Gestionnaire de fichiers - Editer - /usr/lib/python2.7/site-packages/passlib/tests/test_apache.py
Arrière
"""tests for passlib.apache -- (c) Assurance Technologies 2008-2011""" #============================================================================= # imports #============================================================================= from __future__ import with_statement # core from logging import getLogger import os # site # pkg from passlib import apache from passlib.exc import MissingBackendError from passlib.utils.compat import irange from passlib.tests.utils import TestCase, get_file, set_file, ensure_mtime_changed from passlib.utils.compat import u from passlib.utils import to_bytes # module log = getLogger(__name__) def backdate_file_mtime(path, offset=10): """backdate file's mtime by specified amount""" # NOTE: this is used so we can test code which detects mtime changes, # without having to actually *pause* for that long. atime = os.path.getatime(path) mtime = os.path.getmtime(path)-offset os.utime(path, (atime, mtime)) #============================================================================= # htpasswd #============================================================================= class HtpasswdFileTest(TestCase): """test HtpasswdFile class""" descriptionPrefix = "HtpasswdFile" # sample with 4 users sample_01 = (b'user2:2CHkkwa2AtqGs\n' b'user3:{SHA}3ipNV1GrBtxPmHFC21fCbVCSXIo=\n' b'user4:pass4\n' b'user1:$apr1$t4tc7jTh$GPIWVUo8sQKJlUdV8V5vu0\n') # sample 1 with user 1, 2 deleted; 4 changed sample_02 = b'user3:{SHA}3ipNV1GrBtxPmHFC21fCbVCSXIo=\nuser4:pass4\n' # sample 1 with user2 updated, user 1 first entry removed, and user 5 added sample_03 = (b'user2:pass2x\n' b'user3:{SHA}3ipNV1GrBtxPmHFC21fCbVCSXIo=\n' b'user4:pass4\n' b'user1:$apr1$t4tc7jTh$GPIWVUo8sQKJlUdV8V5vu0\n' b'user5:pass5\n') # standalone sample with 8-bit username sample_04_utf8 = b'user\xc3\xa6:2CHkkwa2AtqGs\n' sample_04_latin1 = b'user\xe6:2CHkkwa2AtqGs\n' sample_dup = b'user1:pass1\nuser1:pass2\n' # sample with bcrypt & sha256_crypt hashes sample_05 = (b'user2:2CHkkwa2AtqGs\n' b'user3:{SHA}3ipNV1GrBtxPmHFC21fCbVCSXIo=\n' b'user4:pass4\n' b'user1:$apr1$t4tc7jTh$GPIWVUo8sQKJlUdV8V5vu0\n' b'user5:$2a$12$yktDxraxijBZ360orOyCOePFGhuis/umyPNJoL5EbsLk.s6SWdrRO\n' b'user6:$5$rounds=110000$cCRp/xUUGVgwR4aP$' b'p0.QKFS5qLNRqw1/47lXYiAcgIjJK.WjCO8nrEKuUK.\n') def test_00_constructor_autoload(self): """test constructor autoload""" # check with existing file path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtpasswdFile(path) self.assertEqual(ht.to_string(), self.sample_01) self.assertEqual(ht.path, path) self.assertTrue(ht.mtime) # check changing path ht.path = path + "x" self.assertEqual(ht.path, path + "x") self.assertFalse(ht.mtime) # check new=True ht = apache.HtpasswdFile(path, new=True) self.assertEqual(ht.to_string(), b"") self.assertEqual(ht.path, path) self.assertFalse(ht.mtime) # check autoload=False (deprecated alias for new=True) with self.assertWarningList("``autoload=False`` is deprecated"): ht = apache.HtpasswdFile(path, autoload=False) self.assertEqual(ht.to_string(), b"") self.assertEqual(ht.path, path) self.assertFalse(ht.mtime) # check missing file os.remove(path) self.assertRaises(IOError, apache.HtpasswdFile, path) # NOTE: "default_scheme" option checked via set_password() test, among others def test_00_from_path(self): path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtpasswdFile.from_path(path) self.assertEqual(ht.to_string(), self.sample_01) self.assertEqual(ht.path, None) self.assertFalse(ht.mtime) def