', 'biz'],
+ )
def test_effective_principals_userid_callback_returns_None(self):
from pyramid.security import Everyone
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'fred',
- 'groups':['quux', 'biz']}})
+ {
+ 'repoze.who.identity': {
+ 'repoze.who.userid': 'fred',
+ 'groups': ['quux', 'biz'],
+ }
+ }
+ )
+
def callback(identity, request):
return None
+
policy = self._makeOne(callback=callback)
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals_repoze_who_userid_is_None(self):
from pyramid.security import Everyone
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':None}}
- )
+ {'repoze.who.identity': {'repoze.who.userid': None}}
+ )
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals_repoze_who_userid_is_unclean_Everyone(self):
from pyramid.security import Everyone
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'system.Everyone'}}
- )
+ {'repoze.who.identity': {'repoze.who.userid': 'system.Everyone'}}
+ )
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals_repoze_who_userid_is_unclean_Authenticated(
- self):
+ self
+ ):
from pyramid.security import Everyone
+
request = DummyRequest(
- {'repoze.who.identity':{'repoze.who.userid':'system.Authenticated'}}
- )
+ {
+ 'repoze.who.identity': {
+ 'repoze.who.userid': 'system.Authenticated'
+ }
+ }
+ )
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
@@ -343,20 +419,20 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_remember(self):
authtkt = DummyWhoPlugin()
- request = DummyRequest(
- {'repoze.who.plugins':{'auth_tkt':authtkt}})
+ request = DummyRequest({'repoze.who.plugins': {'auth_tkt': authtkt}})
policy = self._makeOne()
result = policy.remember(request, 'fred')
self.assertEqual(result[0], request.environ)
- self.assertEqual(result[1], {'repoze.who.userid':'fred'})
+ self.assertEqual(result[1], {'repoze.who.userid': 'fred'})
def test_remember_kwargs(self):
authtkt = DummyWhoPlugin()
- request = DummyRequest(
- {'repoze.who.plugins':{'auth_tkt':authtkt}})
+ request = DummyRequest({'repoze.who.plugins': {'auth_tkt': authtkt}})
policy = self._makeOne()
result = policy.remember(request, 'fred', max_age=23)
- self.assertEqual(result[1], {'repoze.who.userid':'fred', 'max_age': 23})
+ self.assertEqual(
+ result[1], {'repoze.who.userid': 'fred', 'max_age': 23}
+ )
def test_forget_no_plugins(self):
request = DummyRequest({})
@@ -367,17 +443,21 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase):
def test_forget(self):
authtkt = DummyWhoPlugin()
request = DummyRequest(
- {'repoze.who.plugins':{'auth_tkt':authtkt},
- 'repoze.who.identity':{'repoze.who.userid':'fred'},
- })
+ {
+ 'repoze.who.plugins': {'auth_tkt': authtkt},
+ 'repoze.who.identity': {'repoze.who.userid': 'fred'},
+ }
+ )
policy = self._makeOne()
result = policy.forget(request)
self.assertEqual(result[0], request.environ)
self.assertEqual(result[1], request.environ['repoze.who.identity'])
+
class TestRemoteUserAuthenticationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import RemoteUserAuthenticationPolicy
+
return RemoteUserAuthenticationPolicy
def _makeOne(self, environ_key='REMOTE_USER', callback=None):
@@ -386,11 +466,13 @@ class TestRemoteUserAuthenticationPolicy(unittest.TestCase):
def test_class_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthenticationPolicy
+
verifyClass(IAuthenticationPolicy, self._getTargetClass())
def test_instance_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyObject
from pyramid.interfaces import IAuthenticationPolicy
+
verifyObject(IAuthenticationPolicy, self._makeOne())
def test_unauthenticated_userid_returns_None(self):
@@ -399,7 +481,7 @@ class TestRemoteUserAuthenticationPolicy(unittest.TestCase):
self.assertEqual(policy.unauthenticated_userid(request), None)
def test_unauthenticated_userid(self):
- request = DummyRequest({'REMOTE_USER':'fred'})
+ request = DummyRequest({'REMOTE_USER': 'fred'})
policy = self._makeOne()
self.assertEqual(policy.unauthenticated_userid(request), 'fred')
@@ -409,12 +491,13 @@ class TestRemoteUserAuthenticationPolicy(unittest.TestCase):
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid(self):
- request = DummyRequest({'REMOTE_USER':'fred'})
+ request = DummyRequest({'REMOTE_USER': 'fred'})
policy = self._makeOne()
self.assertEqual(policy.authenticated_userid(request), 'fred')
def test_effective_principals_None(self):
from pyramid.security import Everyone
+
request = DummyRequest({})
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
@@ -422,26 +505,31 @@ class TestRemoteUserAuthenticationPolicy(unittest.TestCase):
def test_effective_principals(self):
from pyramid.security import Everyone
from pyramid.security import Authenticated
- request = DummyRequest({'REMOTE_USER':'fred'})
+
+ request = DummyRequest({'REMOTE_USER': 'fred'})
policy = self._makeOne()
- self.assertEqual(policy.effective_principals(request),
- [Everyone, Authenticated, 'fred'])
+ self.assertEqual(
+ policy.effective_principals(request),
+ [Everyone, Authenticated, 'fred'],
+ )
def test_remember(self):
- request = DummyRequest({'REMOTE_USER':'fred'})
+ request = DummyRequest({'REMOTE_USER': 'fred'})
policy = self._makeOne()
result = policy.remember(request, 'fred')
self.assertEqual(result, [])
def test_forget(self):
- request = DummyRequest({'REMOTE_USER':'fred'})
+ request = DummyRequest({'REMOTE_USER': 'fred'})
policy = self._makeOne()
result = policy.forget(request)
self.assertEqual(result, [])
+
class TestAuthTktAuthenticationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import AuthTktAuthenticationPolicy
+
return AuthTktAuthenticationPolicy
def _makeOne(self, callback, cookieidentity, **kw):
@@ -460,10 +548,16 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase):
