ϪfddZddlZddlmZddlmZmZddlmZddl m Z ddl m Z ddl mZmZmZmZdd lmZmZmZdd lmZdd lmZdd lmZdd lmZddlmZedZ edZ!edZ"dZ#GddeZ$GddeZ%GddeZ&GddeZ'ee! dee dee" dGddeZ(ee d Gd!d"eZ)Gd#d$eZ*ee! deed% d&Gd'd(eZ+Gd)d*ejXejZZ.Gd+d,eZ/Gd-d.ejXejZZ0Gd/d0ejXejZZ1Gd1d2ejXejZZ2Gd3d4ejXejZZ3Gd5d6eZ4y)7z L{twisted.cred.strcred}. N)StringIO)SequenceType)skipIf) Interface)plugin)checkers credentialserrorstrcred)cred_anonymous cred_file cred_unix)usage) UserDatabase)FilePath) requireModule)TestCasecryptpwdspwdcd}|tjDcgc]}|jc}vr4|dz }|tjDcgc]}|jc}vr4|Scc}wcc}w)zC Helper method to produce an auth type that doesn't exist. ThisPluginDoesNotExist_)r findCheckerFactoriesauthType)invalidAuthTypefactorys @/usr/lib/python3/dist-packages/twisted/cred/test/test_strcred.pygetInvalidAuthTyper s}/O (/(D(D(F$  3 (/(D(D(F$   s A' A,ceZdZdZdZy)PublicAPITestsct}|jtjtj||jtjtj |y)z9 The description string cannot be empty. Nr assertRaisesr InvalidAuthType makeCheckerfindCheckerFactoryselfiats rtest_emptyDescriptionz$PublicAPITests.test_emptyDescription+H!" '1173F3FL '1173M3MsSct}|jtjtj||jtjtj |y)z@ An unrecognized auth type raises an exception. Nr$r)s rtest_invalidAuthTypez#PublicAPITests.test_invalidAuthType3r-r.N)__name__ __module__ __qualname__r,r0r.rr"r"*sTTr.r"ceZdZdZdZy)StrcredFunctionsTestscttj}tjtj D]}|j ||y)zP L{strcred.findCheckerFactories} returns all available plugins. N)listr rr getPluginsICheckerFactoryassertIn)r*availablePluginsplgs rtest_findCheckerFactoriesz/StrcredFunctionsTests.test_findCheckerFactories=sG  < < >?$$W%<%<= 1C MM#/ 0 1r.cj|jtjdtjy)z{ L{strcred.findCheckerFactory} returns the first plugin available for a given authentication type. fileN)assertIdenticalr r(rtheFileCheckerFactoryr*s rtest_findCheckerFactoryz-StrcredFunctionsTests.test_findCheckerFactoryEs(   & &v . 0O0O r.N)r1r2r3r>rDr4r.rr6r6<s 1 r.r6c0eZdZdZdZdZdZdZdZy)MemoryCheckerTestsctjdd|_tjdd|_tjdd|_tjdd|_t jd|_y) Nadminasdfalicefoofoobarxyzzmemory:admin:asdf:alice:foo) r UsernamePasswordrHrJbadPassbadUserr r'checkerrCs rsetUpzMemoryCheckerTests.setUpPse 11'6B  11'5A "33GXF "33C> **+HI r.c|jtjj|j|j t j|jjyz Verifies that strcred.makeChecker('memory') returns an object that implements the L{ICredentialsChecker} interface. N assertTruer ICredentialsChecker providedByrRr;r IUsernamePasswordcredentialInterfacesrCs rtest_isCheckerz!MemoryCheckerTests.test_isCheckerWC 44?? MN k33T\\5V5VWr.cb|jtjtjdy)z An argument string which does not contain user:pass pairs (i.e., an odd number of ':' characters) raises an exception. z memory:a:b:cN)r%r InvalidAuthArgumentStringr'rCs rtest_badFormatArgStringz*MemoryCheckerTests.test_badFormatArgString_s%   - -w/B/BN r.cvfd}jjjj|S); The checker works with valid credentials. cRj|jjyN assertEqualrHusernamergr*s r _gotAvatarzAMemoryCheckerTests.test_memoryCheckerSucceeds.._gotAvatarm   Xtzz':': ;r.rRrequestAvatarIdrH addCallbackr*ris` rtest_memoryCheckerSucceedsz-MemoryCheckerTests.test_memoryCheckerSucceedsh.  <||++DJJ7CCJOOr.c|j|jj|jtj Sz= The checker fails with an invalid username.  