1 paula.suite package Readme
2 ==========================
4 This file serves for documentation and integration testing of all zope3
5 based paula packages with a PAU:
6 - zope.app.authentication.authentication.PluggableAuthentication
9 - paula.properties, not yet
10 - paula.proputil, not yet
11 - paula.groups, not yet
12 - paula.grouputil, not yet
15 If you install paula.suite, by calling the apropriate functions, you will
16 end up with all of these (except paula.examples, which is just pulled in
17 for testing) in a 'paula' subfolder of a folder of your choice (see below)
19 Let's start out with a folder hierarchy containing two nested sites.
21 >>> from zope.app.folder import Folder
22 >>> from zope.app.component import site
24 >>> class SubSiteFolder(Folder, site.SiteManagerContainer):
26 >>> subsite = SubSiteFolder()
27 >>> subsm = site.LocalSiteManager(subsite)
28 >>> subsite.setSiteManager(subsm)
30 >>> root = getRootFolder()
31 >>> root['subsite'] = subsite
33 Make sure that we are really dealing with two different component
36 >>> getSiteManager(root) is not getSiteManager(subsite)
40 Let's add a paula.suite, we want it to create a PAU with a kind of fake
41 credentials plugin, that allows the PAU to authenticate against plain
44 >>> from paula.suite import createPaulaSuite
46 # This is currently not true, but leads to a mess-up
47 #If we don't pass a container, createPauleSuite registers globally, which
48 #should be found from the root site manager
50 # >>> createPaulaSuite(create_pau=True, create_credplugin=True)
51 >>> createPaulaSuite(root, create_pau=True, create_credplugin=True)
52 >>> createPaulaSuite(subsite, create_pau=True, create_credplugin=True)
55 We have now two nested sites, each with a full paula suite. If we add
56 content, that suffice paula's criteria, it should end up in the
57 corresponding suite and enable authentication.
59 Suitable content is for example MinimalPloneUser from paula.examples, which
60 we use here (@zope: sorry, no offense meant ;). user1 is added on the upper
61 level and should end up in root's suite, user2 to the contained level and
62 should end up in the subsite's suite:
64 >>> from zope.component import createObject
66 >>> user1 = createObject('paula.examples.MinimalPloneUser',
69 ... email='user1@bar.com',
70 ... realname='User One',
72 >>> user1_cred = UserDict(login='user1', password='pass1')
73 >>> root['user1'] = user1
76 >>> user2 = createObject('paula.examples.MinimalPloneUser',
79 ... email='user2@bar.com',
80 ... realname='User Two',
82 >>> user2_cred = UserDict(login='user2', password='pass2')
83 >>> subsite['user2'] = user2
86 Let's see who is allowed to authenticate where:
88 >>> from zope.app.security.interfaces import IAuthentication
90 >>> root_pau = getUtility(IAuthentication, context=root)
91 >>> sub_pau = getUtility(IAuthentication, context=subsite)
93 >>> root_pau.authenticate(user1_cred)
95 >>> root_pau.authenticate(user2_cred) is None
97 >>> sub_pau.authenticate(user1_cred) is None
99 >>> sub_pau.authenticate(user2_cred)
103 After removing the users, they are not allowed to authenticate anymore:
105 >>> del subsite['user2']
106 >>> sub_pau.authenticate(user2_cred) is None
108 >>> root_pau.authenticate(user1_cred)
110 >>> del root['user1']
111 >>> root_pau.authenticate(user1_cred) is None
115 Let's have a closer look at the principals, especially the properties
117 >>> root['user1'] = user1
118 >>> subsite['user2'] = user2
120 Authenticated principals
122 >>> p1 = root_pau.authenticate(user1_cred)
123 >>> p2 = sub_pau.authenticate(user2_cred)
125 There should be an id corresponding to the title, an email and realname, and
126 password and title may not have made it onto the principal.
134 >>> getattr(p1, 'password', 'foo')
136 >>> getattr(p1, 'name', 'foo')
145 >>> getattr(p2, 'password', 'foo')
147 >>> getattr(p2, 'name', 'foo')
150 The same should be the case for found principals
152 >>> p1 = root_pau.getPrincipal('user1')
153 >>> p2 = sub_pau.getPrincipal('user2')
155 With a funny derivation from the .authenticate() behaviour. PAU's
156 .getPrincipal() hands over to next (higher level) PAU, in case it does not
157 find the principal. I am not quiet sure what to think of that, currently it
158 seems like a bug to me...
160 >>> sub_pau.getPrincipal('user1') is None
163 Further, an PrincipalLookupError is raised for principals that could not be
166 >>> root_pau.getPrincipal('user2')
167 Traceback (most recent call last):
169 PrincipalLookupError: user2
171 At least, the correct principals come back
179 >>> getattr(p1, 'password', 'foo')
181 >>> getattr(p1, 'name', 'foo')
190 >>> getattr(p2, 'password', 'foo')
192 >>> getattr(p2, 'name', 'foo')
197 Let's add some groups, for simplicity's sake we currently only support one
198 level. I have a feeling that my understanding of multiple authentication
199 levels is currently not congruent with PAU's.
201 We only use the subsite, clean the other and ignore what is happening there
203 # >>> del root['user1']
204 # >>> del root['paula']
205 # >>> subsite['user1'] = user1
207 # >>> user3 = createObject('paula.examples.MinimalPloneUser',
209 # ... password='pass3',
210 # ... email='user2@bar.com',
211 # ... realname='User Two',
213 # >>> user3_cred = UserDict(login='user3', password='pass3')
214 # >>> subsite['user3'] = user3
216 There are now three users in the subsite folder:
218 # >>> interact( locals() )
221 # >>> group1 = createObject('paula.examples.BasicGroup',
222 # ... title='group1',
223 # ... members=('groupuser11', 'groupuser12'),
225 # >>> group2 = createObject('paula.examples.BasicGroup',
226 # ... title='group2',
227 # ... members=('groupuser11', 'groupuser12'),
229 # >>> user2_cred = UserDict(login='user2', password='pass2')
230 # >>> subsite['user2'] = user2
234 XXX: Should/Need we test whether persistency is working as expected?