Online Accounts: Sign-on daemon

Merge lp:~mardy/signon/rtm-fixes into lp:~online-accounts/signon/rtm-14.09

  1. rtm-fixes
  2. Merge into rtm-14.09
Proposed by Alberto Mardegan
Status: Approved
Approved by: David Barth
Approved revision: 623
Proposed branch: lp:~mardy/signon/rtm-fixes
Merge into: lp:~online-accounts/signon/rtm-14.09
Diff against target: 909 lines (+506/-196)
17 files modified
debian/changelog (+6/-0)
lib/plugins/SignOn/uisessiondata_priv.h (+2/-0)
src/signond/accesscontrolmanagerhelper.cpp (+1/-1)
src/signond/signondaemonadaptor.cpp (+1/-1)
src/signond/signonidentity.cpp (+8/-30)
src/signond/signonidentityinfo.cpp (+12/-0)
src/signond/signonidentityinfo.h (+2/-0)
src/signond/signonsessioncore.cpp (+6/-2)
tests/libsignon-qt-tests/ssotestclient.cpp (+127/-161)
tests/libsignon-qt-tests/ssotestclient.h (+1/-1)
tests/libsignon-qt-tests/testauthsession.cpp (+1/-0)
tests/signond-tests/.gitignore (+1/-0)
tests/signond-tests/signond-tests.pri (+2/-0)
tests/signond-tests/signond-tests.pro (+1/-0)
tests/signond-tests/timeouts.cpp (+2/-0)
tests/signond-tests/tst_access_control_manager_helper.cpp (+320/-0)
tests/signond-tests/tst_access_control_manager_helper.pro (+13/-0)
To merge this branch: bzr merge lp:~mardy/signon/rtm-fixes
Reviewer Review Type Date Requested Status
David Barth (community) Approve
Review via email: mp+243137@code.launchpad.net

Commit message

Don't bypass the ACL if the identity has no owner

This includes some fixes and refactoring to the unit tests.

Description of the change

Don't bypass the ACL if the identity has no owner

This includes some fixes and refactoring to the unit tests.

To post a comment you must log in.
Revision history for this message
David Barth (dbarth) :
review: Approve
Reply
lp:~mardy/signon/rtm-fixes updated
623. By Alberto Mardegan

