vigiboard / vigiboard / tests / functional / test_authentication.py @ 57f7cb3f
History | View | Annotate | Download (3.44 KB)
1 |
# -*- coding: utf-8 -*-
|
---|---|
2 |
"""
|
3 |
Integration tests for the :mod:`repoze.who`-powered authentication sub-system.
|
4 |
|
5 |
As vigiboard grows and the authentication method changes, only these tests
|
6 |
should be updated.
|
7 |
|
8 |
"""
|
9 |
|
10 |
from vigiboard.tests import TestController |
11 |
|
12 |
|
13 |
class TestAuthentication(TestController): |
14 |
"""
|
15 |
Tests for the default authentication setup.
|
16 |
|
17 |
By default in TurboGears 2, :mod:`repoze.who` is configured with the same
|
18 |
plugins specified by repoze.what-quickstart (which are listed in
|
19 |
http://code.gustavonarea.net/repoze.what-quickstart/#repoze.what.plugins.quickstart.setup_sql_auth).
|
20 |
|
21 |
As the settings for those plugins change, or the plugins are replaced,
|
22 |
these tests should be updated.
|
23 |
|
24 |
"""
|
25 |
|
26 |
application_under_test = 'main'
|
27 |
|
28 |
def test_forced_login(self): |
29 |
"""
|
30 |
Anonymous users must be redirected to the login form when authorization
|
31 |
is denied.
|
32 |
|
33 |
Next, upon successful login they should be redirected to the initially
|
34 |
requested page.
|
35 |
|
36 |
"""
|
37 |
# Requesting a protected area
|
38 |
resp = self.app.get('/secc/', status=302) |
39 |
assert resp.location.startswith('http://localhost/login') |
40 |
# Getting the login form:
|
41 |
resp = resp.follow(status=200)
|
42 |
form = resp.form |
43 |
# Submitting the login form:
|
44 |
form['login'] = u'manager' |
45 |
form['password'] = 'managepass' |
46 |
post_login = form.submit(status=302)
|
47 |
# Being redirected to the initially requested page:
|
48 |
assert post_login.location.startswith('http://localhost/post_login') |
49 |
initial_page = post_login.follow(status=302)
|
50 |
assert 'authtkt' in initial_page.request.cookies, \ |
51 |
"Session cookie wasn't defined: %s" % initial_page.request.cookies
|
52 |
assert initial_page.location.startswith('http://localhost/secc/'), \ |
53 |
initial_page.location |
54 |
|
55 |
def test_voluntary_login(self): |
56 |
"""Voluntary logins must work correctly"""
|
57 |
# Going to the login form voluntarily:
|
58 |
resp = self.app.get('/login', status=200) |
59 |
form = resp.form |
60 |
# Submitting the login form:
|
61 |
form['login'] = u'manager' |
62 |
form['password'] = 'managepass' |
63 |
post_login = form.submit(status=302)
|
64 |
# Being redirected to the home page:
|
65 |
assert post_login.location.startswith('http://localhost/post_login') |
66 |
home_page = post_login.follow(status=302)
|
67 |
assert 'authtkt' in home_page.request.cookies, \ |
68 |
'Session cookie was not defined: %s' % home_page.request.cookies
|
69 |
assert home_page.location == 'http://localhost/' |
70 |
|
71 |
def test_logout(self): |
72 |
"""Logouts must work correctly"""
|
73 |
# Logging in voluntarily the quick way:
|
74 |
resp = self.app.get('/login_handler?login=manager&password=managepass', |
75 |
status=302)
|
76 |
resp = resp.follow(status=302)
|
77 |
assert 'authtkt' in resp.request.cookies, \ |
78 |
'Session cookie was not defined: %s' % resp.request.cookies
|
79 |
# Logging out:
|
80 |
resp = self.app.get('/logout_handler', status=302) |
81 |
assert resp.location.startswith('http://localhost/post_logout') |
82 |
# Finally, redirected to the home page:
|
83 |
home_page = resp.follow(status=302)
|
84 |
assert home_page.request.cookies.get('authtkt') == '', \ |
85 |
'Session cookie was not deleted: %s' % home_page.request.cookies
|
86 |
assert home_page.location == 'http://localhost/', home_page.location |