def test_allargs(self):
# pass all known args
inst = self._getTargetClass()(
- 'secret', callback=None, cookie_name=None, secure=False,
- include_ip=False, timeout=None, reissue_time=None,
- hashalg='sha512', samesite=None,
- )
+ 'secret',
+ callback=None,
+ cookie_name=None,
+ secure=False,
+ include_ip=False,
+ timeout=None,
+ reissue_time=None,
+ hashalg='sha512',
+ samesite=None,
+ )
self.assertEqual(inst.callback, None)
def test_hashalg_override(self):
@@ -477,8 +571,8 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase):
self.assertEqual(policy.unauthenticated_userid(request), None)
def test_unauthenticated_userid(self):
- request = DummyRequest({'REMOTE_USER':'fred'})
- policy = self._makeOne(None, {'userid':'fred'})
+ request = DummyRequest({'REMOTE_USER': 'fred'})
+ policy = self._makeOne(None, {'userid': 'fred'})
self.assertEqual(policy.unauthenticated_userid(request), 'fred')
def test_authenticated_userid_no_cookie_identity(self):
@@ -488,41 +582,54 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase):
def test_authenticated_userid_callback_returns_None(self):
request = DummyRequest({})
+
def callback(userid, request):
return None
- policy = self._makeOne(callback, {'userid':'fred'})
+
+ policy = self._makeOne(callback, {'userid': 'fred'})
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid(self):
request = DummyRequest({})
+
def callback(userid, request):
return True
- policy = self._makeOne(callback, {'userid':'fred'})
+
+ policy = self._makeOne(callback, {'userid': 'fred'})
self.assertEqual(policy.authenticated_userid(request), 'fred')
def test_effective_principals_no_cookie_identity(self):
from pyramid.security import Everyone
+
request = DummyRequest({})
policy = self._makeOne(None, None)
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals_callback_returns_None(self):
from pyramid.security import Everyone
+
request = DummyRequest({})
+
def callback(userid, request):
return None
- policy = self._makeOne(callback, {'userid':'fred'})
+
+ policy = self._makeOne(callback, {'userid': 'fred'})
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals(self):
from pyramid.security import Everyone
from pyramid.security import Authenticated
+
request = DummyRequest({})
+
def callback(userid, request):
return ['group.foo']
- policy = self._makeOne(callback, {'userid':'fred'})
- self.assertEqual(policy.effective_principals(request),
- [Everyone, Authenticated, 'fred', 'group.foo'])
+
+ policy = self._makeOne(callback, {'userid': 'fred'})
+ self.assertEqual(
+ policy.effective_principals(request),
+ [Everyone, Authenticated, 'fred', 'group.foo'],
+ )
def test_remember(self):
request = DummyRequest({})
@@ -534,7 +641,7 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase):
request = DummyRequest({})
policy = self._makeOne(None, None)
result = policy.remember(request, 'fred', a=1, b=2)
- self.assertEqual(policy.cookie.kw, {'a':1, 'b':2})
+ self.assertEqual(policy.cookie.kw, {'a': 1, 'b': 2})
self.assertEqual(result, [])
def test_forget(self):
@@ -546,16 +653,20 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase):
def test_class_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthenticationPolicy
+
verifyClass(IAuthenticationPolicy, self._getTargetClass())
def test_instance_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyObject
from pyramid.interfaces import IAuthenticationPolicy
+
verifyObject(IAuthenticationPolicy, self._makeOne(None, None))
+
class TestAuthTktCookieHelper(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import AuthTktCookieHelper
+
return AuthTktCookieHelper
def _makeOne(self, *arg, **kw):
@@ -570,7 +681,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
return helper
def _makeRequest(self, cookie=None, ipv6=False):
- environ = {'wsgi.version': (1,0)}
+ environ = {'wsgi.version': (1, 0)}
if ipv6 is False:
environ['REMOTE_ADDR'] = '1.1.1.1'
@@ -588,7 +699,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
return D
def _parseHeaders(self, headers):
- return [ self._parseHeader(header) for header in headers ]
+ return [self._parseHeader(header) for header in headers]
def _parseHeader(self, header):
cookie = self._parseCookie(header[1])
@@ -596,18 +707,25 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def _parseCookie(self, cookie):
from pyramid.compat import SimpleCookie
+
cookies = SimpleCookie()
cookies.load(cookie)
return cookies.get('auth_tkt')
def test_init_cookie_str_reissue_invalid(self):
- self.assertRaises(ValueError, self._makeOne, 'secret', reissue_time='invalid value')
+ self.assertRaises(
+ ValueError, self._makeOne, 'secret', reissue_time='invalid value'
+ )
def test_init_cookie_str_timeout_invalid(self):
- self.assertRaises(ValueError, self._makeOne, 'secret', timeout='invalid value')
+ self.assertRaises(
+ ValueError, self._makeOne, 'secret', timeout='invalid value'
+ )
def test_init_cookie_str_max_age_invalid(self):
- self.assertRaises(ValueError, self._makeOne, 'secret', max_age='invalid value')
+ self.assertRaises(
+ ValueError, self._makeOne, 'secret', max_age='invalid value'
+ )
def test_identify_nocookie(self):
helper = self._makeOne('secret')
@@ -635,8 +753,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(helper.auth_tkt.secret, 'secret')
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], '')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_include_ipv6(self):
helper = self._makeOne('secret', include_ip=True)
@@ -652,8 +770,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(helper.auth_tkt.secret, 'secret')
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], '')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_dont_include_ip(self):
