import unittest from repoze.decsec.interfaces import Everyone from repoze.decsec.interfaces import Authenticated from repoze.decsec.interfaces import Allow from repoze.decsec.interfaces import Deny _DPRINC = [Everyone, Authenticated] class TestMiddleware(unittest.TestCase): def _getTargetClass(self): from repoze.decsec.middleware import DecsecMiddleware return DecsecMiddleware def _makeOne(self, *arg, **kw): klass = self._getTargetClass() return klass(*arg, **kw) def _rprincipals(self, environ, principals): def request_principals(environ): environ['request_principals_called'] = True return principals return request_principals def _rpermission(self, environ, permission): def request_permission(environ): environ['request_permission_called'] = True return permission return request_permission def _racl(self, environ, acl): def request_acl(environ): environ['request_acl_called'] = True return acl return request_acl def _assertRCalls(self, environ): self.assertEqual(environ['request_acl_called'], True) self.assertEqual(environ['request_permission_called'], True) self.assertEqual(environ['request_principals_called'], True) def _assertResult(self, result, environ, action, acl, principals, permission): self._assertRCalls(environ) allowed = result['allowed'] self.assertEqual(allowed, action == Allow) def sorted(L): new = list(L) new.sort() return new self.assertEqual(result['acl'], acl) self.assertEqual(sorted(result['principals']), sorted(principals)) self.assertEqual(result['permission'], permission) def test_ctor(self): app = DummyApp() d = {} def initializer(conf, mw): d['conf'] = conf d['mw'] = mw conf = {} inst = self._makeOne(app, conf, None, None, None, initializer) self.assertEqual(inst.app, app) self.failUnless(d['conf'] is conf) self.failUnless(d['mw'] is inst) def test_check_allow_oneacl(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, Everyone, 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_deny_oneacl(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Deny, Everyone, 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_check_allow_multiacl(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Deny, Everyone, 'write'), ACE(Allow, Everyone, 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_deny_multiacl(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, Everyone, 'write'), ACE(Deny, Everyone, 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_check_nomatch_deny(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'somebody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_check_nomatch_allow(self): environ = {} principals = ['user', 'group'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'somebody', 'write')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm, nomatch_allow=True) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_nested_principals_list_allow(self): environ = {} principals = ['user','group', ['other', ['inner'] ] ] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'inner', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = ['user','group','other','inner'] + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_nested_principals_list_deny(self): environ = {} principals = ['user','group', ['other', ['inner'] ] ] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'nobody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = ['user','group','other','inner'] + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_check_principals_string_allow(self): environ = {} principals = 'user' rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'user', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = ['user'] + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_principals_string_deny(self): environ = {} principals = 'user' rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'nobody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = ['user'] + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_check_nested_permissions_allow(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) permissions = ['outer', ['inner', ['view']]] acl = [ACE(Allow, 'user', permissions)] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = ['user'] + _DPRINC self._assertResult(result, environ, Allow, acl, p, 'view') def test_check_nested_permissions_deny(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) permissions = ['outer', ['inner', ['view']]] acl = [ACE(Allow, 'nobody', permissions)] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) result = inst.check(environ) p = principals + _DPRINC self._assertResult(result, environ, Deny, acl, p, 'view') def test_call_allow(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, Everyone, 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm) appresult = inst(environ, None) self.assertEqual(appresult, 'got it') self.assertEqual(app.environ, environ) self.assertEqual(app.start_response, None) self._assertRCalls(environ) def test_call_deny(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'nobody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() inst = self._makeOne(app, {}, rprinc, racl, rperm, deny_exception=ValueError) self.assertRaises(ValueError, inst, environ, None) def test_call_deny_logs_at_debug(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'nobody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() stream = DummyStream() import logging inst = self._makeOne(app, {}, rprinc, racl, rperm, deny_exception=ValueError, log_stream=stream, log_level=logging.DEBUG) self.assertRaises(ValueError, inst, environ, None) self.assertEqual(len(stream.written), 1) def test_call_deny_logs_at_info(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ,['user','group']) acl = [ACE(Allow, 'nobody', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() stream = DummyStream() import logging inst = self._makeOne(app, {}, rprinc, racl, rperm, deny_exception=ValueError, log_stream=stream, log_level=logging.INFO) self.assertRaises(ValueError, inst, environ, None) self.assertEqual(len(stream.written), 1) def test_call_allow_logs_at_debug(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'user', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() stream = DummyStream() import logging inst = self._makeOne(app, {}, rprinc, racl, rperm, deny_exception=ValueError, log_stream=stream, log_level=logging.DEBUG) inst(environ, None) self.assertEqual(len(stream.written), 1) def test_call_allow_doesnt_log_at_info(self): environ = {} principals = ['user'] rprinc = self._rprincipals(environ, principals) acl = [ACE(Allow, 'user', 'view')] racl = self._racl(environ, acl ) rperm = self._rpermission(environ, 'view') app = DummyApp() stream = DummyStream() import logging inst = self._makeOne(app, {}, rprinc, racl, rperm, deny_exception=ValueError, log_stream=stream, log_level=logging.INFO) inst(environ, None) self.assertEqual(len(stream.written), 0) class TestMakeMiddleware(unittest.TestCase): def _getFUT(self): from repoze.decsec.middleware import make_middleware return make_middleware def test_makeone(self): fn = self._getFUT() app = DummyApp() global_conf = {} me = 'repoze.decsec.tests' middleware = fn( app, global_conf, request_principals_hook='%s:dummy_request_principals' % me, request_acl_hook='%s:dummy_request_acl' % me, request_permission_hook='%s:dummy_request_permission' % me, before_check_hook='%s:dummy_before_check' % me, after_check_hook='%s:dummy_after_check' % me, initialize_hook='%s:dummy_initialize' % me, log_filename='STDOUT', log_level='debug', nomatch_allow='true', remote_user_key='HALLO', deny_exception='%s:DummyException' %me, ) self.assertEqual(middleware.app, app) self.assertEqual(global_conf['initialize_called'], True) self.assertEqual(middleware.remote_user_key, 'HALLO') self.assertEqual(middleware.deny_exception, DummyException) self.failIf(middleware.logger is None) self.assertEqual(middleware.nomatch_allow, True) self.assertEqual(middleware.request_principals, dummy_request_principals) self.assertEqual(middleware.request_acl, dummy_request_acl) self.assertEqual(middleware.request_permission, dummy_request_permission) self.assertEqual(middleware.before_check, dummy_before_check) self.assertEqual(middleware.after_check, dummy_after_check) def ACE(action, principal, permission): return {'action':action, 'principal':principal, 'permission':permission} class DummyException(Exception): pass def dummy_request_principals(environ): environ['request_principals_called'] = True def dummy_request_acl(environ): environ['request_acl_called'] = True def dummy_request_permission(environ): environ['request_permission_called'] = True def dummy_initialize(global_conf, mw): global_conf['initialize_called'] = True def dummy_before_check(environ): environ['before_check_called'] = True def dummy_after_check(environ): environ['after_check_called'] = True class DummyApp: def __call__(self, environ, start_response): self.environ = environ self.start_response = start_response return 'got it' class DummyStream: def __init__(self): self.written = [] def write(self, msg): self.written.append(msg) def flush(self, *arg, **kw): pass