assertFailurerRrlrQr UnauthorizedLoginrCs rtest_memoryCheckerFailsUsernamez2MemoryCheckerTests.test_memoryCheckerFailsUsernamer5!! LL ( ( 68O8O  r.c|j|jj|jtj Sz= The checker fails with an invalid password. rtrRrlrPr rurCs rtest_memoryCheckerFailsPasswordz2MemoryCheckerTests.test_memoryCheckerFailsPasswordzrwr.N) r1r2r3rSr\r`rorvr{r4r.rrFrFOs#JX P  r.rFceZdZdZdZy)AnonymousCheckerTestsctjd}|jtjj ||j tj|jy)z Verifies that strcred.makeChecker('anonymous') returns an object that implements the L{ICredentialsChecker} interface. anonymousN) r r'rWr rXrYr;r IAnonymousr[)r*rRs rr\z$AnonymousCheckerTests.test_isCheckersK %%k2 44??HI k,,g.J.JKr.ctjd}|jtj}fd}|j |S)z? We can log in anonymously using this checker. rcFjtj|yrd)rAr ANONYMOUS)avatarr*s rrizEAnonymousCheckerTests.testAnonymousAccessSucceeds.._gotAvatars  !3!3V  **62 %66xI%66xH'889M'88uE#//7 #~H&*jj&6&6&8 "(  KK$/x'  JJsJ(9(9 :  JJtZ)<)< = r.c|jtjj|j|j t j|jj|jtjj|j|j t j|jjy)z Verifies that strcred.makeChecker('unix') returns an object that implements the L{ICredentialsChecker} interface. N) rWr rXrYrRr;r rZr[rrCs rr\zUnixCheckerTests.test_isCheckers 44?? MN k33T\\5V5VW 44??@Q@QRS  ) )4+<+<+Q+Q r.cvfd}jjjj|S)rbcRj|jjyrdrerhs rriz=UnixCheckerTests.test_unixCheckerSucceeds.._gotAvatarrjr.rkrns` rtest_unixCheckerSucceedsz)UnixCheckerTests.test_unixCheckerSucceedsrpr.cvfd}jjjj|S)zD The checker works with valid L{bytes} credentials. cpj|jjjdy)Nutf-8)rfrrgdecoderhs rrizBUnixCheckerTests.test_unixCheckerSucceedsBytes.._gotAvatars(   Xt'?'?'F'Fw'O Pr.)rrlrrmrns` rtest_unixCheckerSucceedsBytesz.UnixCheckerTests.test_unixCheckerSucceedsBytess6  Q  00AMM   r.c|j|jj|jtj SrrrsrCs rtest_unixCheckerFailsUsernamez.UnixCheckerTests.test_unixCheckerFailsUsernamerwr.c|j|jj|jtj S)zF The checker fails with an invalid L{bytes} username. )rtrrlrr rurCs r"test_unixCheckerFailsUsernameBytesz3UnixCheckerTests.test_unixCheckerFailsUsernameBytes:!!    - -d.?.? @  # #  r.c|j|jj|jtj SryrzrCs rtest_unixCheckerFailsPasswordz.UnixCheckerTests.test_unixCheckerFailsPasswordrwr.c|j|jj|jtj S)zF The checker fails with an invalid L{bytes} password. )rtrrlrr rurCs r"test_unixCheckerFailsPasswordBytesz3UnixCheckerTests.test_unixCheckerFailsPasswordBytes rr.N) r1r2r3rrrSr\rrrrrrr4r.rrrs?  E  ><  P      r.rz%Required module is unavailable: cryptceZdZdZdZdZy) CryptTestsz9 L{crypt} has functions for encrypting password. cd}dD]} tj||}t|tr|jd}d}|j t j|||jt j||dD]-}tt|d}|sd}tj||}t|tr|jd}|dz}t j||} |j | t j|jd|jd} |j | t j||} |j| t j|jd|jd} |j| 0y#t$rYwxYw) z4 L{cred_unix.verifyCryptedPassword} sample password ^%$)Nabrz$1x1234) METHOD_SHA512 METHOD_SHA256 METHOD_MD5 METHOD_CRYPTNzinteresting password xyzblahfooincorrect) r isinstancebytesr TypeErrorrWrverifyCryptedPassword assertFalsegetattrencode) r*rsaltcryptedCorrectcryptedIncorrectmethod cryptMethodcryptedincorrectCryptedresults rtest_verifyCryptedPasswordz%CryptTests.test_verifyCryptedPasswords)  D !&Xt!<ne4%3%:%:7%CN )  OOI;;NHU V   //0@(K  $W %F!%6K1Hkk(K8G'5)!..1&);; 44WhGF OOF #44w')AF OOF #445ExPF   V $44 ''0(//'2JF   V $- %   s7G GGcd}d}tj|d}|jtd||jtj||y)zK L{cred_unix.verifyCryptedPassword} when OSError is raised ctd)N)OSError)rrs r mockCryptz?CryptTests.test_verifyCryptedPasswordOSError..mockCryptPs "+ r.rrrN)rrrrr)r*rrrs r!test_verifyCryptedPasswordOSErrorz,CryptTests.test_verifyCryptedPasswordOSErrorKsI  )Xt4 5'9- 88RSr.N)r1r2r3__doc__rrr4r.rrrs.%` Tr.rc@eZdZdZdZdZdZdZdZdZ dZ d Z y ) FileDBCheckerTestsz* C{--auth=file:...} file checker. ctjdd|_tjdd|_tjdd|_tjdd|_|j |_t|jjdtjd |jz|_ y) Nrrrrrrradmin:asdf alice:foo file:) r rOrHrJrPrQmktempfilenamer setContentr r'rRrCs rrSzFileDBCheckerTests.setUp^s 11(GD  11(FC "33HiH "33D%@   **+EF**7T]]+BC r.cd}tjj|r%|dz }tjj|r%|S)Nz /DoesNotExistr)ospathexists)r*rs r _fakeFilenamez FileDBCheckerTests._fakeFilenamegs7"ggnnX& OHggnnX&r.c|jtjj|j|j t j|jjyrUrVrCs rr\z!FileDBCheckerTests.test_isCheckermr]r.cvfd}jjjj|S)rbcRj|jjyrdrerhs rriz?FileDBCheckerTests.test_fileCheckerSucceeds.._gotAvatarzrjr.rkrns` rtest_fileCheckerSucceedsz+FileDBCheckerTests.test_fileCheckerSucceedsurpr.c|j|jj|jtj SrrrsrCs rtest_fileCheckerFailsUsernamez0FileDBCheckerTests.test_fileCheckerFailsUsernamerwr.c|j|jj|jtj SryrzrCs rtest_fileCheckerFailsPasswordz0FileDBCheckerTests.test_fileCheckerFailsPasswordrwr.c|jttjd|jttjdy)z4 An empty filename raises an error. r@rN)r% ValueErrorr r'rCs rtest_failsWithEmptyFilenamez.FileDBCheckerTests.test_failsWithEmptyFilenames4 *g&9&96B *g&9&97Cr.cHtjj}t}|tj_t j d|j z|tj_|jtj|jy)zt When the file auth plugin is given a file that doesn't exist, it should produce a warning. rN) rrB errorOutputrr r'rr;invalidFileWarninggetvalue)r* oldOutput newOutputs rtest_warnWithBadFilenamez+FileDBCheckerTests.test_warnWithBadFilenamesq 33?? J 6? ''3Gd&8&8&::;6? ''3 i22I4F4F4HIr.N) r1r2r3rrSrr\rrrrrr4r.rrrYs4D XP  D Jr.r cryptographyzcryptography is not availableceZdZdZdZy)SSHCheckerTestsz Tests for the C{--auth=sshkey:...} checker. The majority of the tests for the ssh public key database checker are in L{twisted.conch.test.test_checkers.SSHPublicKeyCheckerTestCase}. ctjd}|jtjj ||j tj|jy)z Verifies that strcred.makeChecker('sshkey') returns an object that implements the L{ICredentialsChecker} interface. sshkeyN) r r'rWr rXrYr;r ISSHPrivateKeyr[)r* sshCheckers rr\zSSHCheckerTests.test_isCheckersK ((2  44?? KL k00*2Q2QRr.N)r1r2r3rr\r4r.rrrs  Sr.rceZdZdZy) DummyOptionsz@ Simple options for testing L{strcred.AuthOptionMixin}. N)r1r2r3rr4r.rrrsr.rc<eZdZdZdZdZdZdZdZdZ dZ y ) CheckerOptionsTestsct}|jddg|jt|ddt}|jgd|jt|ddy)zu The C{--auth} command line creates a list in the Options instance and appends values to it. --authmemory credCheckers)rrrrN)r parseOptionsrflenr*optionss rtest_createsListz$CheckerOptionsTests.test_createsListsh .h12 W^45q9.EF W^45q9r.ct}t}|jtj|j d|g|jtj|j d|gy)zx The C{--auth} command line raises an exception when it gets a parameter it doesn't understand. r--help-auth-typeN)rr r%r UsageErrorr )r*r invalidParameters rtest_invalidAuthErrorz)CheckerOptionsTests.test_invalidAuthErrorsh ../    g22X?O4P       !1 2 r.ct}|jgd|d}|jt|tj d|jt|tj d|tj d}|tj d}|jtjj||jtjj||jtj |j|jtj |jy)z The C{--auth} command line creates a dictionary mapping supported interfaces to the list of credentials checkers that support it. )rrrrcredInterfacesrrN) rr rfr r rrZrWr rXrYr;r[)r*r chd chdAnonymous chdUserPasss rtest_createsDictionaryz*CheckerOptionsTests.test_createsDictionarys .HI&' S!7!7891= S!>!>?@!D;11215 +778;  44?? MN 44?? LM k,,l.O.OP k33[5U5UVr.ct}|jgd|j|d|dtjy)z When two C{--auth} arguments are passed along which support the same interface, a list with both is created. )rrrrrrN)rr rfr rZr s r test_credInterfacesProvidesListsz4CheckerOptionsTests.test_credInterfacesProvidesListssD .CD  N # $ %k&C&C D r.cg}t}|jD]9}|j|j||j |j;y)zG The list for C{--help-auth} does not duplicate items. N)r_checkerFactoriesForOptHelpAuth assertNotInrappend)r* authTypesr cfs r!test_listDoesNotDisplayDuplicatesz5CheckerOptionsTests.test_listDoesNotDisplayDuplicatessN .99; *B   R[[) 4   R[[ ) *r.ct}t}||_|jt|j dgt jD],}|j|j|j.y)zz The C{--help-auth} argument correctly displays all available authentication plugins, then exits. z --help-authN) rr authOutputr% SystemExitr r rr;rr)r* newStdoutr checkerFactorys rtest_displaysListCorrectlyz.CheckerOptionsTests.test_displaysListCorrectlysk J .& *g&:&:]OL%::< IN MM.1193E3E3G H Ir.c<t}t}||_|jt|j ddgt jjD]A}|js|j|j|jCy)z The C{--help-auth-for} argument will correctly display the help file for a particular authentication plugin. rr@N) rrr#r%r$r rrBauthHelpstripr;r)r*r%r lines rtest_displaysHelpCorrectlyz.CheckerOptionsTests.test_displaysHelpCorrectlys J .&  ,,/A6.J 33<< BDzz| djjlI,>,>,@A Br.ct}|jtj|jddg}|j t |dy)z When the checker specified by C{--auth} raises an unexpected error, it should be caught and re-raised within a L{usage.UsageError}. rr@z,Unexpected error: 'file' requires a filenameN)rr%rrr rfstr)r*r errs rtest_unexpectedExceptionz,CheckerOptionsTests.test_unexpectedExceptionsJ .   g22Xv4F  S#QRr.N) r1r2r3r rrrr!r'r,r0r4r.rrrs. : $W"  * I B Sr.rc&eZdZejfZy)OptionsForUsernamePasswordN)r1r2r3r rZsupportedInterfacesr4r.rr2r2)s&88:r.r2c&eZdZejfZy) OptionsForUsernameHashedPasswordN)r1r2r3r IUsernameHashedPasswordr3r4r.rr5r5-s&>>@r.r5ceZdZdZy)OptionsSupportsAllInterfacesN)r1r2r3r3r4r.rr8r81sr.r8c(eZdZUgZeeeed<y)OptionsSupportsNoInterfacesr3N)r1r2r3r3rrr__annotations__r4r.rr:r:5s57$y/27r.r:cLeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z y ) LimitingInterfacesTestsa Tests functionality that allows an application to limit the credential interfaces it can support. For the purposes of this test, we use IUsernameHashedPassword, although this will never really be used by the command line. (I have, to date, not thought of a half-decent way for a user to specify a hash algorithm via the command-line. Nor do I think it's very useful.) I should note that, at first, this test is counter-intuitive, because we're using the checker with a pre-defined hash function as the 'bad' checker. See the documentation for L{twisted.cred.checkers.FilePasswordDB.hash} for more details. c|j|_t|jd5}|jddddt j |j|_t j |j|j|_t j|_ y#1swYwxYw)Nwbr)hash) rropenwriter FilePasswordDB goodChecker_hash badCheckerAllowAnonymousAccess anonChecker)r*fs rrSzLimitingInterfacesTests.setUpJs  $-- & 0! GG. / 0#224==A"11$--djjQ#88:  0 0s B44B=c|S)z> A dumb hash that doesn't really do anything. r4)r*networkUsernamenetworkPasswordstoredPasswords rrEzLimitingInterfacesTests._hashRs r.c:t}|j|jtj|j |jtj |jtj|j|jy)zE The supportsInterface method behaves appropriately. N) r2rWsupportsInterfacer rZrrr%r UnsupportedInterfaces addCheckerrHr s rtest_supportsInterfacez.LimitingInterfacesTests.test_supportsInterfaceXso-. 