Fix changelog

Revision history for this message
David Barth (dbarth) :
review: Approve
Reply

Unmerged revisions

623. By Alberto Mardegan

Fix changelog

622. By Alberto Mardegan

Don't bypass the ACL if the identity has no owner

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2014-10-06 07:57:10 +0000
+++ debian/changelog 2014-11-28 12:00:40 +0000
@@ -1,3 +1,9 @@
1signon (8.57+14.10.20141006-0ubuntu2) UNRELEASED; urgency=medium
2
3 * Don't bypass the ACL if the identity has no owner. (LP: #1392380)
4
5 -- Alberto Mardegan <alberto.mardegan@canonical.com> Fri, 28 Nov 2014 13:54:25 +0200
6
1signon (8.57+14.10.20141006-0ubuntu1) utopic; urgency=low7signon (8.57+14.10.20141006-0ubuntu1) utopic; urgency=low
28
3 [ Alberto Mardegan ]9 [ Alberto Mardegan ]
410
=== modified file 'lib/plugins/SignOn/uisessiondata_priv.h'
--- lib/plugins/SignOn/uisessiondata_priv.h 2014-10-02 13:57:24 +0000
+++ lib/plugins/SignOn/uisessiondata_priv.h 2014-11-28 12:00:40 +0000
@@ -68,6 +68,8 @@
6868
69/* Process ID of the client application */69/* Process ID of the client application */
70#define SSOUI_KEY_PID QLatin1String("Pid")70#define SSOUI_KEY_PID QLatin1String("Pid")
71/* Application ID (security context) of the client application */
72#define SSOUI_KEY_APP_ID QLatin1String("AppId")
7173
72#define SSOUI_KEY_SLOT_ACCEPT "accept"74#define SSOUI_KEY_SLOT_ACCEPT "accept"
73#define SSOUI_KEY_SLOT_REJECT "reject"75#define SSOUI_KEY_SLOT_REJECT "reject"
7476
=== modified file 'src/signond/accesscontrolmanagerhelper.cpp'
--- src/signond/accesscontrolmanagerhelper.cpp 2013-08-20 08:01:44 +0000
+++ src/signond/accesscontrolmanagerhelper.cpp 2014-11-28 12:00:40 +0000
@@ -89,7 +89,7 @@
8989
90 IdentityOwnership ownership =90 IdentityOwnership ownership =
91 isPeerOwnerOfIdentity(peerConnection, peerMessage, identityId);91 isPeerOwnerOfIdentity(peerConnection, peerMessage, identityId);
92 if (ownership == ApplicationIsOwner || ownership == IdentityDoesNotHaveOwner)92 if (ownership == ApplicationIsOwner)
93 return true;93 return true;
9494
95 if (acl.isEmpty())95 if (acl.isEmpty())
9696
=== modified file 'src/signond/signondaemonadaptor.cpp'
--- src/signond/signondaemonadaptor.cpp 2013-08-20 08:01:44 +0000
+++ src/signond/signondaemonadaptor.cpp 2014-11-28 12:00:40 +0000
@@ -172,7 +172,7 @@
172172
173 /* Access Control */173 /* Access Control */
174 if (id != SIGNOND_NEW_IDENTITY) {174 if (id != SIGNOND_NEW_IDENTITY) {
175 if (!acm->isPeerAllowedToUseAuthSession(conn, msg, id)) {175 if (!acm->isPeerAllowedToUseIdentity(conn, msg, id)) {
176 SignOn::AccessReply *reply =176 SignOn::AccessReply *reply =
177 acm->requestAccessToIdentity(conn, msg, id);177 acm->requestAccessToIdentity(conn, msg, id);
178 /* If the request is accepted, we'll need the method name ("type")178 /* If the request is accepted, we'll need the method name ("type")
179179
=== modified file 'src/signond/signonidentity.cpp'
--- src/signond/signonidentity.cpp 2014-08-21 07:33:45 +0000
+++ src/signond/signonidentity.cpp 2014-11-28 12:00:40 +0000
@@ -471,41 +471,19 @@
471 MethodMap methods = container.isValid() ?471 MethodMap methods = container.isValid() ?
472 qdbus_cast<MethodMap>(container.value<QDBusArgument>()) : MethodMap();472 qdbus_cast<MethodMap>(container.value<QDBusArgument>()) : MethodMap();
473473
474 //Add creator to owner list if it has AID
475 QStringList ownerList =
476 info.value(SIGNOND_IDENTITY_INFO_OWNER).toStringList();
477 if (!appId.isNull())
478 ownerList.append(appId);
479
