You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by jo...@apache.org on 2013/09/17 21:58:12 UTC
[45/50] git commit: [#6529] Refactored login overlay logic out of
allura.lib.security and added tests
[#6529] Refactored login overlay logic out of allura.lib.security and added tests
Signed-off-by: Cory Johns <cj...@slashdotmedia.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/b930a634
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/b930a634
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/b930a634
Branch: refs/heads/cj/6422
Commit: b930a634aee55ac839b6f6941980164d36e90694
Parents: 55a9de8
Author: Cory Johns <cj...@slashdotmedia.com>
Authored: Thu Sep 12 20:10:19 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Mon Sep 16 22:34:13 2013 +0000
----------------------------------------------------------------------
Allura/allura/lib/helpers.py | 13 ++++++++++
Allura/allura/lib/security.py | 10 +++-----
Allura/allura/tests/test_helpers.py | 14 ++++++++++-
ForgeImporters/forgeimporters/base.py | 5 ++--
.../tests/github/functional/test_github.py | 8 +++++++
.../forgeimporters/tests/test_base.py | 25 ++++++++++++++++++++
6 files changed, 65 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/Allura/allura/lib/helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/helpers.py b/Allura/allura/lib/helpers.py
index 9c3d9e4..0b92968 100644
--- a/Allura/allura/lib/helpers.py
+++ b/Allura/allura/lib/helpers.py
@@ -52,6 +52,7 @@ from jinja2 import Markup
from paste.deploy.converters import asbool, aslist
from webhelpers import date, feedgenerator, html, number, misc, text
+from webob.exc import HTTPUnauthorized
from allura.lib import exceptions as exc
# Reimport to make available to templates
@@ -1012,3 +1013,15 @@ def iter_entry_points(group, *a, **kw):
def daterange(start_date, end_date):
for n in range(int((end_date - start_date).days)):
yield start_date + timedelta(n)
+
+
+@contextmanager
+def login_overlay(exceptions=None):
+ try:
+ yield
+ except HTTPUnauthorized as e:
+ if exceptions:
+ for exception in exceptions:
+ if request.path.rstrip('/').endswith('/%s' % exception):
+ raise
+ c.show_login_overlay = True
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/Allura/allura/lib/security.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index 4718e56..a0497ca 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -383,7 +383,7 @@ def all_allowed(obj, user_or_role=None, project=None):
return set([M.ALL_PERMISSIONS])
return perms
-def require(predicate, message=None, login_overlay=False):
+def require(predicate, message=None):
'''
Example: require(has_access(c.app, 'read'))
@@ -401,17 +401,13 @@ def require(predicate, message=None, login_overlay=False):
if c.user != M.User.anonymous():
request.environ['error_message'] = message
raise exc.HTTPForbidden(detail=message)
- elif login_overlay:
- c.show_login_overlay = True
else:
raise exc.HTTPUnauthorized()
-def require_access(obj, permission, login_overlay=False, **kwargs):
+def require_access(obj, permission, **kwargs):
if obj is not None:
predicate = has_access(obj, permission, **kwargs)
- return require(predicate,
- message='%s access required' % permission.capitalize(),
- login_overlay=login_overlay)
+ return require(predicate, message='%s access required' % permission.capitalize())
else:
raise exc.HTTPForbidden(detail="Could not verify permissions for this page.")