helper = self._makeOne('secret', include_ip=False)
@@ -669,8 +787,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(helper.auth_tkt.secret, 'secret')
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], '')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_int_useridtype(self):
helper = self._makeOne('secret', include_ip=False)
@@ -685,8 +803,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result['timestamp'], 0)
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], 'userid_type:int')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_nonuseridtype_user_data(self):
helper = self._makeOne('secret', include_ip=False)
@@ -701,8 +819,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result['timestamp'], 0)
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'bogus:int')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], 'bogus:int')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_unknown_useridtype(self):
helper = self._makeOne('secret', include_ip=False)
@@ -717,11 +835,12 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result['timestamp'], 0)
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], 'userid_type:unknown')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_b64str_useridtype(self):
from base64 import b64encode
+
helper = self._makeOne('secret', include_ip=False)
helper.auth_tkt.userid = b64encode(b'encoded').strip()
helper.auth_tkt.user_data = 'userid_type:b64str'
@@ -734,11 +853,12 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result['timestamp'], 0)
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:b64str')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], 'userid_type:b64str')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_good_cookie_b64unicode_useridtype(self):
from base64 import b64encode
+
helper = self._makeOne('secret', include_ip=False)
helper.auth_tkt.userid = b64encode(b'\xc3\xa9ncoded').strip()
helper.auth_tkt.user_data = 'userid_type:b64unicode'
@@ -751,8 +871,8 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result['timestamp'], 0)
environ = request.environ
self.assertEqual(environ['REMOTE_USER_TOKENS'], ())
- self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:b64unicode')
- self.assertEqual(environ['AUTH_TYPE'],'cookie')
+ self.assertEqual(environ['REMOTE_USER_DATA'], 'userid_type:b64unicode')
+ self.assertEqual(environ['AUTH_TYPE'], 'cookie')
def test_identify_bad_cookie(self):
helper = self._makeOne('secret', include_ip=True)
@@ -771,22 +891,24 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_timeout_aged(self):
import time
+
helper = self._makeOne('secret', timeout=10)
now = time.time()
helper.auth_tkt.timestamp = now - 1
helper.now = now + 10
- helper.auth_tkt.tokens = (text_('a'), )
+ helper.auth_tkt.tokens = (text_('a'),)
request = self._makeRequest('bogus')
result = helper.identify(request)
self.assertFalse(result)
def test_identify_cookie_reissue(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=0)
now = time.time()
helper.auth_tkt.timestamp = now
helper.now = now + 1
- helper.auth_tkt.tokens = (text_('a'), )
+ helper.auth_tkt.tokens = (text_('a'),)
request = self._makeRequest('bogus')
result = helper.identify(request)
self.assertTrue(result)
@@ -798,11 +920,12 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_str_reissue(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time='0')
now = time.time()
helper.auth_tkt.timestamp = now
helper.now = now + 1
- helper.auth_tkt.tokens = (text_('a'), )
+ helper.auth_tkt.tokens = (text_('a'),)
request = self._makeRequest('bogus')
result = helper.identify(request)
self.assertTrue(result)
@@ -814,6 +937,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_reissue_already_reissued_this_request(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=0)
now = time.time()
helper.auth_tkt.timestamp = now
@@ -826,6 +950,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_reissue_notyet(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=10)
now = time.time()
helper.auth_tkt.timestamp = now
@@ -837,6 +962,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_reissue_revoked_by_forget(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=0)
now = time.time()
helper.auth_tkt.timestamp = now
@@ -854,6 +980,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_reissue_revoked_by_remember(self):
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=0)
now = time.time()
helper.auth_tkt.timestamp = now
@@ -872,6 +999,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_identify_cookie_reissue_with_tokens_default(self):
# see https://github.com/Pylons/pyramid/issues#issue/108
import time
+
helper = self._makeOne('secret', timeout=10, reissue_time=0)
auth_tkt = DummyAuthTktModule(tokens=[''])
helper.auth_tkt = auth_tkt
@@ -902,13 +1030,15 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[1][1].endswith('; Domain=localhost; Path=/; SameSite=Lax')
+ )
self.assertTrue(result[1][1].startswith('auth_tkt='))
self.assertEqual(result[2][0], 'Set-Cookie')
- self.assertTrue(result[2][1].endswith(
- '; Domain=.localhost; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[2][1].endswith('; Domain=.localhost; Path=/; SameSite=Lax')
+ )
self.assertTrue(result[2][1].startswith('auth_tkt='))
def test_remember_nondefault_samesite(self):
@@ -922,13 +1052,19 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/; SameSite=Strict'))
+ self.assertTrue(
+ result[1][1].endswith(
+ '; Domain=localhost; Path=/; SameSite=Strict'
+ )
+ )
self.assertTrue(result[1][1].startswith('auth_tkt='))
self.assertEqual(result[2][0], 'Set-Cookie')
- self.assertTrue(result[2][1].endswith(
- '; Domain=.localhost; Path=/; SameSite=Strict'))
+ self.assertTrue(
+ result[2][1].endswith(
+ '; Domain=.localhost; Path=/; SameSite=Strict'
+ )
+ )
self.assertTrue(result[2][1].startswith('auth_tkt='))
def test_remember_None_samesite(self):
@@ -938,17 +1074,15 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(len(result), 3)
self.assertEqual(result[0][0], 'Set-Cookie')
- self.assertTrue(result[0][1].endswith('; Path=/')) # no samesite
+ self.assertTrue(result[0][1].endswith('; Path=/')) # no samesite
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/'))
+ self.assertTrue(result[1][1].endswith('; Domain=localhost; Path=/'))
self.assertTrue(result[1][1].startswith('auth_tkt='))
self.assertEqual(result[2][0], 'Set-Cookie')
- self.assertTrue(result[2][1].endswith(
- '; Domain=.localhost; Path=/'))
+ self.assertTrue(result[2][1].endswith('; Domain=.localhost; Path=/'))
self.assertTrue(result[2][1].startswith('auth_tkt='))
def test_remember_include_ip(self):
@@ -962,35 +1096,45 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[1][1].endswith('; Domain=localhost; Path=/; SameSite=Lax')
+ )
self.assertTrue(result[1][1].startswith('auth_tkt='))
self.assertEqual(result[2][0], 'Set-Cookie')
- self.assertTrue(result[2][1].endswith(
- '; Domain=.localhost; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[2][1].endswith('; Domain=.localhost; Path=/; SameSite=Lax')
+ )
self.assertTrue(result[2][1].startswith('auth_tkt='))
def test_remember_path(self):
- helper = self._makeOne('secret', include_ip=True,
- path="/cgi-bin/app.cgi/")
+ helper = self._makeOne(
+ 'secret', include_ip=True, path="/cgi-bin/app.cgi/"
+ )
request = self._makeRequest()
result = helper.remember(request, 'other')
self.assertEqual(len(result), 3)
self.assertEqual(result[0][0], 'Set-Cookie')
- self.assertTrue(result[0][1].endswith(
- '; Path=/cgi-bin/app.cgi/; SameSite=Lax'))
+ self.assertTrue(
+ result[0][1].endswith('; Path=/cgi-bin/app.cgi/; SameSite=Lax')
+ )
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/cgi-bin/app.cgi/; SameSite=Lax'))
+ self.assertTrue(
+ result[1][1].endswith(
+ '; Domain=localhost; Path=/cgi-bin/app.cgi/; SameSite=Lax'
+ )
+ )
self.assertTrue(result[1][1].startswith('auth_tkt='))
self.assertEqual(result[2][0], 'Set-Cookie')
- self.assertTrue(result[2][1].endswith(
- '; Domain=.localhost; Path=/cgi-bin/app.cgi/; SameSite=Lax'))
+ self.assertTrue(
+ result[2][1].endswith(
+ '; Domain=.localhost; Path=/cgi-bin/app.cgi/; SameSite=Lax'
+ )
+ )
self.assertTrue(result[2][1].startswith('auth_tkt='))
def test_remember_http_only(self):
@@ -1040,8 +1184,9 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertTrue(result[0][1].startswith('auth_tkt='))
self.assertEqual(result[1][0], 'Set-Cookie')
- self.assertTrue(result[1][1].endswith(
- '; Domain=localhost; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[1][1].endswith('; Domain=localhost; Path=/; SameSite=Lax')
+ )
self.assertTrue(result[1][1].startswith('auth_tkt='))
def test_remember_parent_domain(self):
@@ -1052,8 +1197,11 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(len(result), 1)
self.assertEqual(result[0][0], 'Set-Cookie')
- self.assertTrue(result[0][1].endswith(
- '; Domain=.example.com; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[0][1].endswith(
+ '; Domain=.example.com; Path=/; SameSite=Lax'
+ )
+ )
self.assertTrue(result[0][1].startswith('auth_tkt='))
def test_remember_parent_domain_supercedes_wild_domain(self):
@@ -1062,8 +1210,11 @@ class TestAuthTktCookieHelper(unittest.TestCase):
request.domain = 'www.example.com'
result = helper.remember(request, 'other')
self.assertEqual(len(result), 1)
- self.assertTrue(result[0][1].endswith(
- '; Domain=.example.com; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[0][1].endswith(
+ '; Domain=.example.com; Path=/; SameSite=Lax'
+ )
+ )
def test_remember_explicit_domain(self):
helper = self._makeOne('secret', domain='pyramid.bazinga')
@@ -1073,30 +1224,42 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(len(result), 1)
self.assertEqual(result[0][0], 'Set-Cookie')
- self.assertTrue(result[0][1].endswith(
- '; Domain=pyramid.bazinga; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[0][1].endswith(
+ '; Domain=pyramid.bazinga; Path=/; SameSite=Lax'
+ )
+ )
self.assertTrue(result[0][1].startswith('auth_tkt='))
def test_remember_domain_supercedes_parent_and_wild_domain(self):
- helper = self._makeOne('secret', domain='pyramid.bazinga',
- parent_domain=True, wild_domain=True)
+ helper = self._makeOne(
+ 'secret',
+ domain='pyramid.bazinga',
+ parent_domain=True,
+ wild_domain=True,
+ )
request = self._makeRequest()
request.domain = 'www.example.com'
result = helper.remember(request, 'other')
self.assertEqual(len(result), 1)
- self.assertTrue(result[0][1].endswith(
- '; Domain=pyramid.bazinga; Path=/; SameSite=Lax'))
+ self.assertTrue(
+ result[0][1].endswith(
+ '; Domain=pyramid.bazinga; Path=/; SameSite=Lax'
+ )
+ )
def test_remember_binary_userid(self):
import base64
+
helper = self._makeOne('secret')
request = self._makeRequest()
result = helper.remember(request, b'userid')
values = self._parseHeaders(result)
self.assertEqual(len(result), 3)
val = self._cookieValue(values[0])
- self.assertEqual(val['userid'],
- text_(base64.b64encode(b'userid').strip()))
+ self.assertEqual(
+ val['userid'], text_(base64.b64encode(b'userid').strip())
+ )
self.assertEqual(val['user_data'], 'userid_type:b64str')
def test_remember_int_userid(self):
@@ -1111,6 +1274,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_remember_long_userid(self):
from pyramid.compat import long
+
helper = self._makeOne('secret')
request = self._makeRequest()
result = helper.remember(request, long(1))