480 if (m_pInfo == 0) {474 if (m_pInfo == 0) {
481 m_pInfo = new SignonIdentityInfo(info);475 m_pInfo = new SignonIdentityInfo(info);
482 m_pInfo->setMethods(methods);476 m_pInfo->setMethods(methods);
477 //Add creator to owner list if it has AID
478 QStringList ownerList =
479 info.value(SIGNOND_IDENTITY_INFO_OWNER).toStringList();
480 if (!appId.isNull()) {
481 ownerList.append(appId);
482 }
483 m_pInfo->setOwnerList(ownerList);483 m_pInfo->setOwnerList(ownerList);
484 } else {484 } else {
485 if (info.contains(SIGNOND_IDENTITY_INFO_SECRET)) {485 SignonIdentityInfo newInfo(info);
486 QString secret = info.value(SIGNOND_IDENTITY_INFO_SECRET).toString();486 m_pInfo->update(newInfo);
487 m_pInfo->setPassword(secret);
488 }
489 bool storeSecret =
490 info.value(SIGNOND_IDENTITY_INFO_STORESECRET).toBool();
491 QString userName =
492 info.value(SIGNOND_IDENTITY_INFO_USERNAME).toString();
493 QString caption =
494 info.value(SIGNOND_IDENTITY_INFO_CAPTION).toString();
495 QStringList realms =
496 info.value(SIGNOND_IDENTITY_INFO_REALMS).toStringList();
497 QStringList accessControlList =
498 info.value(SIGNOND_IDENTITY_INFO_ACL).toStringList();
499 int type = info.value(SIGNOND_IDENTITY_INFO_TYPE).toInt();
500
501 m_pInfo->setStorePassword(storeSecret);
502 m_pInfo->setUserName(userName);
503 m_pInfo->setCaption(caption);
504 m_pInfo->setMethods(methods);
505 m_pInfo->setRealms(realms);
506 m_pInfo->setAccessControlList(accessControlList);
507 m_pInfo->setOwnerList(ownerList);
508 m_pInfo->setType(type);
509 }487 }
510488
511 m_id = storeCredentials(*m_pInfo);489 m_id = storeCredentials(*m_pInfo);
512490
=== modified file 'src/signond/signonidentityinfo.cpp'
--- src/signond/signonidentityinfo.cpp 2013-11-26 14:23:18 +0000
+++ src/signond/signonidentityinfo.cpp 2014-11-28 12:00:40 +0000
@@ -60,6 +60,18 @@
60 return *this;60 return *this;
61}61}
6262
63void SignonIdentityInfo::update(const SignonIdentityInfo &info)
64{
65 QMapIterator<QString, QVariant> it(info);
66 while (it.hasNext()) {
67 it.next();
68 // We don't allow updating the ID
69 if (it.key() == SIGNOND_IDENTITY_INFO_ID) continue;
70
71 insert(it.key(), it.value());
72 }
73}
74
63bool SignonIdentityInfo::checkMethodAndMechanism(const QString &method,75bool SignonIdentityInfo::checkMethodAndMechanism(const QString &method,
64 const QString &mechanism,76 const QString &mechanism,
65 QString &allowedMechanism)77 QString &allowedMechanism)
6678
=== modified file 'src/signond/signonidentityinfo.h'
--- src/signond/signonidentityinfo.h 2013-11-26 14:23:18 +0000
+++ src/signond/signonidentityinfo.h 2014-11-28 12:00:40 +0000
@@ -46,6 +46,8 @@
4646
47 const QVariantMap toMap() const;47 const QVariantMap toMap() const;
4848
49 void update(const SignonIdentityInfo &info);
50
49 void setNew() { setId(SIGNOND_NEW_IDENTITY); }51 void setNew() { setId(SIGNOND_NEW_IDENTITY); }
50 bool isNew() const { return id() == SIGNOND_NEW_IDENTITY; }52 bool isNew() const { return id() == SIGNOND_NEW_IDENTITY; }
51 void setId(quint32 id) { insert(SIGNOND_IDENTITY_INFO_ID, id); }53 void setId(quint32 id) { insert(SIGNOND_IDENTITY_INFO_ID, id); }
5254
=== modified file 'src/signond/signonsessioncore.cpp'
--- src/signond/signonsessioncore.cpp 2014-10-02 13:57:24 +0000
+++ src/signond/signonsessioncore.cpp 2014-11-28 12:00:40 +0000
@@ -705,8 +705,12 @@
705 request.m_params[SSOUI_KEY_CLIENT_DATA] = m_clientData;705 request.m_params[SSOUI_KEY_CLIENT_DATA] = m_clientData;
706 request.m_params[SSOUI_KEY_METHOD] = m_method;706 request.m_params[SSOUI_KEY_METHOD] = m_method;
