summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--service/pixelated/resources/auth.py27
-rw-r--r--service/test/unit/resources/test_auth.py43
2 files changed, 47 insertions, 23 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 833c0f9d..a2054f18 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -64,10 +64,18 @@ class SessionChecker(object):
class PixelatedRealm(object):
implements(portal.IRealm)
+ def __init__(self, authenticated_resource, public_resource):
+ self._authenticated_resource = authenticated_resource
+ self._public_resource = public_resource
+
def requestAvatar(self, avatarId, mind, *interfaces):
- if IResource in interfaces:
- return IResource, avatarId, lambda: None
- raise NotImplementedError()
+ if IResource not in interfaces:
+ raise NotImplementedError()
+ if avatarId == checkers.ANONYMOUS:
+ avatar = self._public_resource
+ else:
+ avatar = self._authenticated_resource
+ return IResource, avatar, lambda: None
@implementer(IResource)
@@ -93,23 +101,18 @@ class PixelatedAuthSessionWrapper(object):
return util.DeferredResource(self._login(creds, request))
def _login(self, credentials, request):
- pattern = re.compile("^/sandbox/")
-
def loginSucceeded(args):
interface, avatar, logout = args
- if avatar == checkers.ANONYMOUS and not pattern.match(request.path):
- return self._anonymous_resource
- else:
- return self._root_resource
+ # TODO: make sandbox public
+ return avatar
def loginFailed(result):
if result.check(error.Unauthorized, error.LoginFailed):
return UnauthorizedResource(self._credentialFactories)
else:
- log.err(
- result,
+ log.error(
"PixelatedAuthSessionWrapper.getChildWithDefault encountered "
- "unexpected error")
+ "unexpected error: %s" % result)
return ErrorPage(500, None, None)
d = self._portal.login(credentials, None, IResource)
diff --git a/service/test/unit/resources/test_auth.py b/service/test/unit/resources/test_auth.py
index 2b85a3cf..6bd0338a 100644
--- a/service/test/unit/resources/test_auth.py
+++ b/service/test/unit/resources/test_auth.py
@@ -1,34 +1,55 @@
from mockito import mock, when, any as ANY
-from pixelated.resources.auth import PixelatedAuthSessionWrapper
+from pixelated.resources.auth import SessionChecker, PixelatedRealm, PixelatedAuthSessionWrapper
from pixelated.resources.login_resource import LoginResource
from pixelated.resources.root_resource import RootResource
from test.unit.resources import DummySite
from twisted.cred import error
-from twisted.cred.checkers import ANONYMOUS
+from twisted.cred.checkers import ANONYMOUS, AllowAnonymousAccess
+from twisted.cred.portal import Portal
from twisted.internet.defer import succeed, fail
from twisted.python import failure
from twisted.trial import unittest
from twisted.web._auth.wrapper import UnauthorizedResource
-from twisted.web.resource import IResource
+from twisted.web.resource import IResource, getChildForRequest
from twisted.web.test.requesthelper import DummyRequest
+class TestPixelatedRealm(unittest.TestCase):
+
+ def setUp(self):
+ self.authenticated_root_resource = mock()
+ self.public_root_resource = mock()
+ self.realm = PixelatedRealm(self.authenticated_root_resource, self.public_root_resource)
+
+ def test_anonymous_user_gets_anonymous_resource(self):
+ interface, avatar, logout_handler = self.realm.requestAvatar(ANONYMOUS, None, IResource)
+ self.assertEqual(interface, IResource)
+ self.assertIs(avatar, self.public_root_resource)
+
+ def test_authenticated_user_gets_root_resource(self):
+ interface, avatar, logout_handler = self.realm.requestAvatar('username', None, IResource)
+ self.assertEqual(interface, IResource)
+ self.assertIs(avatar, self.authenticated_root_resource)
+
+
class TestPixelatedAuthSessionWrapper(unittest.TestCase):
def setUp(self):
- self.portal_mock = mock()
- self.user_uuid_mock = mock()
+ self.realm_mock = mock()
services_factory = mock()
+ session_checker = SessionChecker(services_factory)
+ self.portal = Portal(self.realm_mock, [session_checker, AllowAnonymousAccess()])
+ self.user_uuid_mock = mock()
self.root_resource = RootResource(services_factory)
self.anonymous_resource_mock = mock()
- self.session_wrapper = PixelatedAuthSessionWrapper(self.portal_mock, self.root_resource, self.anonymous_resource_mock)
+ self.session_wrapper = PixelatedAuthSessionWrapper(self.portal, self.root_resource, self.anonymous_resource_mock)
self.request = DummyRequest([])
self.request.prepath = ['']
self.request.path = '/'
def test_should_proxy_to_login_resource_when_the_user_is_not_logged_in(self):
- when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, ANONYMOUS, lambda: None)))
+ when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
d = deferred_resource.d
@@ -40,7 +61,7 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase):
return d
def test_should_proxy_to_root_resource_when_the_user_is_logged_in(self):
- when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, self.user_uuid_mock, lambda: None)))
+ when(self.realm_mock).requestAvatar(ANY(), None, IResource).thenReturn((IResource, self.root_resource, lambda: None))
deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
d = deferred_resource.d
@@ -51,14 +72,14 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase):
d.addCallback(assert_root_resource)
return d
- def test_should_proxy_to_unauthorized_resource_when_login_fails(self):
- when(self.portal_mock).login(ANY(), None, IResource).thenReturn(fail(failure.Failure(error.UnhandledCredentials('dummy message'))))
+ def test_should_X_when_unauthenticated_user_requests_non_public_resource(self):
+ when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
d = deferred_resource.d
def assert_unauthorized_resource(resource):
- self.assertIsInstance(resource, UnauthorizedResource)
+ self.assertIs(resource, self.anonymous_resource_mock)
d.addCallback(assert_unauthorized_resource)
return d