From 391d54c59e1c3f81a35ed208a5fd6c2419442d21 Mon Sep 17 00:00:00 2001 From: Derek Hurley Date: Mon, 22 Aug 2011 15:07:39 -0700 Subject: [PATCH] status.web.authz.Authz now has actionAllowed return a deferred This is verified by test_status_web_authz_Authz and needed to happen for possible deferreds in authenticate methods. --- master/buildbot/status/web/authz.py | 21 ++++-- .../test/unit/test_status_web_authz_Authz.py | 65 ++++++++++++++----- 2 files changed, 61 insertions(+), 25 deletions(-) diff --git a/master/buildbot/status/web/authz.py b/master/buildbot/status/web/authz.py index db137198ffd..420d8158c19 100644 --- a/master/buildbot/status/web/authz.py +++ b/master/buildbot/status/web/authz.py @@ -13,6 +13,7 @@ # # Copyright Buildbot Team Members +from twisted.internet import defer from buildbot.status.web.auth import IAuth class Authz(object): @@ -75,15 +76,21 @@ def actionAllowed(self, action, request, *args): if cfg: if cfg == 'auth' or callable(cfg): if not self.auth: - return False + return defer.succeed(False) user = request.args.get("username", [""])[0] passwd = request.args.get("passwd", [""])[0] if user == "" or passwd == "": + return defer.succeed(False) + + d = defer.maybeDeferred(self.auth.authenticate, user, passwd) + def check_authenticate(res, cfg, user, *args): + if res: + if callable(cfg) and not cfg(user, *args): + return False + return True return False - if self.auth.authenticate(user, passwd): - if callable(cfg) and not cfg(user, *args): - return False - return True - return False + d.addCallback(check_authenticate, cfg, user, *args) + return d else: - return True # anyone can do this.. + return defer.succeed(True) # anyone can do this.. + return defer.succeed(False) diff --git a/master/buildbot/test/unit/test_status_web_authz_Authz.py b/master/buildbot/test/unit/test_status_web_authz_Authz.py index 0076bb085e1..4b5a15b64a4 100644 --- a/master/buildbot/test/unit/test_status_web_authz_Authz.py +++ b/master/buildbot/test/unit/test_status_web_authz_Authz.py @@ -15,6 +15,7 @@ from zope.interface import implements from twisted.trial import unittest +from twisted.internet import defer from buildbot.status.web.authz import Authz from buildbot.status.web.auth import IAuth @@ -40,31 +41,50 @@ class TestAuthz(unittest.TestCase): def test_actionAllowed_Defaults(self): "by default, nothing is allowed" z = Authz() - failedActions = [] + self.failedActions = [] + self.dl = [] for a in Authz.knownActions: - if z.actionAllowed(a, StubRequest('foo', 'bar')): - failedActions.append(a) - if failedActions: - raise unittest.FailTest("action(s) %s do not default to False" - % (failedActions,)) + md = z.actionAllowed(a, StubRequest('foo', 'bar')) + def check(res): + if res: + self.failedActions.append(a) + return + md.addCallback(check) + self.dl.append(md) + d = defer.DeferredList(self.dl) + def check_failed(_): + if self.failedActions: + raise unittest.FailTest("action(s) %s do not default to False" + % (self.failedActions,)) + d.addCallback(check_failed) + return d def test_actionAllowed_Positive(self): "'True' should always permit access" z = Authz(forceBuild=True) - assert z.actionAllowed('forceBuild', - StubRequest('foo', 'bar')) + d = z.actionAllowed('forceBuild', StubRequest('foo', 'bar')) + def check(res): + self.assertEqual(res, True) + d.addCallback(check) + return d def test_actionAllowed_AuthPositive(self): z = Authz(auth=StubAuth('jrobinson'), stopBuild='auth') - assert z.actionAllowed('stopBuild', - StubRequest('jrobinson', 'bar')) + d = z.actionAllowed('stopBuild', StubRequest('jrobinson', 'bar')) + def check(res): + self.assertEqual(res, True) + d.addCallback(check) + return d def test_actionAllowed_AuthNegative(self): z = Authz(auth=StubAuth('jrobinson'), stopBuild='auth') - assert not z.actionAllowed('stopBuild', - StubRequest('apeterson', 'bar')) + d = z.actionAllowed('stopBuild', StubRequest('apeterson', 'bar')) + def check(res): + self.assertEqual(res, False) + d.addCallback(check) + return d def test_actionAllowed_AuthCallable(self): myargs = [] @@ -72,24 +92,33 @@ def myAuthzFn(*args): myargs.extend(args) z = Authz(auth=StubAuth('uu'), stopBuild=myAuthzFn) - z.actionAllowed('stopBuild', StubRequest('uu', 'shh'), 'arg', 'arg2') - self.assertEqual(myargs, ['uu', 'arg', 'arg2']) + d = z.actionAllowed('stopBuild', StubRequest('uu', 'shh'), 'arg', 'arg2') + def check(res): + self.assertEqual(myargs, ['uu', 'arg', 'arg2']) + d.addCallback(check) + return d def test_actionAllowed_AuthCallableTrue(self): def myAuthzFn(*args): return True z = Authz(auth=StubAuth('uu'), stopBuild=myAuthzFn) - self.assertTrue(z.actionAllowed('stopBuild', - StubRequest('uu', 'shh'))) + d = z.actionAllowed('stopBuild', StubRequest('uu', 'shh')) + def check(res): + self.assertEqual(res, True) + d.addCallback(check) + return d def test_actionAllowed_AuthCallableFalse(self): def myAuthzFn(*args): return False z = Authz(auth=StubAuth('uu'), stopBuild=myAuthzFn) - self.assertFalse(z.actionAllowed('stopBuild', - StubRequest('uu', 'shh'))) + d = z.actionAllowed('stopBuild', StubRequest('uu', 'shh')) + def check(res): + self.assertEqual(res, False) + d.addCallback(check) + return d def test_advertiseAction_False(self): z = Authz(forceBuild = False)