本文整理汇总了Python中plone.protect.authenticator.AuthenticatorView类的典型用法代码示例。如果您正苦于以下问题:Python AuthenticatorView类的具体用法?Python AuthenticatorView怎么用?Python AuthenticatorView使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了AuthenticatorView类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: testCSRF
def testCSRF(self):
""" test csrf protection """
# for this test, we need a bit more serious request simulation
from ZPublisher.HTTPRequest import HTTPRequest
from ZPublisher.HTTPResponse import HTTPResponse
environ = {}
environ.setdefault("SERVER_NAME", "foo")
environ.setdefault("SERVER_PORT", "80")
environ.setdefault("REQUEST_METHOD", "POST")
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
request.form = {"topic": "test subject", "replyto": "[email protected]", "comments": "test comments"}
self.ff1.checkAuthenticator = True
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# with authenticator... no error
tag = AuthenticatorView("context", "request").authenticator()
token = tag.split('"')[5]
request.form["_authenticator"] = token
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual(errors, {})
# sneaky GET request
environ["REQUEST_METHOD"] = "GET"
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# bad authenticator
request.form["_authenticator"] = "inauthentic"
request = HTTPRequest(sys.stdin, environ, HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
示例2: testCSRF
def testCSRF(self):
""" test CSRF check on data clear """
# create a saver and add a record
self.ff1.invokeFactory('FormSaveDataAdapter', 'saver')
saver = self.ff1.saver
self.ff1.setActionAdapter( ('saver',) )
request = FakeRequest(topic = 'test subject', replyto='[email protected]', comments='test comments')
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual( errors, {} )
# for the rest of this test, we need a bit more serious request simulation
environ = {}
environ.setdefault('SERVER_NAME', 'foo')
environ.setdefault('SERVER_PORT', '80')
environ.setdefault('REQUEST_METHOD', 'POST')
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
# clearSavedFormInput is part of the API, so it should work if there's no
# request
saver.clearSavedFormInput()
# But, if this is from a form, we should need a valid authenticator
request.form = {'clearSavedFormInput':'1',}
self.assertRaises(zExceptions.Forbidden, saver.clearSavedFormInput, **{'request':request})
# with authenticator... no error
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
request.form['_authenticator'] = token
saver.clearSavedFormInput(request=request)
示例3: checkAuthenticator
def checkAuthenticator(self, path, query='', status=200):
credentials = '%s:%s' % (ptc.default_user, ptc.default_password)
path = '/' + self.portal.absolute_url(relative=True) + path
data = StringIO(query)
# without authenticator...
response = self.publish(path=path, basic=credentials, env={},
request_method='POST', stdin=data)
self.assertEqual(response.getStatus(), 403)
# with authenticator...
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
data = StringIO(query + '&_authenticator=%s' % token)
response = self.publish(path=path, basic=credentials, env={},
request_method='POST', stdin=data)
self.assertEqual(response.getStatus(), status)
示例4: AuthenticatorTests
class AuthenticatorTests(KeyringTestCase):
def setUp(self):
KeyringTestCase.setUp(self)
self.view = AuthenticatorView(None, None)
def setUsername(self, name):
user = getSecurityManager().getUser()
user.name = name
def setSecret(self, secret):
self.manager['_forms'].data[0] = secret
def testIsHtmlInput(self):
auth = self.view.authenticator()
self.failUnless(auth.startswith("<input"))
self.failUnless(auth.endswith("/>"))
def testDiffersPerUser(self):
one = self.view.authenticator()
self.setUsername("other")
two = self.view.authenticator()
self.assertNotEqual(one, two)
def testDiffersPerSecret(self):
one = self.view.authenticator()
self.setSecret("other")
two = self.view.authenticator()
self.assertNotEqual(one, two)
def testDiffersPerExtra(self):
one = self.view.authenticator()
two = self.view.authenticator('some-extra-value')
self.assertNotEqual(one, two)
示例5: testCSRF
def testCSRF(self):