@@ -1122,6 +1286,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_remember_unicode_userid(self):
import base64
+
helper = self._makeOne('secret')
request = self._makeRequest()
userid = text_(b'\xc2\xa9', 'utf-8')
@@ -1129,8 +1294,9 @@ class TestAuthTktCookieHelper(unittest.TestCase):
values = self._parseHeaders(result)
self.assertEqual(len(result), 3)
val = self._cookieValue(values[0])
- self.assertEqual(val['userid'],
- text_(base64.b64encode(userid.encode('utf-8'))))
+ self.assertEqual(
+ val['userid'], text_(base64.b64encode(userid.encode('utf-8')))
+ )
self.assertEqual(val['user_data'], 'userid_type:b64unicode')
def test_remember_insane_userid(self):
@@ -1169,7 +1335,13 @@ class TestAuthTktCookieHelper(unittest.TestCase):
def test_remember_str_max_age_invalid(self):
helper = self._makeOne('secret')
request = self._makeRequest()
- self.assertRaises(ValueError, helper.remember, request, 'userid', max_age='invalid value')
+ self.assertRaises(
+ ValueError,
+ helper.remember,
+ request,
+ 'userid',
+ max_age='invalid value',
+ )
def test_remember_tokens(self):
helper = self._makeOne('secret')
@@ -1194,18 +1366,24 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result[0][0], 'Set-Cookie')
cookieval = result[0][1]
- self.assertTrue('SameSite=Strict' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Strict' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
self.assertEqual(result[1][0], 'Set-Cookie')
cookieval = result[1][1]
- self.assertTrue('SameSite=Strict' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Strict' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
self.assertEqual(result[2][0], 'Set-Cookie')
cookieval = result[2][1]
- self.assertTrue('SameSite=Strict' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Strict' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
def test_remember_samesite_default(self):
helper = self._makeOne('secret')
@@ -1215,18 +1393,24 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(result[0][0], 'Set-Cookie')
cookieval = result[0][1]
- self.assertTrue('SameSite=Lax' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Lax' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
self.assertEqual(result[1][0], 'Set-Cookie')
cookieval = result[1][1]
- self.assertTrue('SameSite=Lax' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Lax' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
self.assertEqual(result[2][0], 'Set-Cookie')
cookieval = result[2][1]
- self.assertTrue('SameSite=Lax' in
- [x.strip() for x in cookieval.split(';')], cookieval)
+ self.assertTrue(
+ 'SameSite=Lax' in [x.strip() for x in cookieval.split(';')],
+ cookieval,
+ )
def test_remember_unicode_but_ascii_token(self):
helper = self._makeOne('secret')
@@ -1240,16 +1424,19 @@ class TestAuthTktCookieHelper(unittest.TestCase):
helper = self._makeOne('secret')
request = self._makeRequest()
la = text_(b'La Pe\xc3\xb1a', 'utf-8')
- self.assertRaises(ValueError, helper.remember, request, 'other',
- tokens=(la,))
+ self.assertRaises(
+ ValueError, helper.remember, request, 'other', tokens=(la,)
+ )
def test_remember_invalid_token_format(self):
helper = self._makeOne('secret')
request = self._makeRequest()
- self.assertRaises(ValueError, helper.remember, request, 'other',
- tokens=('foo bar',))
- self.assertRaises(ValueError, helper.remember, request, 'other',
- tokens=('1bar',))
+ self.assertRaises(
+ ValueError, helper.remember, request, 'other', tokens=('foo bar',)
+ )
+ self.assertRaises(
+ ValueError, helper.remember, request, 'other', tokens=('1bar',)
+ )
def test_forget(self):
helper = self._makeOne('secret')
@@ -1261,26 +1448,28 @@ class TestAuthTktCookieHelper(unittest.TestCase):
self.assertEqual(
value,
'auth_tkt=; Max-Age=0; Path=/; '
- 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax'
- )
+ 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax',
+ )
name, value = headers[1]
self.assertEqual(name, 'Set-Cookie')
self.assertEqual(
value,
'auth_tkt=; Domain=localhost; Max-Age=0; Path=/; '
- 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax'
- )
+ 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax',
+ )
name, value = headers[2]
self.assertEqual(name, 'Set-Cookie')
self.assertEqual(
value,
'auth_tkt=; Domain=.localhost; Max-Age=0; Path=/; '
- 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax'
- )
+ 'expires=Wed, 31-Dec-97 23:59:59 GMT; SameSite=Lax',
+ )
+
class TestAuthTicket(unittest.TestCase):
def _makeOne(self, *arg, **kw):
from pyramid.authentication import AuthTicket
+
return AuthTicket(*arg, **kw)
def test_ctor_with_tokens(self):
@@ -1297,37 +1486,53 @@ class TestAuthTicket(unittest.TestCase):
self.assertEqual(result, '126fd6224912187ee9ffa80e0b81420c')
def test_digest_sha512(self):
- ticket = self._makeOne('secret', 'userid', '0.0.0.0',
- time=10, hashalg='sha512')
+ ticket = self._makeOne(
+ 'secret', 'userid', '0.0.0.0', time=10, hashalg='sha512'
+ )
result = ticket.digest()
- self.assertEqual(result, '74770b2e0d5b1a54c2a466ec567a40f7d7823576aa49'\
- '3c65fc3445e9b44097f4a80410319ef8cb256a2e60b9'\
- 'c2002e48a9e33a3e8ee4379352c04ef96d2cb278')
+ self.assertEqual(
+ result,
+ '74770b2e0d5b1a54c2a466ec567a40f7d7823576aa49'
+ '3c65fc3445e9b44097f4a80410319ef8cb256a2e60b9'
+ 'c2002e48a9e33a3e8ee4379352c04ef96d2cb278',
+ )
def test_cookie_value(self):
- ticket = self._makeOne('secret', 'userid', '0.0.0.0', time=10,
- tokens=('a', 'b'))
+ ticket = self._makeOne(
+ 'secret', 'userid', '0.0.0.0', time=10, tokens=('a', 'b')
+ )
result = ticket.cookie_value()
- self.assertEqual(result,
- '66f9cc3e423dc57c91df696cf3d1f0d80000000auserid!a,b!')
+ self.assertEqual(
+ result, '66f9cc3e423dc57c91df696cf3d1f0d80000000auserid!a,b!'