707 request.m_params[SSOUI_KEY_MECHANISM] = request.m_mechanism;707 request.m_params[SSOUI_KEY_MECHANISM] = request.m_mechanism;
708 request.m_params[SSOUI_KEY_PID] =708 /* Pass some data about the requesting client */
709 AccessControlManagerHelper::instance()->pidOfPeer(request.m_conn,709 AccessControlManagerHelper *acm =
710 AccessControlManagerHelper::instance();
711 request.m_params[SSOUI_KEY_PID] = acm->pidOfPeer(request.m_conn,
712 request.m_msg);
713 request.m_params[SSOUI_KEY_APP_ID] = acm->appIdOfPeer(request.m_conn,
710 request.m_msg);714 request.m_msg);
711715
712 CredentialsAccessManager *camManager =716 CredentialsAccessManager *camManager =
713717
=== modified file 'tests/libsignon-qt-tests/ssotestclient.cpp'
--- tests/libsignon-qt-tests/ssotestclient.cpp 2013-11-22 14:46:01 +0000
+++ tests/libsignon-qt-tests/ssotestclient.cpp 2014-11-28 12:00:40 +0000
@@ -257,16 +257,137 @@
257 TEST_DONE257 TEST_DONE
258}258}
259259
260void SsoTestClient::storeCredentials_data()
261{
262 QTest::addColumn<bool>("addMethods");
263
264 QTest::newRow("with methods") << true;
265 QTest::newRow("without methods") << false;
266}
267
260void SsoTestClient::storeCredentials()268void SsoTestClient::storeCredentials()
261{269{
262 TEST_START270 TEST_START
263271
264 if (!testAddingNewCredentials()) {272 QFETCH(bool, addMethods);
265 QFAIL("Adding new credentials test failed.");273
266 }274 m_identityResult.reset();
267275
268 if (!testUpdatingCredentials()) {276 QMap<MethodName, MechanismsList> methods;
269 QFAIL("Updating existing credentials test failed.");277 if (addMethods) {
278 methods.insert("dummy", QStringList() << "mech1" << "mech2" << "mech3");
279 methods.insert("dummy1", QStringList() << "mech11" << "mech12" << "mech13");
280 }
281 IdentityInfo info("TEST_CAPTION", "TEST_USERNAME", methods);
282 info.setSecret("TEST_SECRET");
283 info.setRealms(QStringList() << "TEST_REALM1" << "TEST_REALM2");
284 info.setAccessControlList(QStringList() << "*");
285
286 Identity *identity = Identity::newIdentity(info, this);
287
288 QEventLoop loop;
289
290 connect(identity, SIGNAL(error(const SignOn::Error &)),
291 &m_identityResult, SLOT(error(const SignOn::Error &)));
292
293 connect(identity, SIGNAL(credentialsStored(const quint32)),
294 &m_identityResult, SLOT(credentialsStored(const quint32)));
295 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
296
297 identity->storeCredentials();
298
299 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
300 loop.exec();
301
302 if (m_identityResult.m_responseReceived ==
303 TestIdentityResult::InexistentResp) {
304 QFAIL("A response was not received.");
305 }
306
307 if (m_identityResult.m_responseReceived == TestIdentityResult::NormalResp) {
308 QCOMPARE(m_identityResult.m_id, identity->id());
309
310 Identity *existingIdentity =
311 Identity::existingIdentity(m_identityResult.m_id, this);
312 QVERIFY2(existingIdentity != NULL,
313 "Could not create existing identity. '0' ID provided?");
314 connect(existingIdentity, SIGNAL(info(const SignOn::IdentityInfo &)),
315 &m_identityResult, SLOT(info(const SignOn::IdentityInfo &)));
316
317 existingIdentity->queryInfo();
318
319 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
320 loop.exec();
321 delete existingIdentity;
322
323 if (!TestIdentityResult::compareIdentityInfos(m_identityResult.m_idInfo,
324 info)) {
325 QFAIL("Compared identity infos are not the same.");
326 }
327 } else {
328 QString codeStr = errCodeAsStr(m_identityResult.m_error);
