Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F91703868
access_control_firerole_tests.py
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Wed, Nov 13, 16:18
Size
7 KB
Mime Type
text/x-python
Expires
Fri, Nov 15, 16:18 (2 d)
Engine
blob
Format
Raw Data
Handle
22278096
Attached To
R3600 invenio-infoscience
access_control_firerole_tests.py
View Options
# -*- coding: utf-8 -*-
##
## This file is part of Invenio.
## Copyright (C) 2007, 2008, 2009, 2010, 2011 CERN.
##
## Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""Unit tests for the access_control_firerole library."""
__revision__
=
"$Id$"
import
unittest
from
invenio.access_control_firerole
import
compile_role_definition
,
\
serialize
,
deserialize
,
acc_firerole_check_user
from
invenio.access_control_config
import
InvenioWebAccessFireroleError
,
\
CFG_ACC_EMPTY_ROLE_DEFINITION_SER
from
invenio.testutils
import
make_test_suite
,
run_test_suite
from
invenio.webuser
import
collect_user_info
class
AccessControlFireRoleTest
(
unittest
.
TestCase
):
"""Test functions related to the firewall like role definitions."""
def
setUp
(
self
):
"""setting up helper variables for tests"""
self
.
user_info
=
{
'email'
:
'foo.bar@cern.ch'
,
'uid'
:
1000
,
'group'
:
[
'patata'
,
'cetriolo'
],
'remote_ip'
:
'127.0.0.1'
}
self
.
guest
=
collect_user_info
({})
def
test_compile_role_definition_empty
(
self
):
"""firerole - compiling empty role definitions"""
self
.
assertEqual
(
compile_role_definition
(
None
),
deserialize
(
CFG_ACC_EMPTY_ROLE_DEFINITION_SER
))
def
test_compile_role_definition_allow_any
(
self
):
"""firerole - compiling allow any role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow any"
)))
def
test_compile_role_definition_deny_any
(
self
):
"""firerole - compiling deny any role definitions"""
self
.
failIf
(
serialize
(
compile_role_definition
(
"deny any"
)))
def
test_compile_role_definition_literal_field
(
self
):
"""firerole - compiling literal field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email 'info@invenio-software.org'"
)))
def
test_compile_role_definition_not
(
self
):
"""firerole - compiling not role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow not email 'info@invenio-software.org'"
)))
def
test_compile_role_definition_group_field
(
self
):
"""firerole - compiling group field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow groups 'patata'"
)))
def
test_compile_role_definition_regexp_field
(
self
):
"""firerole - compiling regexp field role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/"
)))
def
test_compile_role_definition_literal_list
(
self
):
"""firerole - compiling literal list role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email 'info@invenio-software.org', 'foo.bar@cern.ch'"
)))
def
test_compile_role_definition_more_rows
(
self
):
"""firerole - compiling more rows role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/
\n
allow groups 'patata' "
"# a comment
\n
deny any"
)))
def
test_compile_role_definition_complex
(
self
):
"""firerole - compiling complex role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow email /.*@cern.ch/
\n
allow groups 'patata' "
"# a comment
\n
deny remote_ip '127.0.0.0/24'
\n
deny any"
)))
def
test_compile_role_definition_with_date
(
self
):
"""firerole - compiling date based role definitions"""
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow from '2010-11-11'"
)))
self
.
failUnless
(
serialize
(
compile_role_definition
(
"allow until '2010-11-11'"
)))
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow from '2010-11-11','2010-11-23'"
)
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow from '2010-11'"
)
def
test_compile_role_definition_wrong
(
self
):
"""firerole - compiling wrong role definitions"""
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"allow al"
)
self
.
assertRaises
(
InvenioWebAccessFireroleError
,
compile_role_definition
,
"fgdfglk g fgk"
)
def
test_deserialize
(
self
):
"""firerole - deserializing"""
self
.
assertEqual
(
compile_role_definition
(
"allow any"
),
(
True
,
()))
def
test_firerole_literal_email
(
self
):
"""firerole - firerole core testing literal email matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow email 'info@invenio-software.org',"
"'foo.bar@cern.ch'
\n
deny any"
)))
def
test_firerole_regexp_email
(
self
):
"""firerole - firerole core testing regexp email matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow email /.*@cern.ch/
\n
deny any"
)))
def
test_firerole_literal_group
(
self
):
"""firerole - firerole core testing literal group matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow groups 'patata'
\n
deny any"
)))
def
test_firerole_ip_mask
(
self
):
"""firerole - firerole core testing ip mask matching"""
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow remote_ip '127.0.0.0/24'"
"
\n
deny any"
)))
def
test_firerole_non_existant_group
(
self
):
"""firerole - firerole core testing non existant group matching"""
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow groups 'patat'
\n
deny any"
)))
def
test_firerole_with_future_date
(
self
):
"""firerole - firerole core testing with future date"""
import
time
future_date
=
time
.
strftime
(
'%Y-%m-
%d
'
,
time
.
gmtime
(
time
.
time
()
+
24
*
3600
*
2
))
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow until '
%s
'
\n
allow any"
%
future_date
)))
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow from '
%s
'
\n
allow any"
%
future_date
)))
def
test_firerole_with_past_date
(
self
):
"""firerole - firerole core testing with past date"""
import
time
past_date
=
time
.
strftime
(
'%Y-%m-
%d
'
,
time
.
gmtime
(
time
.
time
()
-
24
*
3600
*
2
))
self
.
failIf
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow until '
%s
'
\n
allow any"
%
past_date
)))
self
.
failUnless
(
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"allow from '
%s
'
\n
allow any"
%
past_date
)))
def
test_firerole_empty
(
self
):
"""firerole - firerole core testing empty matching"""
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
None
)))
def
test_firerole_uid
(
self
):
"""firerole - firerole core testing with integer uid"""
self
.
assertEqual
(
False
,
acc_firerole_check_user
(
self
.
guest
,
compile_role_definition
(
"deny uid '-1'
\n
allow all"
)))
self
.
assertEqual
(
True
,
acc_firerole_check_user
(
self
.
user_info
,
compile_role_definition
(
"deny uid '-1'
\n
allow all"
)))
TEST_SUITE
=
make_test_suite
(
AccessControlFireRoleTest
,)
if
__name__
==
"__main__"
:
run_test_suite
(
TEST_SUITE
)
Event Timeline
Log In to Comment