+ )
def test_ipv4(self):
- ticket = self._makeOne('secret', 'userid', '198.51.100.1',
- time=10, hashalg='sha256')
+ ticket = self._makeOne(
+ 'secret', 'userid', '198.51.100.1', time=10, hashalg='sha256'
+ )
result = ticket.cookie_value()
- self.assertEqual(result, 'b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b'\
- '798400ecdade8d76c530000000auserid!')
+ self.assertEqual(
+ result,
+ 'b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b'
+ '798400ecdade8d76c530000000auserid!',
+ )
def test_ipv6(self):
- ticket = self._makeOne('secret', 'userid', '2001:db8::1',
- time=10, hashalg='sha256')
+ ticket = self._makeOne(
+ 'secret', 'userid', '2001:db8::1', time=10, hashalg='sha256'
+ )
result = ticket.cookie_value()
- self.assertEqual(result, 'd025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c8'\
- '5becf8760cd7a2fa4910000000auserid!')
+ self.assertEqual(
+ result,
+ 'd025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c8'
+ '5becf8760cd7a2fa4910000000auserid!',
+ )
+
class TestBadTicket(unittest.TestCase):
def _makeOne(self, msg, expected=None):
from pyramid.authentication import BadTicket
+
return BadTicket(msg, expected)
def test_it(self):
@@ -1335,14 +1540,19 @@ class TestBadTicket(unittest.TestCase):
self.assertEqual(exc.expected, True)
self.assertTrue(isinstance(exc, Exception))
+
class Test_parse_ticket(unittest.TestCase):
def _callFUT(self, secret, ticket, ip, hashalg='md5'):
from pyramid.authentication import parse_ticket
+
return parse_ticket(secret, ticket, ip, hashalg)
def _assertRaisesBadTicket(self, secret, ticket, ip, hashalg='md5'):
from pyramid.authentication import BadTicket
- self.assertRaises(BadTicket,self._callFUT, secret, ticket, ip, hashalg)
+
+ self.assertRaises(
+ BadTicket, self._callFUT, secret, ticket, ip, hashalg
+ )
def test_bad_timestamp(self):
ticket = 'x' * 64
@@ -1362,27 +1572,35 @@ class Test_parse_ticket(unittest.TestCase):
self.assertEqual(result, (10, 'userid', ['a', 'b'], ''))
def test_correct_with_user_data_sha512(self):
- ticket = text_('7d947cdef99bad55f8e3382a8bd089bb9dd0547f7925b7d189adc1'
- '160cab0ec0e6888faa41eba641a18522b26f19109f3ffafb769767'
- 'ba8a26d02aaeae56599a0000000auserid!a,b!')
+ ticket = text_(
+ '7d947cdef99bad55f8e3382a8bd089bb9dd0547f7925b7d189adc1'
+ '160cab0ec0e6888faa41eba641a18522b26f19109f3ffafb769767'
+ 'ba8a26d02aaeae56599a0000000auserid!a,b!'
+ )
result = self._callFUT('secret', ticket, '0.0.0.0', 'sha512')
self.assertEqual(result, (10, 'userid', ['a', 'b'], ''))
def test_ipv4(self):
- ticket = text_('b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b798400ecd'
- 'ade8d76c530000000auserid!')
+ ticket = text_(
+ 'b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b798400ecd'
+ 'ade8d76c530000000auserid!'
+ )
result = self._callFUT('secret', ticket, '198.51.100.1', 'sha256')
self.assertEqual(result, (10, 'userid', [''], ''))
def test_ipv6(self):
- ticket = text_('d025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c85becf8760'
- 'cd7a2fa4910000000auserid!')
+ ticket = text_(
+ 'd025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c85becf8760'
+ 'cd7a2fa4910000000auserid!'
+ )
result = self._callFUT('secret', ticket, '2001:db8::1', 'sha256')
self.assertEqual(result, (10, 'userid', [''], ''))
+
class TestSessionAuthenticationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import SessionAuthenticationPolicy
+
return SessionAuthenticationPolicy
def _makeOne(self, callback=None, prefix=''):
@@ -1391,11 +1609,13 @@ class TestSessionAuthenticationPolicy(unittest.TestCase):
def test_class_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthenticationPolicy
+
verifyClass(IAuthenticationPolicy, self._getTargetClass())
def test_instance_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyObject
from pyramid.interfaces import IAuthenticationPolicy
+
verifyObject(IAuthenticationPolicy, self._makeOne())
def test_unauthenticated_userid_returns_None(self):
@@ -1404,7 +1624,7 @@ class TestSessionAuthenticationPolicy(unittest.TestCase):
self.assertEqual(policy.unauthenticated_userid(request), None)
def test_unauthenticated_userid(self):
- request = DummyRequest(session={'userid':'fred'})
+ request = DummyRequest(session={'userid': 'fred'})
policy = self._makeOne()
self.assertEqual(policy.unauthenticated_userid(request), 'fred')
@@ -1414,42 +1634,55 @@ class TestSessionAuthenticationPolicy(unittest.TestCase):
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid_callback_returns_None(self):
- request = DummyRequest(session={'userid':'fred'})
+ request = DummyRequest(session={'userid': 'fred'})
+
def callback(userid, request):
return None
+
policy = self._makeOne(callback)
self.assertEqual(policy.authenticated_userid(request), None)
def test_authenticated_userid(self):
- request = DummyRequest(session={'userid':'fred'})
+ request = DummyRequest(session={'userid': 'fred'})
+
def callback(userid, request):
return True
+
policy = self._makeOne(callback)
self.assertEqual(policy.authenticated_userid(request), 'fred')
def test_effective_principals_no_identity(self):
from pyramid.security import Everyone