329 qDebug() << "Error reply: " << m_serviceResult.m_errMsg
330 << ".\nError code: " << codeStr;
331 QFAIL("Error received");
332 }
333
334 // Test update credentials functionality
335
336 Identity *existingIdentity = Identity::existingIdentity(m_identityResult.m_id, this);
337 QVERIFY2(existingIdentity != NULL,
338 "Could not create existing identity. '0' ID provided?");
339
340 methods.clear();
341 if (addMethods) {
342 methods.insert("dummy1", QStringList() << "mech11" << "mech12" << "mech13");
343 methods.insert("dummy2", QStringList() << "mech1_updated" << "mech2" << "mech1_updated2");
344 methods.insert("dummy3", QStringList() << "mech1_updated" << "mech2" << "mech1_updated2");
345 }
346
347 IdentityInfo updateInfo("TEST_CAPTION", "TEST_USERNAME_UPDATED", methods);
348 updateInfo.setSecret("TEST_SECRET_YES", false);
349
350 do
351 {
352 QEventLoop loop;
353
354 connect(existingIdentity, SIGNAL(error(const SignOn::Error &)),
355 &m_identityResult, SLOT(error(const SignOn::Error &)));
356
357 connect(existingIdentity, SIGNAL(credentialsStored(const quint32)),
358 &m_identityResult, SLOT(credentialsStored(const quint32)));
359 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
360
361 existingIdentity->storeCredentials(updateInfo);
362 qDebug();
363 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
364 loop.exec();
365 } while(0);
366
367 if (m_identityResult.m_responseReceived ==
368 TestIdentityResult::InexistentResp) {
369 QFAIL("A response was not received.");
370 }
371
372 if (m_identityResult.m_responseReceived == TestIdentityResult::NormalResp) {
373 QEventLoop loop;
374 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
375 connect(existingIdentity, SIGNAL(info(const SignOn::IdentityInfo &)),
376 &m_identityResult, SLOT(info(const SignOn::IdentityInfo &)));
377
378 existingIdentity->queryInfo();
379 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
380 loop.exec();
381
382 qDebug() << "ID:" << existingIdentity->id();
383 QCOMPARE(m_identityResult.m_idInfo.caption(), updateInfo.caption());
384 QCOMPARE(m_identityResult.m_idInfo.methods(), updateInfo.methods());
385 QCOMPARE(m_identityResult.m_idInfo.userName(), updateInfo.userName());
386 } else {
387 QString codeStr = errCodeAsStr(m_identityResult.m_error);
388 qDebug() << "Error reply: " << m_serviceResult.m_errMsg
389 << ".\nError code: " << codeStr;
390 QFAIL("Error received");
270 }391 }
271392
272 TEST_DONE393 TEST_DONE
@@ -566,21 +687,6 @@
566 TEST_DONE687 TEST_DONE
567}688}
568689
569void SsoTestClient::storeCredentialsWithoutAuthMethodsTest()
570{
571 TEST_START
572
573 if (!testAddingNewCredentials(false)) {
574 QFAIL("Adding new credentials test failed.");
575 }
576
577 if (!testUpdatingCredentials()) {
578 QFAIL("Updating existing credentials test failed.");
579 }
580
581 TEST_DONE
582}
583
584void SsoTestClient::queryInfo()690void SsoTestClient::queryInfo()
585{691{
586 TEST_START692 TEST_START
@@ -1448,146 +1554,6 @@
1448 TEST_DONE1554 TEST_DONE
1449}1555}
14501556
1451bool SsoTestClient::testAddingNewCredentials(bool addMethods)
1452{
1453 m_identityResult.reset();
1454
1455 QMap<MethodName, MechanismsList> methods;
1456 if (addMethods) {
1457 methods.insert("dummy", QStringList() << "mech1" << "mech2" << "mech3");
1458 methods.insert("dummy1", QStringList() << "mech11" << "mech12" << "mech13");
1459 }
1460 IdentityInfo info("TEST_CAPTION", "TEST_USERNAME", methods);
1461 info.setSecret("TEST_SECRET");
1462 info.setRealms(QStringList() << "TEST_REALM1" << "TEST_REALM2");
1463
