diff options
-rw-r--r-- | service/pixelated/resources/auth.py | 27 | ||||
-rw-r--r-- | service/test/unit/resources/test_auth.py | 43 |
2 files changed, 47 insertions, 23 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py index 833c0f9d..a2054f18 100644 --- a/service/pixelated/resources/auth.py +++ b/service/pixelated/resources/auth.py @@ -64,10 +64,18 @@ class SessionChecker(object): class PixelatedRealm(object): implements(portal.IRealm) + def __init__(self, authenticated_resource, public_resource): + self._authenticated_resource = authenticated_resource + self._public_resource = public_resource + def requestAvatar(self, avatarId, mind, *interfaces): - if IResource in interfaces: - return IResource, avatarId, lambda: None - raise NotImplementedError() + if IResource not in interfaces: + raise NotImplementedError() + if avatarId == checkers.ANONYMOUS: + avatar = self._public_resource + else: + avatar = self._authenticated_resource + return IResource, avatar, lambda: None @implementer(IResource) @@ -93,23 +101,18 @@ class PixelatedAuthSessionWrapper(object): return util.DeferredResource(self._login(creds, request)) def _login(self, credentials, request): - pattern = re.compile("^/sandbox/") - def loginSucceeded(args): interface, avatar, logout = args - if avatar == checkers.ANONYMOUS and not pattern.match(request.path): - return self._anonymous_resource - else: - return self._root_resource + # TODO: make sandbox public + return avatar def loginFailed(result): if result.check(error.Unauthorized, error.LoginFailed): return UnauthorizedResource(self._credentialFactories) else: - log.err( - result, + log.error( "PixelatedAuthSessionWrapper.getChildWithDefault encountered " - "unexpected error") + "unexpected error: %s" % result) return ErrorPage(500, None, None) d = self._portal.login(credentials, None, IResource) diff --git a/service/test/unit/resources/test_auth.py b/service/test/unit/resources/test_auth.py index 2b85a3cf..6bd0338a 100644 --- a/service/test/unit/resources/test_auth.py +++ b/service/test/unit/resources/test_auth.py @@ -1,34 +1,55 @@ from mockito import mock, when, any as ANY -from pixelated.resources.auth import PixelatedAuthSessionWrapper +from pixelated.resources.auth import SessionChecker, PixelatedRealm, PixelatedAuthSessionWrapper from pixelated.resources.login_resource import LoginResource from pixelated.resources.root_resource import RootResource from test.unit.resources import DummySite from twisted.cred import error -from twisted.cred.checkers import ANONYMOUS +from twisted.cred.checkers import ANONYMOUS, AllowAnonymousAccess +from twisted.cred.portal import Portal from twisted.internet.defer import succeed, fail from twisted.python import failure from twisted.trial import unittest from twisted.web._auth.wrapper import UnauthorizedResource -from twisted.web.resource import IResource +from twisted.web.resource import IResource, getChildForRequest from twisted.web.test.requesthelper import DummyRequest +class TestPixelatedRealm(unittest.TestCase): + + def setUp(self): + self.authenticated_root_resource = mock() + self.public_root_resource = mock() + self.realm = PixelatedRealm(self.authenticated_root_resource, self.public_root_resource) + + def test_anonymous_user_gets_anonymous_resource(self): + interface, avatar, logout_handler = self.realm.requestAvatar(ANONYMOUS, None, IResource) + self.assertEqual(interface, IResource) + self.assertIs(avatar, self.public_root_resource) + + def test_authenticated_user_gets_root_resource(self): + interface, avatar, logout_handler = self.realm.requestAvatar('username', None, IResource) + self.assertEqual(interface, IResource) + self.assertIs(avatar, self.authenticated_root_resource) + + class TestPixelatedAuthSessionWrapper(unittest.TestCase): def setUp(self): - self.portal_mock = mock() - self.user_uuid_mock = mock() + self.realm_mock = mock() services_factory = mock() + session_checker = SessionChecker(services_factory) + self.portal = Portal(self.realm_mock, [session_checker, AllowAnonymousAccess()]) + self.user_uuid_mock = mock() self.root_resource = RootResource(services_factory) self.anonymous_resource_mock = mock() - self.session_wrapper = PixelatedAuthSessionWrapper(self.portal_mock, self.root_resource, self.anonymous_resource_mock) + self.session_wrapper = PixelatedAuthSessionWrapper(self.portal, self.root_resource, self.anonymous_resource_mock) self.request = DummyRequest([]) self.request.prepath = [''] self.request.path = '/' def test_should_proxy_to_login_resource_when_the_user_is_not_logged_in(self): - when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, ANONYMOUS, lambda: None))) + when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None)) deferred_resource = self.session_wrapper.getChildWithDefault('', self.request) d = deferred_resource.d @@ -40,7 +61,7 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase): return d def test_should_proxy_to_root_resource_when_the_user_is_logged_in(self): - when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, self.user_uuid_mock, lambda: None))) + when(self.realm_mock).requestAvatar(ANY(), None, IResource).thenReturn((IResource, self.root_resource, lambda: None)) deferred_resource = self.session_wrapper.getChildWithDefault('', self.request) d = deferred_resource.d @@ -51,14 +72,14 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase): d.addCallback(assert_root_resource) return d - def test_should_proxy_to_unauthorized_resource_when_login_fails(self): - when(self.portal_mock).login(ANY(), None, IResource).thenReturn(fail(failure.Failure(error.UnhandledCredentials('dummy message')))) + def test_should_X_when_unauthenticated_user_requests_non_public_resource(self): + when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None)) deferred_resource = self.session_wrapper.getChildWithDefault('', self.request) d = deferred_resource.d def assert_unauthorized_resource(resource): - self.assertIsInstance(resource, UnauthorizedResource) + self.assertIs(resource, self.anonymous_resource_mock) d.addCallback(assert_unauthorized_resource) return d |