From dd7614a8e486735b7106331ca6b86229115de249 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 1 Jul 2009 06:46:05 +0000 Subject: - Add three new ZCML directives which configure authentication policies: - ``repozewho1authenticationpolicy`` - ``remoteuserauthenticationpolicy`` - ``authtktauthenticationpolicy`` - Add a new ZCML directive which configures an ACL authorization policy named ``aclauthorizationpolicy``. --- repoze/bfg/includes/meta.zcml | 46 +++++++++++---- repoze/bfg/tests/test_zcml.py | 129 +++++++++++++++++++++++++++++++++++++++++- repoze/bfg/zcml.py | 86 ++++++++++++++++++++++++++++ 3 files changed, 249 insertions(+), 12 deletions(-) (limited to 'repoze') diff --git a/repoze/bfg/includes/meta.zcml b/repoze/bfg/includes/meta.zcml index ba0fc50cc..89a540098 100644 --- a/repoze/bfg/includes/meta.zcml +++ b/repoze/bfg/includes/meta.zcml @@ -28,17 +28,41 @@ handler="repoze.bfg.zcml.forbidden" /> - - - + + + + + + + + + + + diff --git a/repoze/bfg/tests/test_zcml.py b/repoze/bfg/tests/test_zcml.py index cb841013d..37cdaeb61 100644 --- a/repoze/bfg/tests/test_zcml.py +++ b/repoze/bfg/tests/test_zcml.py @@ -579,7 +579,134 @@ class TestForbiddenDirective(unittest.TestCase): self.assertEqual(regadapt['args'][2], IForbiddenView) self.assertEqual(regadapt['args'][3], '') self.assertEqual(regadapt['args'][4], None) - + +class TestRepozeWho1AuthenticationPolicyDirective(unittest.TestCase): + def _callFUT(self, context, **kw): + from repoze.bfg.zcml import repozewho1authenticationpolicy + return repozewho1authenticationpolicy(context, **kw) + + def test_it(self): + context = DummyContext() + def callback(identity, request): + """ """ + self._callFUT(context, identifier_name='auth_tkt', callback=callback) + actions = context.actions + from repoze.bfg.interfaces import IAuthenticationPolicy + from repoze.bfg.zcml import handler + + self.assertEqual(len(actions), 1) + + regadapt = actions[0] + regadapt_discriminator = 'authentication_policy' + self.assertEqual(regadapt['discriminator'], regadapt_discriminator) + self.assertEqual(regadapt['callable'], handler) + self.assertEqual(regadapt['args'][0], 'registerUtility') + policy = regadapt['args'][1] + self.assertEqual(policy.callback, callback) + self.assertEqual(policy.identifier_name, 'auth_tkt') + self.assertEqual(regadapt['args'][2], IAuthenticationPolicy) + self.assertEqual(regadapt['args'][3], '') + self.assertEqual(regadapt['args'][4], None) + +class TestRemoteUserAuthenticationPolicyDirective(unittest.TestCase): + def _callFUT(self, context, **kw): + from repoze.bfg.zcml import remoteuserauthenticationpolicy + return remoteuserauthenticationpolicy(context, **kw) + + def test_it(self): + context = DummyContext() + def callback(identity, request): + """ """ + self._callFUT(context, environ_key='BLAH', callback=callback) + actions = context.actions + from repoze.bfg.interfaces import IAuthenticationPolicy + from repoze.bfg.zcml import handler + + self.assertEqual(len(actions), 1) + + regadapt = actions[0] + regadapt_discriminator = 'authentication_policy' + self.assertEqual(regadapt['discriminator'], regadapt_discriminator) + self.assertEqual(regadapt['callable'], handler) + self.assertEqual(regadapt['args'][0], 'registerUtility') + policy = regadapt['args'][1] + self.assertEqual(policy.environ_key, 'BLAH') + self.assertEqual(policy.callback, callback) + self.assertEqual(regadapt['args'][2], IAuthenticationPolicy) + self.assertEqual(regadapt['args'][3], '') + self.assertEqual(regadapt['args'][4], None) + +class TestAuthTktAuthenticationPolicyDirective(unittest.TestCase): + def _callFUT(self, context, secret, **kw): + from repoze.bfg.zcml import authtktauthenticationpolicy + return authtktauthenticationpolicy(context, secret, **kw) + + def test_it_noconfigerror(self): + context = DummyContext() + def callback(identity, request): + """ """ + self._callFUT(context, 'sosecret', callback=callback, + cookie_name='repoze.bfg.auth_tkt', + secure=True, include_ip=True, timeout=100, + reissue_time=60) + actions = context.actions + from repoze.bfg.interfaces import IAuthenticationPolicy + from repoze.bfg.zcml import handler + + self.assertEqual(len(actions), 1) + + regadapt = actions[0] + regadapt_discriminator = 'authentication_policy' + self.assertEqual(regadapt['discriminator'], regadapt_discriminator) + self.assertEqual(regadapt['callable'], handler) + self.assertEqual(regadapt['args'][0], 'registerUtility') + policy = regadapt['args'][1] + self.assertEqual(policy.cookie.secret, 'sosecret') + self.assertEqual(policy.callback, callback) + self.assertEqual(regadapt['args'][2], IAuthenticationPolicy) + self.assertEqual(regadapt['args'][3], '') + self.assertEqual(regadapt['args'][4], None) + + def test_it_configerror(self): + from zope.configuration.exceptions import ConfigurationError + context = DummyContext() + def callback(identity, request): + """ """ + self.assertRaises(ConfigurationError, + self._callFUT, + context, 'sosecret', callback=callback, + cookie_name='repoze.bfg.auth_tkt', + secure=True, include_ip=True, timeout=100, + reissue_time=500) + +class