1464 Identity *identity = Identity::newIdentity(info, this);
1465
1466 QEventLoop loop;
1467
1468 connect(identity, SIGNAL(error(const SignOn::Error &)),
1469 &m_identityResult, SLOT(error(const SignOn::Error &)));
1470
1471 connect(identity, SIGNAL(credentialsStored(const quint32)),
1472 &m_identityResult, SLOT(credentialsStored(const quint32)));
1473 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
1474
1475 identity->storeCredentials();
1476
1477 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
1478 loop.exec();
1479
1480 if (m_identityResult.m_responseReceived ==
1481 TestIdentityResult::InexistentResp) {
1482 qDebug() << "A response was not received.";
1483 return false;
1484 }
1485
1486 if (m_identityResult.m_responseReceived == TestIdentityResult::NormalResp) {
1487 if (m_identityResult.m_id != identity->id()) {
1488 qDebug() << "Queried identity id does not match with stored data.";
1489 return false;
1490 }
1491
1492 Identity *existingIdentity =
1493 Identity::existingIdentity(m_identityResult.m_id, this);
1494 if (existingIdentity == NULL) {
1495 qDebug() << "Could not create existing identity. '0' ID provided?";
1496 return false;
1497 }
1498 connect(existingIdentity, SIGNAL(info(const SignOn::IdentityInfo &)),
1499 &m_identityResult, SLOT(info(const SignOn::IdentityInfo &)));
1500
1501 existingIdentity->queryInfo();
1502
1503 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
1504 loop.exec();
1505 delete existingIdentity;
1506
1507 if (!TestIdentityResult::compareIdentityInfos(m_identityResult.m_idInfo,
1508 info)) {
1509 qDebug() << "Compared identity infos are not the same.";
1510 return false;
1511 }
1512 } else {
1513 QString codeStr = errCodeAsStr(m_identityResult.m_error);
1514 qDebug() << "Error reply: " << m_serviceResult.m_errMsg
1515 << ".\nError code: " << codeStr;
1516 return false;
1517 }
1518 return true;
1519}
1520
1521bool SsoTestClient::testUpdatingCredentials(bool addMethods)
1522{
1523 // Test update credentials functionality
1524
1525 Identity *existingIdentity = Identity::existingIdentity(m_identityResult.m_id, this);
1526 if (existingIdentity == NULL) {
1527 qDebug() << "Could not create existing identity. '0' ID provided?";
1528 return false;
1529 }
1530
1531 QMap<MethodName, MechanismsList> methods;
1532 if (addMethods) {
1533 methods.insert("dummy1", QStringList() << "mech11" << "mech12" << "mech13");
1534 methods.insert("dummy2", QStringList() << "mech1_updated" << "mech2" << "mech1_updated2");
1535 methods.insert("dummy3", QStringList() << "mech1_updated" << "mech2" << "mech1_updated2");
1536 }
1537
1538 IdentityInfo updateInfo("TEST_CAPTION", "TEST_USERNAME_UPDATED", methods);
1539 updateInfo.setSecret("TEST_SECRET_YES", false);
1540
1541 do
1542 {
1543 QEventLoop loop;
1544
1545 connect(existingIdentity, SIGNAL(error(const SignOn::Error &)),
1546 &m_identityResult, SLOT(error(const SignOn::Error &)));
1547
1548 connect(existingIdentity, SIGNAL(credentialsStored(const quint32)),
1549 &m_identityResult, SLOT(credentialsStored(const quint32)));
1550 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
1551
1552 existingIdentity->storeCredentials(updateInfo);
1553 qDebug();
1554 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
1555 loop.exec();
1556 } while(0);
1557
1558 qDebug();
1559 if (m_identityResult.m_responseReceived ==
1560 TestIdentityResult::InexistentResp) {
1561 qDebug() << "A response was not received.";
1562 return false;
1563 }
1564
1565 if (m_identityResult.m_responseReceived == TestIdentityResult::NormalResp) {
