From b50db20c0a6603a3ea5f0b704baee1983fc34c1d Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Tue, 29 Nov 2016 10:16:38 +0100
Subject: return resource instead of username/avatarId as avatar

---
 service/pixelated/resources/auth.py      | 27 +++++++++++---------
 service/test/unit/resources/test_auth.py | 43 ++++++++++++++++++++++++--------
 2 files changed, 47 insertions(+), 23 deletions(-)

(limited to 'service')

diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 833c0f9d..a2054f18 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -64,10 +64,18 @@ class SessionChecker(object):
 class PixelatedRealm(object):
     implements(portal.IRealm)
 
+    def __init__(self, authenticated_resource, public_resource):
+        self._authenticated_resource = authenticated_resource
+        self._public_resource = public_resource
+
     def requestAvatar(self, avatarId, mind, *interfaces):
-        if IResource in interfaces:
-            return IResource, avatarId, lambda: None
-        raise NotImplementedError()
+        if IResource not in interfaces:
+            raise NotImplementedError()
+        if avatarId == checkers.ANONYMOUS:
+            avatar = self._public_resource
+        else:
+            avatar = self._authenticated_resource
+        return IResource, avatar, lambda: None
 
 
 @implementer(IResource)
@@ -93,23 +101,18 @@ class PixelatedAuthSessionWrapper(object):
         return util.DeferredResource(self._login(creds, request))
 
     def _login(self, credentials, request):
-        pattern = re.compile("^/sandbox/")
-
         def loginSucceeded(args):
             interface, avatar, logout = args
-            if avatar == checkers.ANONYMOUS and not pattern.match(request.path):
-                return self._anonymous_resource
-            else:
-                return self._root_resource
+            # TODO: make sandbox public
+            return avatar
 
         def loginFailed(result):
             if result.check(error.Unauthorized, error.LoginFailed):
                 return UnauthorizedResource(self._credentialFactories)
             else:
-                log.err(
-                    result,
+                log.error(
                     "PixelatedAuthSessionWrapper.getChildWithDefault encountered "
-                    "unexpected error")
+                    "unexpected error: %s" % result)
                 return ErrorPage(500, None, None)
 
         d = self._portal.login(credentials, None, IResource)
diff --git a/service/test/unit/resources/test_auth.py b/service/test/unit/resources/test_auth.py
index 2b85a3cf..6bd0338a 100644
--- a/service/test/unit/resources/test_auth.py
+++ b/service/test/unit/resources/test_auth.py
@@ -1,34 +1,55 @@
 from mockito import mock, when, any as ANY
-from pixelated.resources.auth import PixelatedAuthSessionWrapper
+from pixelated.resources.auth import SessionChecker, PixelatedRealm, PixelatedAuthSessionWrapper
 from pixelated.resources.login_resource import LoginResource
 from pixelated.resources.root_resource import RootResource
 from test.unit.resources import DummySite
 from twisted.cred import error
-from twisted.cred.checkers import ANONYMOUS
+from twisted.cred.checkers import ANONYMOUS, AllowAnonymousAccess
+from twisted.cred.portal import Portal
 from twisted.internet.defer import succeed, fail
 from twisted.python import failure
 from twisted.trial import unittest
 from twisted.web._auth.wrapper import UnauthorizedResource
-from twisted.web.resource import IResource
+from twisted.web.resource import IResource, getChildForRequest
 from twisted.web.test.requesthelper import DummyRequest
 
 
+class TestPixelatedRealm(unittest.TestCase):
+
+    def setUp(self):
+        self.authenticated_root_resource = mock()
+        self.public_root_resource = mock()
+        self.realm = PixelatedRealm(self.authenticated_root_resource, self.public_root_resource)
+
+    def test_anonymous_user_gets_anonymous_resource(self):
+        interface, avatar, logout_handler = self.realm.requestAvatar(ANONYMOUS, None, IResource)
+        self.assertEqual(interface, IResource)
+        self.assertIs(avatar, self.public_root_resource)
+
+    def test_authenticated_user_gets_root_resource(self):
+        interface, avatar, logout_handler = self.realm.requestAvatar('username', None, IResource)
+        self.assertEqual(interface, IResource)
+        self.assertIs(avatar, self.authenticated_root_resource)
+
+
 class TestPixelatedAuthSessionWrapper(unittest.TestCase):
 
     def setUp(self):
-        self.portal_mock = mock()
-        self.user_uuid_mock = mock()
+        self.realm_mock = mock()
         services_factory = mock()
+        session_checker = SessionChecker(services_factory)
+        self.portal = Portal(self.realm_mock, [session_checker, AllowAnonymousAccess()])
+        self.user_uuid_mock = mock()
         self.root_resource = RootResource(services_factory)
         self.anonymous_resource_mock = mock()
 
-        self.session_wrapper = PixelatedAuthSessionWrapper(self.portal_mock, self.root_resource, self.anonymous_resource_mock)
+        self.session_wrapper = PixelatedAuthSessionWrapper(self.portal, self.root_resource, self.anonymous_resource_mock)
         self.request = DummyRequest([])
         self.request.prepath = ['']
         self.request.path = '/'
 
     def test_should_proxy_to_login_resource_when_the_user_is_not_logged_in(self):
-        when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, ANONYMOUS, lambda: None)))
+        when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
 
         deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
         d = deferred_resource.d
@@ -40,7 +61,7 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase):
         return d
 
     def test_should_proxy_to_root_resource_when_the_user_is_logged_in(self):
-        when(self.portal_mock).login(ANY(), None, IResource).thenReturn(succeed((IResource, self.user_uuid_mock, lambda: None)))
+        when(self.realm_mock).requestAvatar(ANY(), None, IResource).thenReturn((IResource, self.root_resource, lambda: None))
 
         deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
         d = deferred_resource.d
@@ -51,14 +72,14 @@ class TestPixelatedAuthSessionWrapper(unittest.TestCase):
         d.addCallback(assert_root_resource)
         return d
 
-    def test_should_proxy_to_unauthorized_resource_when_login_fails(self):
-        when(self.portal_mock).login(ANY(), None, IResource).thenReturn(fail(failure.Failure(error.UnhandledCredentials('dummy message'))))
+    def test_should_X_when_unauthenticated_user_requests_non_public_resource(self):
+        when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
 
         deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
         d = deferred_resource.d
 
         def assert_unauthorized_resource(resource):
-            self.assertIsInstance(resource, UnauthorizedResource)
+            self.assertIs(resource, self.anonymous_resource_mock)
 
         d.addCallback(assert_unauthorized_resource)
         return d
-- 
cgit v1.2.3