+
request = DummyRequest()
policy = self._makeOne()
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals_callback_returns_None(self):
from pyramid.security import Everyone
- request = DummyRequest(session={'userid':'fred'})
+
+ request = DummyRequest(session={'userid': 'fred'})
+
def callback(userid, request):
return None
+
policy = self._makeOne(callback)
self.assertEqual(policy.effective_principals(request), [Everyone])
def test_effective_principals(self):
from pyramid.security import Everyone
from pyramid.security import Authenticated
- request = DummyRequest(session={'userid':'fred'})
+
+ request = DummyRequest(session={'userid': 'fred'})
+
def callback(userid, request):
return ['group.foo']
+
policy = self._makeOne(callback)
- self.assertEqual(policy.effective_principals(request),
- [Everyone, Authenticated, 'fred', 'group.foo'])
+ self.assertEqual(
+ policy.effective_principals(request),
+ [Everyone, Authenticated, 'fred', 'group.foo'],
+ )
def test_remember(self):
request = DummyRequest()
@@ -1459,7 +1692,7 @@ class TestSessionAuthenticationPolicy(unittest.TestCase):
self.assertEqual(result, [])
def test_forget(self):
- request = DummyRequest(session={'userid':'fred'})
+ request = DummyRequest(session={'userid': 'fred'})
policy = self._makeOne()
result = policy.forget(request)
self.assertEqual(request.session.get('userid'), None)
@@ -1472,9 +1705,11 @@ class TestSessionAuthenticationPolicy(unittest.TestCase):
self.assertEqual(request.session.get('userid'), None)
self.assertEqual(result, [])
+
class TestBasicAuthAuthenticationPolicy(unittest.TestCase):
def _getTargetClass(self):
from pyramid.authentication import BasicAuthAuthenticationPolicy as cls
+
return cls
def _makeOne(self, check):
@@ -1483,13 +1718,16 @@ class TestBasicAuthAuthenticationPolicy(unittest.TestCase):
def test_class_implements_IAuthenticationPolicy(self):
from zope.interface.verify import verifyClass
from pyramid.interfaces import IAuthenticationPolicy
+
verifyClass(IAuthenticationPolicy, self._getTargetClass())
def test_unauthenticated_userid(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'Basic %s' % base64.b64encode(
- bytes_('chrisr:password')).decode('ascii')
+ bytes_('chrisr:password')
+ ).decode('ascii')
policy = self._makeOne(None)
self.assertEqual(policy.unauthenticated_userid(request), 'chrisr')
@@ -1518,45 +1756,65 @@ class TestBasicAuthAuthenticationPolicy(unittest.TestCase):
def test_authenticated_userid(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'Basic %s' % base64.b64encode(
- bytes_('chrisr:password')).decode('ascii')
+ bytes_('chrisr:password')
+ ).decode('ascii')
+
def check(username, password, request):
return []
+
policy = self._makeOne(check)
self.assertEqual(policy.authenticated_userid(request), 'chrisr')
def test_authenticated_userid_utf8(self):
import base64
+
request = testing.DummyRequest()
- inputs = (b'm\xc3\xb6rk\xc3\xb6:'
- b'm\xc3\xb6rk\xc3\xb6password').decode('utf-8')
+ inputs = (
+ b'm\xc3\xb6rk\xc3\xb6:' b'm\xc3\xb6rk\xc3\xb6password'
+ ).decode('utf-8')
request.headers['Authorization'] = 'Basic %s' % (
- base64.b64encode(inputs.encode('utf-8')).decode('latin-1'))
+ base64.b64encode(inputs.encode('utf-8')).decode('latin-1')
+ )
+
def check(username, password, request):
return []
+
policy = self._makeOne(check)
- self.assertEqual(policy.authenticated_userid(request),
- b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'))
+ self.assertEqual(
+ policy.authenticated_userid(request),
+ b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
+ )
def test_authenticated_userid_latin1(self):
import base64
+
request = testing.DummyRequest()
- inputs = (b'm\xc3\xb6rk\xc3\xb6:'
- b'm\xc3\xb6rk\xc3\xb6password').decode('utf-8')
+ inputs = (
+ b'm\xc3\xb6rk\xc3\xb6:' b'm\xc3\xb6rk\xc3\xb6password'
+ ).decode('utf-8')
request.headers['Authorization'] = 'Basic %s' % (
- base64.b64encode(inputs.encode('latin-1')).decode('latin-1'))
+ base64.b64encode(inputs.encode('latin-1')).decode('latin-1')
+ )
+
def check(username, password, request):
return []
+
policy = self._makeOne(check)
- self.assertEqual(policy.authenticated_userid(request),
- b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'))
+ self.assertEqual(
+ policy.authenticated_userid(request),
+ b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
+ )
def test_unauthenticated_userid_invalid_payload(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'Basic %s' % base64.b64encode(
- bytes_('chrisrpassword')).decode('ascii')
+ bytes_('chrisrpassword')
+ ).decode('ascii')
policy = self._makeOne(None)
self.assertEqual(policy.unauthenticated_userid(request), None)
@@ -1566,13 +1824,16 @@ class TestBasicAuthAuthenticationPolicy(unittest.TestCase):
def test_forget(self):
policy = self._makeOne(None)
- self.assertEqual(policy.forget(None), [
- ('WWW-Authenticate', 'Basic realm="SomeRealm"')])
+ self.assertEqual(
+ policy.forget(None),
+ [('WWW-Authenticate', 'Basic realm="SomeRealm"')],
+ )
class TestExtractHTTPBasicCredentials(unittest.TestCase):
def _get_func(self):
from pyramid.authentication import extract_http_basic_credentials