test_01_delete(self): """test delete()""" ht = apache.HtpasswdFile.from_string(self.sample_01) self.assertTrue(ht.delete("user1")) # should delete both entries self.assertTrue(ht.delete("user2")) self.assertFalse(ht.delete("user5")) # user not present self.assertEqual(ht.to_string(), self.sample_02) # invalid user self.assertRaises(ValueError, ht.delete, "user:") def test_01_delete_autosave(self): path = self.mktemp() sample = b'user1:pass1\nuser2:pass2\n' set_file(path, sample) ht = apache.HtpasswdFile(path) ht.delete("user1") self.assertEqual(get_file(path), sample) ht = apache.HtpasswdFile(path, autosave=True) ht.delete("user1") self.assertEqual(get_file(path), b"user2:pass2\n") def test_02_set_password(self): """test set_password()""" ht = apache.HtpasswdFile.from_string( self.sample_01, default_scheme="plaintext") self.assertTrue(ht.set_password("user2", "pass2x")) self.assertFalse(ht.set_password("user5", "pass5")) self.assertEqual(ht.to_string(), self.sample_03) # test legacy default kwd with self.assertWarningList("``default`` is deprecated"): ht = apache.HtpasswdFile.from_string(self.sample_01, default="plaintext") self.assertTrue(ht.set_password("user2", "pass2x")) self.assertFalse(ht.set_password("user5", "pass5")) self.assertEqual(ht.to_string(), self.sample_03) # invalid user self.assertRaises(ValueError, ht.set_password, "user:", "pass") # test that legacy update() still works with self.assertWarningList("update\(\) is deprecated"): ht.update("user2", "test") self.assertTrue(ht.check_password("user2", "test")) def test_02_set_password_autosave(self): path = self.mktemp() sample = b'user1:pass1\n' set_file(path, sample) ht = apache.HtpasswdFile(path) ht.set_password("user1", "pass2") self.assertEqual(get_file(path), sample) ht = apache.HtpasswdFile(path, default_scheme="plaintext", autosave=True) ht.set_password("user1", "pass2") self.assertEqual(get_file(path), b"user1:pass2\n") def test_02_set_password_default_scheme(self): """test set_password() -- default_scheme""" def check(scheme): ht = apache.HtpasswdFile(default_scheme=scheme) ht.set_password("user1", "pass1") return ht.context.identify(ht.get_hash("user1")) # explicit scheme self.assertEqual(check("sha256_crypt"), "sha256_crypt") self.assertEqual(check("des_crypt"), "des_crypt") # unknown scheme self.assertRaises(KeyError, check, "xxx") # alias resolution self.assertEqual(check("portable"), apache.htpasswd_defaults["portable"]) self.assertEqual(check("portable_apache_22"), apache.htpasswd_defaults["portable_apache_22"]) self.assertEqual(check("host_apache_22"), apache.htpasswd_defaults["host_apache_22"]) # default self.assertEqual(check(None), apache.htpasswd_defaults["portable_apache_22"]) def test_03_users(self): """test users()""" ht = apache.HtpasswdFile.from_string(self.sample_01) ht.set_password("user5", "pass5") ht.delete("user3") ht.set_password("user3", "pass3") self.assertEqual(sorted(ht.users()), ["user1", "user2", "user3", "user4", "user5"]) def test_04_check_password(self): """test check_password()""" ht = apache.HtpasswdFile.from_string(self.sample_05) self.assertRaises(TypeError, ht.check_password, 1, 'pass9') self.assertTrue(ht.check_password("user9","pass9") is None) # users 1..6 of sample_01 run through all the main hash formats, # to make sure they're recognized. for i in irange(1, 7): i = str(i) try: self.assertTrue(ht.check_password("user"+i, "pass"+i)) self.assertTrue(ht.check_password("user"+i, "pass9") is