TestACLAuthorizationPolicyDirective(unittest.TestCase): + def _callFUT(self, context, **kw): + from repoze.bfg.zcml import aclauthorizationpolicy + return aclauthorizationpolicy(context, **kw) + + def test_it(self): + from repoze.bfg.authorization import ACLAuthorizationPolicy + from repoze.bfg.interfaces import IAuthorizationPolicy + from repoze.bfg.zcml import handler + context = DummyContext() + def callback(identity, request): + """ """ + self._callFUT(context) + actions = context.actions + + self.assertEqual(len(actions), 1) + + regadapt = actions[0] + regadapt_discriminator = 'authorization_policy' + self.assertEqual(regadapt['discriminator'], regadapt_discriminator) + self.assertEqual(regadapt['callable'], handler) + self.assertEqual(regadapt['args'][0], 'registerUtility') + policy = regadapt['args'][1] + self.assertEqual(policy.__class__, ACLAuthorizationPolicy) + self.assertEqual(regadapt['args'][2], IAuthorizationPolicy) + self.assertEqual(regadapt['args'][3], '') + self.assertEqual(regadapt['args'][4], None) + class TestDeriveView(unittest.TestCase): def _callFUT(self, view): from repoze.bfg.zcml import derive_view diff --git a/repoze/bfg/zcml.py b/repoze/bfg/zcml.py index 701ca341b..4384924a7 100644 --- a/repoze/bfg/zcml.py +++ b/repoze/bfg/zcml.py @@ -15,6 +15,13 @@ from zope.configuration.fields import GlobalObject from zope.interface import Interface from zope.schema import TextLine +from zope.schema import Bool +from zope.schema import Int + +from repoze.bfg.authentication import RepozeWho1AuthenticationPolicy +from repoze.bfg.authentication import RemoteUserAuthenticationPolicy +from repoze.bfg.authentication import AuthTktAuthenticationPolicy +from repoze.bfg.authorization import ACLAuthorizationPolicy from repoze.bfg.interfaces import IRoutesMapper from repoze.bfg.interfaces import IViewPermission @@ -22,6 +29,7 @@ from repoze.bfg.interfaces import INotFoundAppFactory from repoze.bfg.interfaces import INotFoundView from repoze.bfg.interfaces import IForbiddenView from repoze.bfg.interfaces import IAuthenticationPolicy +from repoze.bfg.interfaces import IAuthorizationPolicy from repoze.bfg.interfaces import ISecurityPolicy from repoze.bfg.interfaces import IView from repoze.bfg.interfaces import IUnauthorizedAppFactory @@ -219,6 +227,84 @@ def resource(context, to_override, override_with): args = (package, path, override_package, override_prefix), ) +class IRepozeWho1AuthenticationPolicyDirective(Interface): + identifier_name = TextLine(title=u'identitfier_name', required=False, + default=u'auth_tkt') + callback = GlobalObject(title=u'callback', required=False) + +def repozewho1authenticationpolicy(_context, identifier_name='auth_tkt', + callback=None): + policy = RepozeWho1AuthenticationPolicy(identifier_name=identifier_name, + callback=callback) + _context.action( + discriminator = 'authentication_policy', + callable = handler, + args = ('registerUtility', policy, IAuthenticationPolicy, '', + _context.info), + ) + +class IRemoteUserAuthenticationPolicyDirective(Interface): + environ_key = TextLine(title=u'environ_key', required=False, + default=u'REMOTE_USER') + callback = GlobalObject(title=u'callback', required=False) + +def remoteuserauthenticationpolicy(_context, environ_key, callback=None): + policy = RemoteUserAuthenticationPolicy(environ_key=environ_key, + callback=callback) + _context.action( + discriminator = 'authentication_policy', + callable = handler, + args = ('registerUtility', policy, IAuthenticationPolicy, '', + _context.info), + ) + +class IAuthTktAuthenticationPolicyDirective(Interface): + secret = TextLine(title=u'secret', required=True) + callback = GlobalObject(title=u'callback', required=False) + cookie_name = TextLine(title=u'cookie_name', required=False, + default=u'repoze.bfg.auth_tkt') + secure = Bool(title=u"secure", required=False, default=False) + include_ip = Bool(title=u"include_ip", required=False, default=False) + timeout = Int(title=u"timeout", required=False, default=None) + reissue_time = Int(title=u"reissue_time", required=False, default=None) + +def authtktauthenticationpolicy(_context, + secret, + callback=None, + cookie_name='repoze.bfg.auth_tkt', + secure=False, + include_ip=False, + timeout=None, + reissue_time=None): + try: + policy = AuthTktAuthenticationPolicy(secret, + callback=callback, + cookie_name=cookie_name, + secure=secure, + include_ip = include_ip, + timeout = timeout, + reissue_time = reissue_time) + except ValueError, why: + raise ConfigurationError(str(why)) + _context.action( + discriminator = 'authentication_policy', + callable = handler, + args = ('registerUtility', policy, IAuthenticationPolicy, '', + _context.info), + ) + +class IACLAuthorizationPolicyDirective(Interface): + pass + +def aclauthorizationpolicy(_context): + policy = ACLAuthorizationPolicy() + _context.action( + discriminator = 'authorization_policy', + callable = handler, + args = ('registerUtility', policy, IAuthorizationPolicy, '', + _context.info), + ) + class IRouteDirective(Interface): """ The interface for the ``route`` ZCML directive """ -- cgit v1.2.3