repoze.who-testutil API¶
Authentication middleware¶
-
class
repoze.who.plugins.testutil.AuthenticationForgerMiddleware(app, identifiers, authenticators, challengers, mdproviders, classifier, challenge_decider, log_stream=None, log_level=20, remote_user_key='REMOTE_USER')¶ PluggableAuthenticationMiddlewareproxy to forge authentication, without bypassing identification.-
__init__(app, identifiers, authenticators, challengers, mdproviders, classifier, challenge_decider, log_stream=None, log_level=20, remote_user_key='REMOTE_USER')¶ Setup authentication in an easy to forge way.
All the arguments received will be passed as is to
repoze.who.middleware.PluggableAuthenticationMiddleware, with one instance ofAuthenticationForgerPluginin:identifiers. This instance will be inserted in the first position of the list.authenticators. Any authenticator passed will be ignored; such an instance will be the only authenticator defined.challengers. Any challenger passed will be ignored; such an instance will be the only challenger defined.
Internally, it will also set
remote_user_keyto'repoze.who.testutil.userid', so that you can use the standard'REMOTE_USER'in your tests.The metadata providers won’t be modified.
-
Middleware makers¶
-
repoze.who.plugins.testutil.make_middleware(skip_authentication=False, *args, **kwargs)¶ Return the requested authentication middleware.
Parameters: skip_authentication (bool) – If True, an instance ofAuthenticationForgerMiddlewarewill be returned instead ofrepoze.who.middleware.PluggableAuthenticationMiddlewareargsandkwargsare the positional and named arguments, respectively, to be passed to the relevant authentication middleware.
-
repoze.who.plugins.testutil.make_middleware_with_config(app, global_conf, config_file, log_file=None, log_level=None, skip_authentication=False)¶ Proxy
repoze.who.config.make_middleware_with_config()to skip authentication when required.If
skip_authenticationevaluates toTrue, then the returned middleware will be an instance ofAuthenticationForgerMiddleware.
repoze.who plugins¶
-
class
repoze.who.plugins.testutil.AuthenticationForgerPlugin(fake_user_key='REMOTE_USER', remote_user_key='repoze.who.testutil.userid')¶ repoze.whoplugin to forge authentication easily and bypassrepoze.whochallenges.This plugin enables you to write identifier and challenger-independent tests. As a result, your protected areas will be easier to test:
To forge authentication, without bypassing identification (i.e., running MD providers), you can use the following WebTest-powered test:
def test_authorization_granted(self): '''The right subject must get what she requested''' environ = {'REMOTE_USER': 'manager'} resp = self.app.get('/admin/', extra_environ=environ, status=200) assert 'some text' in resp.body
As you can see, this is an identifier-independent way to forge authentication.
To check that authorization was denied, in a challenger-independent way, you can use:
def test_authorization_denied_anonymous(self): '''Anonymous users must get a 401 page''' self.app.get('/admin/', status=401) def test_authorization_denied_authenticated(self): '''Authenticated users must get a 403 page''' environ = {'REMOTE_USER': 'editor'} self.app.get('/admin/', extra_environ=environ, status=403)
-
__init__(fake_user_key='REMOTE_USER', remote_user_key='repoze.who.testutil.userid')¶ Parameters:
-
authenticate(environ, identity)¶ Turn the value in
identity['fake-userid']into the remote user’s name.Finally, it removes
identity['fake-userid']so that it won’t reach the WSGI application.
-
challenge(environ, status, app_headers, forget_headers)¶ Return a 401 page unconditionally.
-
forget(environ, identity)¶ Do nothing
-
identify(environ)¶ Pre-authenticate using the user Id found in the relevant
environitem, if any.The user Id. found will be put into
identity['fake-userid'], forauthenticate().
-
remember(environ, identity)¶ Do nothing
