Commit 27f373f8 authored by David Douard's avatar David Douard
Browse files

[config] update configuration

- rename config option from main/secret-key into
  trustedauth/trustedauth-secret-key-file

- move the registration callback from hooks.py to entities.py to
  make it called by the repository **and** the web server

- fix config for unittests
parent da78f9032895
......@@ -15,3 +15,18 @@
# with this program. If not, see <http://www.gnu.org/licenses/>.
"""cubicweb-trustedauth entity's classes"""
from cubicweb import ConfigurationError
CONFENTRY = 'trustedauth-secret-key-file'
# the presence of this registration callback here is a small hack to
# make sure the secret key file is loaded on both sides of cw (repo
# and web)
def registration_callback(vreg):
secret = open(vreg.config.get(CONFENTRY, "")).read().strip()
if not secret or len(secret) > 32:
raise ConfigurationError('secret key must me a string 0 < len(key) <= 32')
vreg.config._secret = secret.ljust(32, '#')
vreg.debug('loaded secret key')
......@@ -14,23 +14,11 @@ from cubes.trustedauth.authplugin import XRemoteUserAuthentifier
class ServerStartupHook(hook.Hook):
"""register authentifier at startup"""
__regid__ = 'xremoteuserinit'
__regid__ = 'trustedauth.xremoteuserinit'
events = ('server_startup',)
def __call__(self):
# XXX use named args and inner functions to avoid referencing globals
# which may cause reloading pb
self.debug('registering kerberos authentifier')
self.debug('registering trusted authentifier')
self.repo.system_source.add_authentifier(XRemoteUserAuthentifier())
CONFENTRY = 'secret-key-filepath'
def registration_callback(vreg):
fpath = vreg.config.get(CONFENTRY)
if fpath is None or not osp.exists(fpath):
msg = 'invalid or missing value for the %s' % CONFENTRY
vreg.error(msg)
else:
vreg.register(ServerStartupHook)
# XXX won't work in distributed setup
vreg.config._secret = open(fpath, 'rb').read().strip()
vreg.debug('loaded secret key')
_ = unicode
options = (
('secret-key-filepath',
('trustedauth-secret-key-file',
{'type': 'string',
'help': _('Qualified file path to the shared secret key'),
'group': 'main'
'help': _('Qualified file path to the shared secret key between'
'the web part and the data repository'),
'group': 'trustedauth',
}),
)
[TRUSTEDAUTH]
trustedauth-secret-key-file="data/secretfile"
......@@ -24,7 +24,7 @@ import logging
import tempfile
from logilab.common.testlib import TestCase, unittest_main
from logilab.common.decorators import clear_cache
from logilab.common.decorators import clear_cache, classproperty
from cubicweb import AuthenticationError, Unauthorized
from cubicweb.devtools.testlib import CubicWebTC
......@@ -32,68 +32,35 @@ from cubicweb.devtools.fake import FakeRequest
from cubicweb.web import LogOut, Redirect, INTERNAL_FIELD_VALUE
from cubicweb.web.views.basecontrollers import ViewController
CONFIG = u'''secret-key=%s'''
CONFIG = u'''trustedauth-secret-key-file=%s'''
secretfile = None
def setUpModule():
global secretfile
config = TrustAuthTC.config
home = config.apphome
print home
class TrustAuthTC(CubicWebTC):
def setUp(self):
if self.config._cubes is None:
self.config.init_cubes(self.config.expand_cubes(('trustedauth',)))
self.set_option('secret-key', "mysecret")
super(TrustAuthTC, self).setUp()
def setup_database(self):
for log in 'cubicweb', 'cubicweb.cubes', 'cubicweb.twisted':
logger = logging.getLogger(log)
logger.handlers = [logging.StreamHandler(sys.stdout)]
logger.setLevel(logging.DEBUG)
def _reset_cookie(self, req):
# preparing the suite of the test
# set session id in cookie
cookie = Cookie.SimpleCookie()
sessioncookie = self.app.session_handler.session_cookie(req)
cookie[sessioncookie] = req.session.sessionid
req._headers['Cookie'] = cookie[sessioncookie].OutputString()
clear_cache(req, 'get_authorization')
# reset session as if it was a new incoming request
req.session = req.cnx = None
def _test_auth_anon(self, req):
self.app.connect(req)
asession = req.session
self.assertEqual(len(self.open_sessions), 1)
self.assertEqual(asession.login, 'anon')
self.assertEqual(asession.authinfo['password'], 'anon')
self.failUnless(asession.anonymous_session)
self._reset_cookie(req)
def _test_anon_auth_fail(self, req):
self.assertEqual(len(self.open_sessions), 1)
self.app.connect(req)
self.assertEqual(req.message, 'authentication failure')
self.assertEqual(req.session.anonymous_session, True)
self.assertEqual(len(self.open_sessions), 1)
self._reset_cookie(req)
## def setup_database(self):
## for log in 'cubicweb', 'cubicweb.cubes', 'cubicweb.twisted':
## logger = logging.getLogger(log)
## logger.handlers = [logging.StreamHandler(sys.stdout)]
## logger.setLevel(logging.DEBUG)
def test_login(self):
req, origsession = self.init_authentication('http', 'anon')
req, origsession = self.init_authentication('http')
req._headers['x-remote-user'] = 'admin'
self.assertAuthSuccess(req, origsession)
#self.assertEqual(req.session.authinfo, {'secret': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
# XXX what is the correct test here?
def test_failed_login(self):
req, origsession = self.init_authentication('http', 'anon')
req, origsession = self.init_authentication('http')
req._headers['x-remote-user'] = 'toto'
self._test_auth_anon(req)
#self.assertAuthFailure(req)
#req, origsession = self.init_authentication('http', 'anon')
self.assertAuthFailure(req)
req._headers['x-remote-user'] = 'admin'
self.assertAuthSuccess(req, origsession)
#self.assertEqual(req.session.authinfo, {'secret': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment