[Zope-Checkins] CVS: ZODB3/ZEO/tests - auth_plaintext.py:1.1.2.1 testAuth.py:1.1.2.5

Jeremy Hylton jeremy@zope.com
Wed, 28 May 2003 14:38:02 -0400


Update of /cvs-repository/ZODB3/ZEO/tests
In directory cvs.zope.org:/tmp/cvs-serv5351/ZEO/tests

Modified Files:
      Tag: ZODB3-auth-branch
	testAuth.py 
Added Files:
      Tag: ZODB3-auth-branch
	auth_plaintext.py 
Log Message:
Big refactoring of authentication mechanism.

Add mac to the smac layer.
Add explicit realm for use by client and server.
Add authentication to the ZEO schema components.
Add session key generation to digest authentication.

Add a new zeopasswd.py script that isn't quite done.
Move plaintext authentication to the tests directory; it isn't
supposed to be used for real.


=== Added File ZODB3/ZEO/tests/auth_plaintext.py ===
##############################################################################
#
# Copyright (c) 2003 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Implements plaintext password authentication. The password is stored in
an SHA hash in the Database. The client sends over the plaintext
password, and the SHA hashing is done on the server side. 
 
This mechanism offers *no network security at all*; the only security
is provided by not storing plaintext passwords on disk.  (See the
auth_srp module for a secure mechanism)"""

import sha

from ZEO.StorageServer import ZEOStorage
from ZEO.auth import register_module
from ZEO.auth.base import Client, Database

class StorageClass(ZEOStorage):
    def auth(self, username, password):
        try:
            dbpw = self.database.get_password(username)
        except LookupError:
            return 0
        
        password = sha.new(password).hexdigest()
        return self.finish_auth(dbpw == password)
    
class PlaintextClient(Client):
    extensions = ["auth"]

    def start(self, username, realm, password):
        return self.stub.auth(username, password)

register_module("plaintext", StorageClass, PlaintextClient, Database)


=== ZODB3/ZEO/tests/testAuth.py 1.1.2.4 => 1.1.2.5 ===
--- ZODB3/ZEO/tests/testAuth.py:1.1.2.4	Fri May 23 17:13:20 2003
+++ ZODB3/ZEO/tests/testAuth.py	Wed May 28 14:37:31 2003
@@ -29,13 +29,19 @@
 STORAGES={'1': storage}
 
 class BaseTest(unittest.TestCase):
+
+    realm = None
+    
     def createDB(self, name):
         if os.path.exists(SOCKET):
             os.remove(SOCKET)
         if os.path.exists(name):
             os.remove(self.database)
-        db = self.dbclass(name)
-        db.add_user('foo', 'bar')
+        if self.realm:
+            db = self.dbclass(name, self.realm)
+        else:
+            db = self.dbclass(name)
+        db.add_user("foo", "bar")
         db.save()
         
     def setUp(self):
@@ -53,12 +59,13 @@
         os.remove(self.database)
         os.remove(SOCKET)
         removefs("auth-test.fs")
-            
+        
     def testOK(self):
         # Sleep for 0.2 seconds to give the server some time to start up
         # seems to be needed before and after creating the storage
         time.sleep(self.wait)
-        cs = ClientStorage(SOCKET, wait=0, username='foo', password='bar')
+        cs = ClientStorage(SOCKET, wait=0, username='foo', password='bar',
+                           realm=self.realm)
         time.sleep(self.wait)
 
         if cs is None:
@@ -76,7 +83,8 @@
     
     def testNOK(self):
         time.sleep(self.wait)
-        cs = ClientStorage(SOCKET, wait=0, username='foo', password='noogie')
+        cs = ClientStorage(SOCKET, wait=0, username='foo', password='noogie',
+                           realm=self.realm)
         time.sleep(self.wait)
        
         # Normally a wrong password will return None immediately. 
@@ -92,19 +100,12 @@
              raise AssertionError, "authenticated with incorrect password"
             
 class PlainTextAuth(BaseTest):
-    import ZEO.auth.auth_plaintext
+    import ZEO.tests.auth_plaintext
     protocol = 'plaintext'
     database = 'authdb.sha'
-    dbclass = ZEO.auth.auth_plaintext.Database
+    dbclass = ZEO.tests.auth_plaintext.Database
     wait = 0.2
     
-class SHAAuth(BaseTest):
-    import ZEO.auth.auth_sha
-    protocol = 'sha'
-    database = 'authdb.sha'
-    dbclass = ZEO.auth.auth_sha.Database
-    wait = 0.5
-    
 ##class SRPAuth(BaseTest):
 ##    protocol = 'srp'
 ##    database = 'authdb.srp'
@@ -116,9 +117,10 @@
     protocol = "digest"
     database = "authdb.digest"
     dbclass = ZEO.auth.auth_digest.DigestDatabase
+    realm = "Digest Realm"
     wait = 0.5
 
-test_classes = [PlainTextAuth, SHAAuth, DigestAuth]
+test_classes = [PlainTextAuth, DigestAuth]
 
 def test_suite():
     suite = unittest.TestSuite()