False) except MissingBackendError: if i == "5": # user5 uses bcrypt, which is apparently not available right now continue raise self.assertRaises(ValueError, ht.check_password, "user:", "pass") # test that legacy verify() still works with self.assertWarningList(["verify\(\) is deprecated"]*2): self.assertTrue(ht.verify("user1", "pass1")) self.assertFalse(ht.verify("user1", "pass2")) def test_05_load(self): """test load()""" # setup empty file path = self.mktemp() set_file(path, "") backdate_file_mtime(path, 5) ha = apache.HtpasswdFile(path, default_scheme="plaintext") self.assertEqual(ha.to_string(), b"") # make changes, check load_if_changed() does nothing ha.set_password("user1", "pass1") ha.load_if_changed() self.assertEqual(ha.to_string(), b"user1:pass1\n") # change file set_file(path, self.sample_01) ha.load_if_changed() self.assertEqual(ha.to_string(), self.sample_01) # make changes, check load() overwrites them ha.set_password("user5", "pass5") ha.load() self.assertEqual(ha.to_string(), self.sample_01) # test load w/ no path hb = apache.HtpasswdFile() self.assertRaises(RuntimeError, hb.load) self.assertRaises(RuntimeError, hb.load_if_changed) # test load w/ dups and explicit path set_file(path, self.sample_dup) hc = apache.HtpasswdFile() hc.load(path) self.assertTrue(hc.check_password('user1','pass1')) # NOTE: load_string() tested via from_string(), which is used all over this file def test_06_save(self): """test save()""" # load from file path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtpasswdFile(path) # make changes, check they saved ht.delete("user1") ht.delete("user2") ht.save() self.assertEqual(get_file(path), self.sample_02) # test save w/ no path hb = apache.HtpasswdFile(default_scheme="plaintext") hb.set_password("user1", "pass1") self.assertRaises(RuntimeError, hb.save) # test save w/ explicit path hb.save(path) self.assertEqual(get_file(path), b"user1:pass1\n") def test_07_encodings(self): """test 'encoding' kwd""" # test bad encodings cause failure in constructor self.assertRaises(ValueError, apache.HtpasswdFile, encoding="utf-16") # check sample utf-8 ht = apache.HtpasswdFile.from_string(self.sample_04_utf8, encoding="utf-8", return_unicode=True) self.assertEqual(ht.users(), [ u("user\u00e6") ]) # test deprecated encoding=None with self.assertWarningList("``encoding=None`` is deprecated"): ht = apache.HtpasswdFile.from_string(self.sample_04_utf8, encoding=None) self.assertEqual(ht.users(), [ b'user\xc3\xa6' ]) # check sample latin-1 ht = apache.HtpasswdFile.from_string(self.sample_04_latin1, encoding="latin-1", return_unicode=True) self.assertEqual(ht.users(), [ u("user\u00e6") ]) def test_08_get_hash(self): """test get_hash()""" ht = apache.HtpasswdFile.from_string(self.sample_01) self.assertEqual(ht.get_hash("user3"), b"{SHA}3ipNV1GrBtxPmHFC21fCbVCSXIo=") self.assertEqual(ht.get_hash("user4"), b"pass4") self.assertEqual(ht.get_hash("user5"), None) with self.assertWarningList("find\(\) is deprecated"): self.assertEqual(ht.find("user4"), b"pass4") def test_09_to_string(self): """test to_string""" # check with known sample ht = apache.HtpasswdFile.from_string(self.sample_01) self.assertEqual(ht.to_string(), self.sample_01) # test blank ht = apache.HtpasswdFile() self.assertEqual(ht.to_string(), b"") def test_10_repr(self): ht = apache.HtpasswdFile("fakepath", autosave=True, new=True, encoding="latin-1") repr(ht) def test_11_malformed(self): self.assertRaises(ValueError, apache.HtpasswdFile.from_string, b'realm:user1:pass1\n') self.assertRaises(ValueError, apache.HtpasswdFile.from_string, b'pass1\n') def test_12_from_string(self): # forbid path kwd self.assertRaises(TypeError, apache.HtpasswdFile.from_string, b'', path=None) def test_13_whitespace(self): """whitespace & comment handling""" # per htpasswd source (https://github.com/apache/httpd/blob/trunk/support/htpasswd.c), # lines that match "^\s*(#.