11+2O2OPQ 22;3I3IJK   ) )7+=+=t?O?O r.ct}|j|jtj|j|jtj y)z| The supportsInterface method behaves appropriately when the supportedInterfaces attribute is None. N)r8rWrOr rZrr s rtest_supportsAllInterfacesz2LimitingInterfacesTests.test_supportsAllInterfacescsF /0 11+2O2OPQ 11+2H2HIJr.ct}tj}tj}|j |j ||j|j |y)zJ The supportsCheckerFactory method behaves appropriately. N)r2rrBr theAnonymousCheckerFactoryrWsupportsCheckerFactoryr)r*r fileCFanonCFs rtest_supportsCheckerFactoryz3LimitingInterfacesTests.test_supportsCheckerFactorylsR-.00:: 66v>? 77?@r.cxt}|j|j|jd}|j |d|d|j|j |dd|j|j t |d|d|j t |ddy)z When addChecker is called with a checker that implements at least one of the interfaces our application supports, it is successful. rrrrN)r2rQrDr3rArfr )r*r ifaces rtest_canAddSupportedCheckerz3LimitingInterfacesTests.test_canAddSupportedCheckervs -.4++,++A. W%56u=a@$BRBRS W^4Q79I9IJ W%56u=>B W^45q9r.ct}|jtj|j|j y)z~ When addChecker is called with a checker that does not implement any supported interfaces, it fails. N)r5r%r rPrQrFr s r#test_failOnAddingUnsupportedCheckerz;LimitingInterfacesTests.test_failOnAddingUnsupportedCheckers1 34   ) )7+=+=t r.ct}tjj}|j t j |jd|gy)zq The C{--auth} command line raises an exception when it gets a checker we don't support. rN)r:r rVrr%rrr )r*r rs rtest_unsupportedInterfaceErrorz6LimitingInterfacesTests.test_unsupportedInterfaceErrors@ ./!<<EE %**G,@,@8XBVWr.ct}|jD]?}d}|jD]}|j|sd}|s-t j y)z C{--help-auth} will only list checkers that purport to supply at least one of the credential interfaces our application can use. TFN)r2rr[rOr rP)r*r rinvalid interfaces rtest_helpAuthLimitsOutputz1LimitingInterfacesTests.test_helpAuthLimitsOutputse -.>>@ 6GG$99 $ ,,Y7#G $3355  6r.c`t}d}tjD]}|j|r|}n|j |dt }||_|jt|jddg|jtj|jy)z C{--help-auth-type} will display a warning if you get help for an authType that does not supply at least one of the credential interfaces our application can use. Nrr) r2r rrWassertNotIdenticalrr#r%r$r r;notSupportedWarningr)r*r invalidFactoryrr%s rtest_helpAuthTypeLimitsOutputz5LimitingInterfacesTests.test_helpAuthTypeLimitsOutputs -.335 G11':!(  5J &  ,,/A;.O  g1193E3E3GHr.N)r1r2r3rrSrErRrTrZr]r_rarerjr4r.rr=r=9s= ;  KA : X 6Ir.r=)5rriortypingrrunittestrzope.interfacertwistedr twisted.credr r r r twisted.pluginsr rrtwisted.pythonrtwisted.python.fakepwdrtwisted.python.filepathrtwisted.python.reflectrtwisted.trial.unittestrrrrr r"r6rFr}rrrrOptionsAuthOptionMixinrrr2r5r8r:r=r4r.rrys  !$>>@@ /,0+gEV TXT$ H &1 1 h/H/.C56E 9:D78u xu 9;7u pE :;@T@T<@TFGJGJTC56M. ))+JKShSL7S"5=='"9"9 jS(jSZ;0G0G;Au}}g6M6MA5=='2I2I8%--1H1H8BIhBIr.