[config] update configuration

- rename config option from main/secret-key into trustedauth/trustedauth-secret-key-file - move the registration callback from hooks.py to entities.py to make it called by the repository **and** the web server - fix config for unittests

[config] update configuration
- rename config option from main/secret-key into trustedauth/trustedauth-secret-key-file - move the registration callback from hooks.py to entities.py to make it called by the repository **and** the web server - fix config for unittests
27f373f8 · David Douard · da78f9032895 · a918d6cd · a918d6cd · a918d6cd
Commit 27f373f8 authored Jan 19, 2011 by David Douard
--- a/entities.py
+++ b/entities.py
@@ -15,3 +15,18 @@
 # with this program. If not, see <http://www.gnu.org/licenses/>.

 """cubicweb-trustedauth entity's classes"""
+
+from cubicweb import ConfigurationError
+
+CONFENTRY = 'trustedauth-secret-key-file'
+
+# the presence of this registration callback here is a small hack to
+# make sure the secret key file is loaded on both sides of cw (repo
+# and web)
+def registration_callback(vreg):
+    secret = open(vreg.config.get(CONFENTRY, "")).read().strip()
+    if not secret or len(secret) > 32:
+        raise ConfigurationError('secret key must me a string 0 < len(key) <= 32')
+    
+    vreg.config._secret = secret.ljust(32, '#')
+    vreg.debug('loaded secret key')
--- a/hooks.py
+++ b/hooks.py
@@ -14,23 +14,11 @@ from cubes.trustedauth.authplugin import XRemoteUserAuthentifier

 class ServerStartupHook(hook.Hook):
    """register authentifier at startup"""
-    __regid__ = 'xremoteuserinit'
+    __regid__ = 'trustedauth.xremoteuserinit'
    events = ('server_startup',)

    def __call__(self):
        # XXX use named args and inner functions to avoid referencing globals
        # which may cause reloading pb
-        self.debug('registering kerberos authentifier')
+        self.debug('registering trusted authentifier')
        self.repo.system_source.add_authentifier(XRemoteUserAuthentifier())
-
-CONFENTRY = 'secret-key-filepath'
-def registration_callback(vreg):
-    fpath = vreg.config.get(CONFENTRY)
-    if fpath is None or not osp.exists(fpath):
-        msg = 'invalid or missing value for the %s' % CONFENTRY
-        vreg.error(msg)
-    else:
-        vreg.register(ServerStartupHook)
-        # XXX won't work in distributed setup
-        vreg.config._secret = open(fpath, 'rb').read().strip()
-        vreg.debug('loaded secret key')
--- a/site_cubicweb.py
+++ b/site_cubicweb.py
 _ = unicode

 options = (
-    ('secret-key-filepath',
+    ('trustedauth-secret-key-file',
     {'type': 'string',
-      'help': _('Qualified file path to the shared secret key'),
-      'group': 'main'
+      'help': _('Qualified file path to the shared secret key between'
+                'the web part and the data repository'),
+      'group': 'trustedauth',
      }),
    )
--- a/test/data/all-in-one.conf
+++ b/test/data/all-in-one.conf
+[TRUSTEDAUTH]
+trustedauth-secret-key-file="data/secretfile"
--- a/test/data/secretfile
+++ b/test/data/secretfile
+secretkey
--- a/test/unittest_trustedauth.py
+++ b/test/unittest_trustedauth.py
@@ -24,7 +24,7 @@ import logging
 import tempfile

 from logilab.common.testlib import TestCase, unittest_main
-from logilab.common.decorators import clear_cache
+from logilab.common.decorators import clear_cache, classproperty

 from cubicweb import AuthenticationError, Unauthorized
 from cubicweb.devtools.testlib import CubicWebTC
@@ -32,68 +32,35 @@ from cubicweb.devtools.fake import FakeRequest
 from cubicweb.web import LogOut, Redirect, INTERNAL_FIELD_VALUE
 from cubicweb.web.views.basecontrollers import ViewController

-CONFIG = u'''secret-key=%s'''
+CONFIG = u'''trustedauth-secret-key-file=%s'''
 secretfile = None

+def setUpModule():
+    global secretfile
+    config = TrustAuthTC.config
+    home = config.apphome
+    print home

 class TrustAuthTC(CubicWebTC):
-    def setUp(self):
-        if self.config._cubes is None:
-            self.config.init_cubes(self.config.expand_cubes(('trustedauth',)))
-        self.set_option('secret-key', "mysecret")
-        super(TrustAuthTC, self).setUp()

-    def setup_database(self):
-        for log in 'cubicweb', 'cubicweb.cubes', 'cubicweb.twisted':
-            logger = logging.getLogger(log)
-            logger.handlers = [logging.StreamHandler(sys.stdout)]
-            logger.setLevel(logging.DEBUG)
-
-    def _reset_cookie(self, req):
-        # preparing the suite of the test
-        # set session id in cookie
-        cookie = Cookie.SimpleCookie()
-        sessioncookie = self.app.session_handler.session_cookie(req)
-        cookie[sessioncookie] = req.session.sessionid
-        req._headers['Cookie'] = cookie[sessioncookie].OutputString()
-        clear_cache(req, 'get_authorization')
-        # reset session as if it was a new incoming request
-        req.session = req.cnx = None
-
-    def _test_auth_anon(self, req):
-        self.app.connect(req)
-        asession = req.session
-        self.assertEqual(len(self.open_sessions), 1)
-        self.assertEqual(asession.login, 'anon')
-        self.assertEqual(asession.authinfo['password'], 'anon')
-        self.failUnless(asession.anonymous_session)
-        self._reset_cookie(req)
-
-    def _test_anon_auth_fail(self, req):
-        self.assertEqual(len(self.open_sessions), 1)
-        self.app.connect(req)
-        self.assertEqual(req.message, 'authentication failure')
-        self.assertEqual(req.session.anonymous_session, True)
-        self.assertEqual(len(self.open_sessions), 1)
-        self._reset_cookie(req)
+    ## def setup_database(self):
+    ##     for log in 'cubicweb', 'cubicweb.cubes', 'cubicweb.twisted':
+    ##         logger = logging.getLogger(log)
+    ##         logger.handlers = [logging.StreamHandler(sys.stdout)]
+    ##         logger.setLevel(logging.DEBUG)

    def test_login(self):
-        req, origsession = self.init_authentication('http', 'anon')
+        req, origsession = self.init_authentication('http')
        req._headers['x-remote-user'] = 'admin'
        self.assertAuthSuccess(req, origsession)
-        #self.assertEqual(req.session.authinfo, {'secret': origsession.authinfo['password']})
        self.assertRaises(LogOut, self.app_publish, req, 'logout')
        self.assertEqual(len(self.open_sessions), 0)

-    # XXX what is the correct test here?
    def test_failed_login(self):
-        req, origsession = self.init_authentication('http', 'anon')
+        req, origsession = self.init_authentication('http')
        req._headers['x-remote-user'] = 'toto'
-        self._test_auth_anon(req)
-        #self.assertAuthFailure(req)
-        #req, origsession = self.init_authentication('http', 'anon')
+        self.assertAuthFailure(req)
        req._headers['x-remote-user'] = 'admin'
        self.assertAuthSuccess(req, origsession)
-        #self.assertEqual(req.session.authinfo, {'secret': origsession.authinfo['password']})
        self.assertRaises(LogOut, self.app_publish, req, 'logout')
        self.assertEqual(len(self.open_sessions), 0)