*)?$" should be ignored source = to_bytes( '\n' 'user2:pass2\n' 'user4:pass4\n' 'user7:pass7\r\n' ' \t \n' 'user1:pass1\n' ' # legacy users\n' '#user6:pass6\n' 'user5:pass5\n\n' ) # loading should see all users (except user6, who was commented out) ht = apache.HtpasswdFile.from_string(source) self.assertEqual(sorted(ht.users()), ["user1", "user2", "user4", "user5", "user7"]) # update existing user ht.set_hash("user4", "althash4") self.assertEqual(sorted(ht.users()), ["user1", "user2", "user4", "user5", "user7"]) # add a new user ht.set_hash("user6", "althash6") self.assertEqual(sorted(ht.users()), ["user1", "user2", "user4", "user5", "user6", "user7"]) # delete existing user ht.delete("user7") self.assertEqual(sorted(ht.users()), ["user1", "user2", "user4", "user5", "user6"]) # re-serialization should preserve whitespace target = to_bytes( '\n' 'user2:pass2\n' 'user4:althash4\n' ' \t \n' 'user1:pass1\n' ' # legacy users\n' '#user6:pass6\n' 'user5:pass5\n' 'user6:althash6\n' ) self.assertEqual(ht.to_string(), target) #=================================================================== # eoc #=================================================================== #============================================================================= # htdigest #============================================================================= class HtdigestFileTest(TestCase): """test HtdigestFile class""" descriptionPrefix = "HtdigestFile" # sample with 4 users sample_01 = (b'user2:realm:549d2a5f4659ab39a80dac99e159ab19\n' b'user3:realm:a500bb8c02f6a9170ae46af10c898744\n' b'user4:realm:ab7b5d5f28ccc7666315f508c7358519\n' b'user1:realm:2a6cf53e7d8f8cf39d946dc880b14128\n') # sample 1 with user 1, 2 deleted; 4 changed sample_02 = (b'user3:realm:a500bb8c02f6a9170ae46af10c898744\n' b'user4:realm:ab7b5d5f28ccc7666315f508c7358519\n') # sample 1 with user2 updated, user 1 first entry removed, and user 5 added sample_03 = (b'user2:realm:5ba6d8328943c23c64b50f8b29566059\n' b'user3:realm:a500bb8c02f6a9170ae46af10c898744\n' b'user4:realm:ab7b5d5f28ccc7666315f508c7358519\n' b'user1:realm:2a6cf53e7d8f8cf39d946dc880b14128\n' b'user5:realm:03c55fdc6bf71552356ad401bdb9af19\n') # standalone sample with 8-bit username & realm sample_04_utf8 = b'user\xc3\xa6:realm\xc3\xa6:549d2a5f4659ab39a80dac99e159ab19\n' sample_04_latin1 = b'user\xe6:realm\xe6:549d2a5f4659ab39a80dac99e159ab19\n' def test_00_constructor_autoload(self): """test constructor autoload""" # check with existing file path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtdigestFile(path) self.assertEqual(ht.to_string(), self.sample_01) # check without autoload ht = apache.HtdigestFile(path, new=True) self.assertEqual(ht.to_string(), b"") # check missing file os.remove(path) self.assertRaises(IOError, apache.HtdigestFile, path) # NOTE: default_realm option checked via other tests. def test_01_delete(self): """test delete()""" ht = apache.HtdigestFile.from_string(self.sample_01) self.assertTrue(ht.delete("user1", "realm")) self.assertTrue(ht.delete("user2", "realm")) self.assertFalse(ht.delete("user5", "realm")) self.assertFalse(ht.delete("user3", "realm5")) self.assertEqual(ht.to_string(), self.sample_02) # invalid user self.assertRaises(ValueError, ht.delete, "user:", "realm") # invalid realm self.assertRaises(ValueError, ht.delete, "user", "realm:") def test_01_delete_autosave(self): path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtdigestFile(path) self.assertTrue(ht.delete("user1", "realm")) self.assertFalse(ht.delete("user3", "realm5")) self.assertFalse(ht.delete("user5", "realm")) self.assertEqual(get_file(path), self.sample_01) ht.autosave = True self.assertTrue(ht.delete("user2", "realm")) self.assertEqual(get_file(path), self.sample_02) def test_02_set_password(self): """test update()""" ht = apache.HtdigestFile.from_string(self.sample_01) self.assertTrue(ht.set_password("user2", "realm", "pass2x")) self.assertFalse(ht.set_password("user5", "realm", "pass5")) self.assertEqual(ht.to_string(), self.sample_03) # default realm self.assertRaises(TypeError, ht.set_password, "user2", "pass3") ht.default_realm = "realm2" ht.set_password("user2", "pass3") ht.check_password("user2", "realm2", "pass3") # invalid user self.assertRaises(ValueError, ht.set_password, "user:", "realm", "pass") self.assertRaises(ValueError, ht.set_password, "u"*256, "realm", "pass") # invalid realm self.assertRaises(ValueError, ht.set_password, "user", "realm:", "pass") self.assertRaises(ValueError, ht.set_password, "user", "r"*256, "pass") # test that legacy update() still works with self.assertWarningList("update\(\) is deprecated"): ht.update("user2", "realm2", "test") self.assertTrue(ht.check_password("user2", "test")) # TODO: test set_password autosave def test_03_users(self): """test users()""" ht = apache.HtdigestFile.from_string(self.sample_01) ht.set_password("user5", "realm", "pass5") ht.delete("user3", "realm") ht.set_password("user3", "realm", "pass3") self.assertEqual(sorted(ht.users("realm")), ["user1", "user2", "user3", "user4", "user5"]) self.assertRaises(TypeError, ht.users, 1) def test_04_check_password(self): """test check_password()""" ht = apache.HtdigestFile.from_string(self.sample_01) self.assertRaises(TypeError, ht.check_password, 1, 'realm', 'pass5') self.assertRaises(TypeError, ht.check_password, 'user', 1, 'pass5') self.assertIs(ht.check_password("user5", "realm","pass5"), None) for i in irange(1,5): i = str(i) self.assertTrue(ht.check_password("user"+i, "realm", "pass"+i)) self.assertIs(ht.check_password("user"+i, "realm", "pass5"), False) # default realm self.assertRaises(TypeError, ht.check_password, "user5", "pass5") ht.default_realm = "realm" self.assertTrue(ht.check_password("user1", "pass1")) self.assertIs(ht.check_password("user5", "pass5"), None) # test that legacy verify() still works with self.assertWarningList(["verify\(\) is deprecated"]*2): self.assertTrue(ht.verify("user1", "realm", "pass1")) self.assertFalse(ht.verify("user1", "realm", "pass2")) # invalid user self.assertRaises(ValueError, ht.check_password, "user:", "realm", "pass") def test_05_load(self): """test load()""" # setup empty file path = self.mktemp() set_file(path, "") backdate_file_mtime(path, 5) ha = apache.HtdigestFile(path) self.assertEqual(ha.to_string(), b"") # make changes, check load_if_changed() does nothing ha.set_password("user1", "realm", "pass1") ha.load_if_changed() self.assertEqual(ha.to_string(), b'user1:realm:2a6cf53e7d8f8cf39d946dc880b14128\n') # change file