1566 QEventLoop loop;
1567 connect(&m_identityResult, SIGNAL(testCompleted()), &loop, SLOT(quit()));
1568 connect(existingIdentity, SIGNAL(info(const SignOn::IdentityInfo &)),
1569 &m_identityResult, SLOT(info(const SignOn::IdentityInfo &)));
1570
1571 existingIdentity->queryInfo();
1572 QTimer::singleShot(test_timeout, &loop, SLOT(quit()));
1573 loop.exec();
1574
1575 qDebug() << "ID:" << existingIdentity->id();
1576 if (!TestIdentityResult::compareIdentityInfos(m_identityResult.m_idInfo,
1577 updateInfo)) {
1578 qDebug() << "Compared identity infos are not the same.";
1579 return false;
1580 }
1581 } else {
1582 QString codeStr = errCodeAsStr(m_identityResult.m_error);
1583 qDebug() << "Error reply: " << m_serviceResult.m_errMsg
1584 << ".\nError code: " << codeStr;
1585
1586 return false;
1587 }
1588 return true;
1589}
1590
1591void SsoTestClient::emptyPasswordRegression()1557void SsoTestClient::emptyPasswordRegression()
1592{1558{
1593 TEST_START1559 TEST_START
15941560
=== modified file 'tests/libsignon-qt-tests/ssotestclient.h'
--- tests/libsignon-qt-tests/ssotestclient.h 2013-11-22 14:46:01 +0000
+++ tests/libsignon-qt-tests/ssotestclient.h 2014-11-28 12:00:40 +0000
@@ -56,6 +56,7 @@
56 * Identity tests56 * Identity tests
57 */57 */
58 void queryAvailableMetods();58 void queryAvailableMetods();
59 void storeCredentials_data();
59 void storeCredentials();60 void storeCredentials();
60 void requestCredentialsUpdate();61 void requestCredentialsUpdate();
61 void queryInfo();62 void queryInfo();
@@ -65,7 +66,6 @@
65 void verifySecret();66 void verifySecret();
66 void signOut();67 void signOut();
67 void remove();68 void remove();
68 void storeCredentialsWithoutAuthMethodsTest();
69 void sessionTest();69 void sessionTest();
70 void multipleRemove();70 void multipleRemove();
71 void removeStoreRemove();71 void removeStoreRemove();
7272
=== modified file 'tests/libsignon-qt-tests/testauthsession.cpp'
--- tests/libsignon-qt-tests/testauthsession.cpp 2013-11-12 09:09:04 +0000
+++ tests/libsignon-qt-tests/testauthsession.cpp 2014-11-28 12:00:40 +0000
@@ -361,6 +361,7 @@
361 methods.insert(QLatin1String("ssotest"), mechs);361 methods.insert(QLatin1String("ssotest"), mechs);
362 IdentityInfo info("test_caption", "test_user_name", methods);362 IdentityInfo info("test_caption", "test_user_name", methods);
363 info.setSecret("test_secret");363 info.setSecret("test_secret");
364 info.setAccessControlList(QStringList() << "*");
364 Identity *id = Identity::newIdentity(info, this);365 Identity *id = Identity::newIdentity(info, this);
365366
366 QSignalSpy spyResponseStoreCreds(id, SIGNAL(credentialsStored(const quint32)));367 QSignalSpy spyResponseStoreCreds(id, SIGNAL(credentialsStored(const quint32)));
367368
=== modified file 'tests/signond-tests/.gitignore'
--- tests/signond-tests/.gitignore 2013-08-20 08:01:44 +0000
+++ tests/signond-tests/.gitignore 2014-11-28 12:00:40 +0000
@@ -1,6 +1,7 @@
1/identity-tool1/identity-tool
2/mock-ac-plugin/identity-ac-helper2/mock-ac-plugin/identity-ac-helper
3/tst_access_control3/tst_access_control
4/tst_access_control_manager_helper
4/tst_backup5/tst_backup
5/tst_database6/tst_database
6/tst_pluginproxy7/tst_pluginproxy
78
=== modified file 'tests/signond-tests/signond-tests.pri'
--- tests/signond-tests/signond-tests.pri 2013-08-20 08:01:43 +0000
+++ tests/signond-tests/signond-tests.pri 2014-11-28 12:00:40 +0000
@@ -23,6 +23,8 @@
23 $${TOP_BUILD_DIR}/lib/signond/SignOn23 $${TOP_BUILD_DIR}/lib/signond/SignOn