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/Allura/allura/tests/test_helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_helpers.py b/Allura/allura/tests/test_helpers.py
index d4e5a0c..38a67c5 100644
--- a/Allura/allura/tests/test_helpers.py
+++ b/Allura/allura/tests/test_helpers.py
@@ -27,6 +27,7 @@ from nose.tools import eq_, assert_equals
from IPython.testing.decorators import skipif, module_not_available
from datadiff import tools as dd
from webob import Request
+from webob.exc import HTTPUnauthorized
from ming.orm import ThreadLocalORMSession
from allura import model as M
@@ -432,4 +433,15 @@ def test_absurl_with_request():
def test_daterange():
assert_equals(list(h.daterange(datetime(2013, 1, 1), datetime(2013, 1, 4))),
- [datetime(2013, 1, 1), datetime(2013, 1, 2), datetime(2013, 1, 3)])
\ No newline at end of file
+ [datetime(2013, 1, 1), datetime(2013, 1, 2), datetime(2013, 1, 3)])
+
+@patch.object(h, 'request',
+ new=Request.blank('/p/test/foobar', base_url='https://www.mysite.com/p/test/foobar'))
+def test_login_overlay():
+ with h.login_overlay():
+ raise HTTPUnauthorized()
+ with h.login_overlay(exceptions=['foo']):
+ raise HTTPUnauthorized()
+ with td.raises(HTTPUnauthorized):
+ with h.login_overlay(exceptions=['foobar']):
+ raise HTTPUnauthorized()
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/ForgeImporters/forgeimporters/base.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/base.py b/ForgeImporters/forgeimporters/base.py
index 0b07c6d..8c01b62 100644
--- a/ForgeImporters/forgeimporters/base.py
+++ b/ForgeImporters/forgeimporters/base.py
@@ -26,6 +26,7 @@ from tg import expose, validate, flash, redirect, config
from tg.decorators import with_trailing_slash
from pylons import app_globals as g
from pylons import tmpl_context as c
+from pylons import request
from formencode import validators as fev, schema
from webob import exc
@@ -190,7 +191,8 @@ class ProjectImporter(BaseController):
self.neighborhood = neighborhood
def _check_security(self):
- require_access(self.neighborhood, 'register', login_overlay=True)
+ with h.login_overlay(exceptions=['process']):
+ require_access(self.neighborhood, 'register')
@LazyProperty
def tool_importers(self):
@@ -231,7 +233,6 @@ class ProjectImporter(BaseController):
tools installed and redirect to the new project, presumably with a
message indicating that some data will not be available immediately.
"""
- require_access(self.neighborhood, 'register', login_overlay=False)
try:
c.project = self.neighborhood.register_project(kw['project_shortname'],
project_name=kw['project_name'])
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
index 3c05a2d..cee88c0 100644
--- a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
+++ b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
@@ -26,3 +26,11 @@ class TestGitHubImportController(TestController, TestCase):
assert '<input id="user_name" name="user_name" value="" autofocus/>' in r
assert '<input id="project_name" name="project_name" value="" />' in r
assert '<input id="project_shortname" name="project_shortname" value=""/>' in r
+
+ def test_login_overlay(self):
+ r = self.app.get('/p/import_project/github/', extra_environ=dict(username='*anonymous'))
+ self.assertIn('GitHub Project Importer', r)
+ self.assertIn('Login Required', r)
+
+ r = self.app.post('/p/import_project/github/process', extra_environ=dict(username='*anonymous'), status=302)
+ self.assertIn('/auth/', r.location)
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b930a634/ForgeImporters/forgeimporters/tests/test_base.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/tests/test_base.py b/ForgeImporters/forgeimporters/tests/test_base.py
index 4aefc35..d4b403d 100644
--- a/ForgeImporters/forgeimporters/tests/test_base.py
+++ b/ForgeImporters/forgeimporters/tests/test_base.py
@@ -21,8 +21,10 @@ from formencode import Invalid
import mock
from tg import expose
from nose.tools import assert_equal, assert_raises
+from webob.exc import HTTPUnauthorized
from alluratest.controller import TestController
+from allura.tests import decorators as td
from .. import base
@@ -123,6 +125,29 @@ class TestProjectImporter(TestCase):
self.assertEqual(flash.call_count, 1)
redirect.assert_called_once_with('script_name/admin/overview')
+ @mock.patch.object(base.h, 'request')
+ @mock.patch.object(base, 'require_access')
+ @mock.patch.object(base.h, 'c')
+ def test_login_overlay(self, c, require_access, request):
+ pi = base.ProjectImporter(mock.Mock())
+ require_access.side_effect = HTTPUnauthorized
+
+ c.show_login_overlay = False
+ request.path = '/test-importer/'
+ pi._check_security()
+ self.assertEqual(c.show_login_overlay, True)
+
+ c.show_login_overlay = False
+ request.path = '/test-importer/check_names/'
+ pi._check_security()
+ self.assertEqual(c.show_login_overlay, True)
+
+ c.show_login_overlay = False
+ request.path = '/test-importer/process/'
+ with td.raises(HTTPUnauthorized):
+ pi._check_security()
+ self.assertEqual(c.show_login_overlay, False)
+
TA1 = mock.Mock(tool_label='foo', tool_description='foo_desc')