Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F92249798
test_firerole.py
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Mon, Nov 18, 18:29
Size
9 KB
Mime Type
text/x-python
Expires
Wed, Nov 20, 18:29 (2 d)
Engine
blob
Format
Raw Data
Handle
22404300
Attached To
R3600 invenio-infoscience
test_firerole.py
View Options
# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2007, 2008, 2009, 2010, 2011, 2013 CERN.
#
# Invenio is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# Invenio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Invenio; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""Unit tests for the access_control_firerole library."""
__revision__
=
"$Id$"
from
invenio.base.wrappers
import
lazy_import
from
invenio.testsuite
import
make_test_suite
,
run_test_suite
,
InvenioTestCase
acc_firerole_check_user
=
lazy_import
(
'invenio.modules.access.firerole:acc_firerole_check_user'
)
compile_role_definition
=
lazy_import
(
'invenio.modules.access.firerole:compile_role_definition'
)
deserialize
=
lazy_import
(
'invenio.modules.access.firerole:deserialize'
)
serialize
=
lazy_import
(
'invenio.modules.access.firerole:serialize'
)
collect_user_info
=
lazy_import
(
'invenio.legacy.webuser:collect_user_info'
)
class
AccessControlFireRoleTest
(
InvenioTestCase
):
"""Test functions related to the firewall like role definitions."""
def
setUp
(
self
):
"""setting up helper variables for tests"""
self
.
user_info
=
{
'email'
:
'foo.bar@cern.ch'
,
'uid'
:
1000
,
'group'
:
[
'patata'
,
'cetriolo'
],
'remote_ip'
:
'127.0.0.1'
,
'guest'
:
'0'
}
self
.
guest
=
collect_user_info
(
None
)
def
test_compile_role_definition_empty
(
self
):
"""firerole - compiling empty role definitions"""
from
invenio.modules.access.local_config
import
CFG_ACC_EMPTY_ROLE_DEFINITION_SER
self
.
assertEqual
(
compile_role_definition
(
None
),
deserialize
(
CFG_ACC_EMPTY_ROLE_DEFINITION_SER
))
def
test_compile_role_definition_allow_any
(
self
):
"""firerole - compiling allow any role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow any"
)))
def
test_compile_role_definition_deny_any
(
self
):
"""firerole - compiling deny any role definitions"""
self
.
failIf
(
serialize
(
compile_role_definition
(
"deny any"
)))
def
test_compile_role_definition_literal_field
(
self
):
"""firerole - compiling literal field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email 'info@invenio-software.org'"
)))
def
test_compile_role_definition_not
(
self
):
"""firerole - compiling not role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow not email 'info@invenio-software.org'"
)))
def
test_compile_role_definition_group_field
(
self
):
"""firerole - compiling group field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow groups 'patata'"
)))
def
test_compile_role_definition_regexp_field
(
self
):
"""firerole - compiling regexp field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/"
)))
def
test_compile_role_definition_literal_list
(
self
):
"""firerole - compiling literal list role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email 'info@invenio-software.org', 'foo.bar@cern.ch'"
)))
def
test_compile_role_definition_more_rows
(
self
):
"""firerole - compiling more rows role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/
\n
allow groups 'patata' "
"# a comment
\n
deny any"
)))
def
test_compile_role_definition_guest_field
(
self
):
"""firerole - compiling guest field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow guest '1'"
)))
def
test_compile_role_definition_complex
(
self
):
"""firerole - compiling complex role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/
\n
allow groups 'patata' "
"# a comment
\n
deny remote_ip '127.0.0.0/24'
\n
deny any"
)))
def
test_compile_role_definition_with_date
(
self
):
"""firerole - compiling date based role definitions"""
from
invenio.modules.access.errors
import
InvenioWebAccessFireroleError
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow from '2010-11-11'"
)))
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow until '2010-11-11'"
)))
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow from '2010-11-11','2010-11-23'"
)
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow from '2010-11'"
)
def
test_compile_role_definition_wrong
(
self
):
"""firerole - compiling wrong role definitions"""
from
invenio.modules.access.errors
import
InvenioWebAccessFireroleError
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow al"
)
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"fgdfglk g fgk"
)
def
test_deserialize
(
self
):
"""firerole - deserializing"""
self
.
assertEqual
(
compile_role_definition
(
"allow any"
),
(
True
,
()))
def
test_firerole_literal_email
(
self
):
"""firerole - firerole core testing literal email matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow email 'info@invenio-software.org',"
"'foo.bar@cern.ch'
\n
deny any"
)))
def
test_firerole_regexp_email
(
self
):
"""firerole - firerole core testing regexp email matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow email /.*@cern.ch/
\n
deny any"
)))
def
test_firerole_literal_group
(
self
):
"""firerole - firerole core testing literal group matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow groups 'patata'
\n
deny any"
)))
def
test_firerole_ip_mask
(
self
):
"""firerole - firerole core testing ip mask matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow remote_ip '127.0.0.0/24'"
"
\n
deny any"
)))
self
.
failIf
(
acc_firerole_check_user
(
self
.
guest
,
compile_role_definition
(
"allow remote_ip '127.0.0.0/24'"
"
\n
deny any"
)))
def
test_firerole_non_existant_group
(
self
):
"""firerole - firerole core testing non existant group matching"""
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow groups 'patat'
\n
deny any"
)))
def
test_firerole_with_future_date
(
self
):
"""firerole - firerole core testing with future date"""
import
time
future_date
=
time
.
strftime
(
'%Y-%m-
%d
'
,
time
.
gmtime
(
time
.
time
()
+
24
*
3600
*
2
))
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow until '
%s
'
\n
allow any"
%
future_date
)))
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow from '
%s
'
\n
allow any"
%
future_date
)))
def
test_firerole_with_past_date
(
self
):
"""firerole - firerole core testing with past date"""
import
time
past_date
=
time
.
strftime
(
'%Y-%m-
%d
'
,
time
.
gmtime
(
time
.
time
()
-
24
*
3600
*
2
))
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow until '
%s
'
\n
allow any"
%
past_date
)))
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow from '
%s
'
\n
allow any"
%
past_date
)))
def
test_firerole_empty
(
self
):
"""firerole - firerole core testing empty matching"""
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
None
)))
def
test_firerole_uid
(
self
):
"""firerole - firerole core testing with integer uid"""
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
guest
,
compile_role_definition
(
"deny uid '-1', '0'
\n
allow all"
)))
self
.
assertEqual
(
True
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny uid '-1', '0'
\n
allow all"
)))
def
test_firerole_guest
(
self
):
"""firerole - firerole core testing with guest"""
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
guest
,
compile_role_definition
(
"deny guest '1'
\n
allow all"
)))
self
.
assertEqual
(
True
,
acc_firerole_check_user
(
self
.
guest
,
compile_role_definition
(
"deny guest '0'
\n
allow all"
)))
self
.
assertEqual
(
True
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny guest '1'
\n
allow all"
)))
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny guest '0'
\n
allow all"
)))
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny guest '1'
\n
deny all"
)))
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny guest '0'
\n
deny all"
)))
TEST_SUITE
=
make_test_suite
(
AccessControlFireRoleTest
,)
if
__name__
==
"__main__"
:
run_test_suite
(
TEST_SUITE
)
Event Timeline
Log In to Comment