""" test csrf protection """
# for this test, we need a bit more serious request simulation
from ZPublisher.HTTPRequest import HTTPRequest
from ZPublisher.HTTPResponse import HTTPResponse
environ = {}
environ.setdefault('SERVER_NAME', 'foo')
environ.setdefault('SERVER_PORT', '80')
environ.setdefault('REQUEST_METHOD', 'POST')
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
request.form = {
'topic': 'test subject',
'replyto': '[email protected]',
'comments': 'test comments',
}
self.ff1.CSRFProtection = True
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# with authenticator... no error
tag = AuthenticatorView('context', 'request').authenticator()
token = tag.split('"')[5]
request.form['_authenticator'] = token
errors = self.ff1.fgvalidate(REQUEST=request)
self.assertEqual(errors, {})
# sneaky GET request
environ['REQUEST_METHOD'] = 'GET'
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
# bad authenticator
request.form['_authenticator'] = 'inauthentic'
request = HTTPRequest(sys.stdin,
environ,
HTTPResponse(stdout=sys.stdout))
self.assertRaises(zExceptions.Forbidden, self.ff1.fgvalidate, request)
示例6: VerifyTests
class VerifyTests(KeyringTestCase):
key_size = 2
def setUp(self):
self.request = MockRequest()
super(VerifyTests, self).setUp()
self.view = AuthenticatorView(None, self.request)
def setAuthenticator(self, key, extra='', name="_authenticator"):
user = getSecurityManager().getUser().getUserName()
if six.PY3:
user = user.encode('utf-8')
extra = extra.encode('utf-8')
auth = hmac.new(key.encode('utf-8'), user + extra, sha).hexdigest()
self.request[name] = auth
def testCorrectAuthenticator(self):
self.manager['_forms'].data[0] = "secret"
self.setAuthenticator("secret")
self.assertEqual(self.view.verify(), True)
def testCustomAuthenticatorKeyName(self):
self.manager['_forms'].data[0] = "secret"
self.setAuthenticator("secret", name="_my_authenticator")
self.assertEqual(self.view.verify(name="_my_authenticator"), True)
def testOlderSecretVerifies(self):
self.manager['_forms'].data[1] = "backup"
self.setAuthenticator("backup")
self.assertEqual(self.view.verify(), True)
def testMissingAuthenticator(self):
self.assertEqual(self.view.verify(), False)
def testIncorrectAuthenticator(self):
self.request["_authenticator"] = "incorrect"
self.assertEqual(self.view.verify(), False)
def testAuthenticatorWrongType(self):
self.request["_authenticator"] = 123
self.assertEqual(self.view.verify(), False)
def testExtraArgumentCanBeVerified(self):
self.manager['_forms'].data[0] = "secret"
self.setAuthenticator("secret", 'some-extra-value')
self.assertEqual(self.view.verify('some-extra-value'), True)
示例7: VerifyTests
class VerifyTests(KeyringTestCase):
def setUp(self):
self.request = MockRequest()
KeyringTestCase.setUp(self)
self.view = AuthenticatorView(None, self.request)
def setAuthenticator(self, key, extra='', name="_authenticator"):
user = getSecurityManager().getUser().getUserName()
auth = hmac.new(key, user + extra, sha).hexdigest()
self.request[name] = auth
def testCorrectAuthenticator(self):
self.manager.keys[0] = ("secret")
self.setAuthenticator("secret")
self.assertEqual(self.view.verify(), True)
def testCustomAuthenticatorKeyName(self):
self.manager.keys[0] = ("secret")
self.setAuthenticator("secret", name="_my_authenticator")
self.assertEqual(self.view.verify(name="_my_authenticator"), True)
def testOlderSecretVerifies(self):
self.manager.keys[3] = "backup"
self.setAuthenticator("backup")
self.assertEqual(self.view.verify(), True)
def testMissingAuthenticator(self):
self.assertEqual(self.view.verify(), False)
def testIncorrectAuthenticator(self):
self.request["_authenticator"] = "incorrect"
self.assertEqual(self.view.verify(), False)
def testAuthenticatorWrongType(self):
self.request["_authenticator"] = 123
self.assertEqual(self.view.verify(), False)
def testExtraArgumentCanBeVerified(self):
self.manager.keys[0] = ("secret")
self.setAuthenticator("secret", 'some-extra-value')
self.assertEqual(self.view.verify('some-extra-value'), True)
示例8: setUp
def setUp(self):
self.request = MockRequest()
super(VerifyTests, self).setUp()
self.view = AuthenticatorView(None, self.request)