+
return extract_http_basic_credentials
def test_no_auth_header(self):
@@ -1583,17 +1844,21 @@ class TestExtractHTTPBasicCredentials(unittest.TestCase):
def test_invalid_payload(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'Basic %s' % base64.b64encode(
- bytes_('chrisrpassword')).decode('ascii')
+ bytes_('chrisrpassword')
+ ).decode('ascii')
fn = self._get_func()
self.assertIsNone(fn(request))
def test_not_a_basic_auth_scheme(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'OtherScheme %s' % base64.b64encode(
- bytes_('chrisr:password')).decode('ascii')
+ bytes_('chrisr:password')
+ ).decode('ascii')
fn = self._get_func()
self.assertIsNone(fn(request))
@@ -1605,44 +1870,60 @@ class TestExtractHTTPBasicCredentials(unittest.TestCase):
def test_latin1_payload(self):
import base64
+
request = testing.DummyRequest()
- inputs = (b'm\xc3\xb6rk\xc3\xb6:'
- b'm\xc3\xb6rk\xc3\xb6password').decode('utf-8')
+ inputs = (
+ b'm\xc3\xb6rk\xc3\xb6:' b'm\xc3\xb6rk\xc3\xb6password'
+ ).decode('utf-8')
request.headers['Authorization'] = 'Basic %s' % (
- base64.b64encode(inputs.encode('latin-1')).decode('latin-1'))
+ base64.b64encode(inputs.encode('latin-1')).decode('latin-1')
+ )
fn = self._get_func()
- self.assertEqual(fn(request), (
- b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
- b'm\xc3\xb6rk\xc3\xb6password'.decode('utf-8')
- ))
+ self.assertEqual(
+ fn(request),
+ (
+ b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
+ b'm\xc3\xb6rk\xc3\xb6password'.decode('utf-8'),
+ ),
+ )
def test_utf8_payload(self):
import base64
+
request = testing.DummyRequest()
- inputs = (b'm\xc3\xb6rk\xc3\xb6:'
- b'm\xc3\xb6rk\xc3\xb6password').decode('utf-8')
+ inputs = (
+ b'm\xc3\xb6rk\xc3\xb6:' b'm\xc3\xb6rk\xc3\xb6password'
+ ).decode('utf-8')
request.headers['Authorization'] = 'Basic %s' % (
- base64.b64encode(inputs.encode('utf-8')).decode('latin-1'))
+ base64.b64encode(inputs.encode('utf-8')).decode('latin-1')
+ )
fn = self._get_func()
- self.assertEqual(fn(request), (
- b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
- b'm\xc3\xb6rk\xc3\xb6password'.decode('utf-8')
- ))
+ self.assertEqual(
+ fn(request),
+ (
+ b'm\xc3\xb6rk\xc3\xb6'.decode('utf-8'),
+ b'm\xc3\xb6rk\xc3\xb6password'.decode('utf-8'),
+ ),
+ )
def test_namedtuple_return(self):
import base64
+
request = testing.DummyRequest()
request.headers['Authorization'] = 'Basic %s' % base64.b64encode(
- bytes_('chrisr:pass')).decode('ascii')
+ bytes_('chrisr:pass')
+ ).decode('ascii')
fn = self._get_func()
result = fn(request)
self.assertEqual(result.username, 'chrisr')
self.assertEqual(result.password, 'pass')
-
+
+
class DummyContext:
pass
+
class DummyCookies(object):
def __init__(self, cookie):
self.cookie = cookie
@@ -1650,8 +1931,10 @@ class DummyCookies(object):
def get(self, name):
return self.cookie
+
class DummyRequest:
domain = 'localhost'
+
def __init__(self, environ=None, session=None, registry=None, cookie=None):
self.environ = environ or {}
self.session = session or {}
@@ -1662,6 +1945,7 @@ class DummyRequest:
def add_response_callback(self, callback):
self.callbacks.append(callback)
+
class DummyWhoPlugin:
def remember(self, environ, identity):
return environ, identity
@@ -1669,6 +1953,7 @@ class DummyWhoPlugin:
def forget(self, environ, identity):
return environ, identity
+
class DummyCookieHelper:
def __init__(self, result):
self.result = result
@@ -1683,15 +1968,24 @@ class DummyCookieHelper:
def forget(self, *arg):
return []
+
class DummyAuthTktModule(object):
- def __init__(self, timestamp=0, userid='userid', tokens=(), user_data='',
- parse_raise=False, hashalg="md5"):
+ def __init__(
+ self,
+ timestamp=0,
+ userid='userid',
+ tokens=(),
+ user_data='',
+ parse_raise=False,
+ hashalg="md5",
+ ):
self.timestamp = timestamp
self.userid = userid
self.tokens = tokens
self.user_data = user_data
self.parse_raise = parse_raise
self.hashalg = hashalg
+
def parse_ticket(secret, value, remote_addr, hashalg):
self.secret = secret
self.value = value
@@ -1699,6 +1993,7 @@ class DummyAuthTktModule(object):
if self.parse_raise:
raise self.BadTicket()
return self.timestamp, self.userid, self.tokens, self.user_data
+
self.parse_ticket = parse_ticket
class AuthTicket(object):
@@ -1710,10 +2005,10 @@ class DummyAuthTktModule(object):
def cookie_value(self):
result = {
- 'secret':self.secret,
- 'userid':self.userid,
- 'remote_addr':self.remote_addr
- }
+ 'secret': self.secret,
+ 'userid': self.userid,
+ 'remote_addr': self.remote_addr,
+ }
result.update(self.kw)
tokens = result.pop('tokens', None)
if tokens is not None:
@@ -1724,15 +2019,16 @@ class DummyAuthTktModule(object):
for k, v in items:
if isinstance(v, bytes):
v = text_(v)
- new_items.append((k,v))
- result = '/'.join(['%s=%s' % (k, v) for k,v in new_items ])
+ new_items.append((k, v))
+ result = '/'.join(['%s=%s' % (k, v) for k, v in new_items])
return result
+
self.AuthTicket = AuthTicket
class BadTicket(Exception):
pass
+
class DummyResponse:
def __init__(self):
self.headerlist = []
-
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-10 21:16:00 +0000