set_file(path, self.sample_01) ha.load_if_changed() self.assertEqual(ha.to_string(), self.sample_01) # make changes, check load_if_changed overwrites them ha.set_password("user5", "realm", "pass5") ha.load() self.assertEqual(ha.to_string(), self.sample_01) # test load w/ no path hb = apache.HtdigestFile() self.assertRaises(RuntimeError, hb.load) self.assertRaises(RuntimeError, hb.load_if_changed) # test load w/ explicit path hc = apache.HtdigestFile() hc.load(path) self.assertEqual(hc.to_string(), self.sample_01) # change file, test deprecated force=False kwd ensure_mtime_changed(path) set_file(path, "") with self.assertWarningList(r"load\(force=False\) is deprecated"): ha.load(force=False) self.assertEqual(ha.to_string(), b"") def test_06_save(self): """test save()""" # load from file path = self.mktemp() set_file(path, self.sample_01) ht = apache.HtdigestFile(path) # make changes, check they saved ht.delete("user1", "realm") ht.delete("user2", "realm") ht.save() self.assertEqual(get_file(path), self.sample_02) # test save w/ no path hb = apache.HtdigestFile() hb.set_password("user1", "realm", "pass1") self.assertRaises(RuntimeError, hb.save) # test save w/ explicit path hb.save(path) self.assertEqual(get_file(path), hb.to_string()) def test_07_realms(self): """test realms() & delete_realm()""" ht = apache.HtdigestFile.from_string(self.sample_01) self.assertEqual(ht.delete_realm("x"), 0) self.assertEqual(ht.realms(), ['realm']) self.assertEqual(ht.delete_realm("realm"), 4) self.assertEqual(ht.realms(), []) self.assertEqual(ht.to_string(), b"") def test_08_get_hash(self): """test get_hash()""" ht = apache.HtdigestFile.from_string(self.sample_01) self.assertEqual(ht.get_hash("user3", "realm"), "a500bb8c02f6a9170ae46af10c898744") self.assertEqual(ht.get_hash("user4", "realm"), "ab7b5d5f28ccc7666315f508c7358519") self.assertEqual(ht.get_hash("user5", "realm"), None) with self.assertWarningList("find\(\) is deprecated"): self.assertEqual(ht.find("user4", "realm"), "ab7b5d5f28ccc7666315f508c7358519") def test_09_encodings(self): """test encoding parameter""" # test bad encodings cause failure in constructor self.assertRaises(ValueError, apache.HtdigestFile, encoding="utf-16") # check sample utf-8 ht = apache.HtdigestFile.from_string(self.sample_04_utf8, encoding="utf-8", return_unicode=True) self.assertEqual(ht.realms(), [ u("realm\u00e6") ]) self.assertEqual(ht.users(u("realm\u00e6")), [ u("user\u00e6") ]) # check sample latin-1 ht = apache.HtdigestFile.from_string(self.sample_04_latin1, encoding="latin-1", return_unicode=True) self.assertEqual(ht.realms(), [ u("realm\u00e6") ]) self.assertEqual(ht.users(u("realm\u00e6")), [ u("user\u00e6") ]) def test_10_to_string(self): """test to_string()""" # check sample ht = apache.HtdigestFile.from_string(self.sample_01) self.assertEqual(ht.to_string(), self.sample_01) # check blank ht = apache.HtdigestFile() self.assertEqual(ht.to_string(), b"") def test_11_malformed(self): self.assertRaises(ValueError, apache.HtdigestFile.from_string, b'realm:user1:pass1:other\n') self.assertRaises(ValueError, apache.HtdigestFile.from_string, b'user1:pass1\n') #=================================================================== # eoc #=================================================================== #============================================================================= # eof #=============================================================================
| ver. 1.4 |
Github
|
.
| PHP 8.0.30 | Génération de la page: 0 |
proxy
|
phpinfo
|
Réglages