24QMAKE_RPATHDIR = $${QMAKE_LIBDIR}24QMAKE_RPATHDIR = $${QMAKE_LIBDIR}
2525
26SIGNOND_SRC = $${TOP_SRC_DIR}/src/signond
27
26DEFINES += SIGNOND_TRACE28DEFINES += SIGNOND_TRACE
27DEFINES += SIGNON_PLUGIN_TRACE29DEFINES += SIGNON_PLUGIN_TRACE
2830
2931
=== modified file 'tests/signond-tests/signond-tests.pro'
--- tests/signond-tests/signond-tests.pro 2013-08-20 08:01:44 +0000
+++ tests/signond-tests/signond-tests.pro 2014-11-28 12:00:40 +0000
@@ -1,5 +1,6 @@
1TEMPLATE = subdirs1TEMPLATE = subdirs
2SUBDIRS = \2SUBDIRS = \
3 tst_access_control_manager_helper.pro \
3 tst_timeouts.pro \4 tst_timeouts.pro \
4 tst_pluginproxy.pro \5 tst_pluginproxy.pro \
5 tst_database.pro \6 tst_database.pro \
67
=== modified file 'tests/signond-tests/timeouts.cpp'
--- tests/signond-tests/timeouts.cpp 2013-08-20 08:01:43 +0000
+++ tests/signond-tests/timeouts.cpp 2014-11-28 12:00:40 +0000
@@ -62,6 +62,7 @@
62 IdentityInfo info = IdentityInfo(QLatin1String("timeout test"),62 IdentityInfo info = IdentityInfo(QLatin1String("timeout test"),
63 QLatin1String("timeout@test"),63 QLatin1String("timeout@test"),
64 methods);64 methods);
65 info.setAccessControlList(QStringList() << "*");
65 Identity *identity = Identity::newIdentity(info);66 Identity *identity = Identity::newIdentity(info);
66 QVERIFY(identity != NULL);67 QVERIFY(identity != NULL);
6768
@@ -135,6 +136,7 @@
135 IdentityInfo info = IdentityInfo(QLatin1String("timeout test"),136 IdentityInfo info = IdentityInfo(QLatin1String("timeout test"),
136 QLatin1String("timeout@test"),137 QLatin1String("timeout@test"),
137 methods);138 methods);
139 info.setAccessControlList(QStringList() << "*");
138 Identity *identity = Identity::newIdentity(info);140 Identity *identity = Identity::newIdentity(info);
139 QVERIFY(identity != NULL);141 QVERIFY(identity != NULL);
140142
141143
=== added file 'tests/signond-tests/tst_access_control_manager_helper.cpp'
--- tests/signond-tests/tst_access_control_manager_helper.cpp 1970-01-01 00:00:00 +0000
+++ tests/signond-tests/tst_access_control_manager_helper.cpp 2014-11-28 12:00:40 +0000
@@ -0,0 +1,320 @@
1/*
2 * This file is part of signon
3 *
4 * Copyright (C) 2014 Canonical Ltd.
5 *
6 * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * version 2.1 as published by the Free Software Foundation.
11 *
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA
21 */
22
23#include <QByteArray>
24#include <QDBusConnection>
25#include <QDBusMessage>
26#include <QDebug>
27#include <QSignalSpy>
28#include <QTest>
29
30#include <SignOn/AbstractAccessControlManager>
31#include "accesscontrolmanagerhelper.h"
32#include "credentialsaccessmanager.h"
33#include "credentialsdb.h"
34
35using namespace SignOn;
36using namespace SignonDaemonNS;
37
38// mock AbstractAccessControlManager {
39class AcmPlugin: public SignOn::AbstractAccessControlManager
40{
41 Q_OBJECT
42
43public:
44 AcmPlugin(QObject *parent = 0):
45 SignOn::AbstractAccessControlManager(parent) {}
46 ~AcmPlugin() {}
47
48 bool isPeerAllowedToAccess(const QDBusConnection &peerConnection,
49 const QDBusMessage &peerMessage,
50 const QString &securityContext) {
51 QStringList appPermissions =
52 m_permissions.value(appIdOfPeer(peerConnection, peerMessage));
53 return appPermissions.contains(securityContext);
54 }
55
56 QString appIdOfPeer(const QDBusConnection &peerConnection,
57 const QDBusMessage &peerMessage) {
58 Q_UNUSED(peerConnection);
59 return peerMessage.service();
60 }
61
62 QString keychainWidgetAppId() { return m_keychainWidgetAppId; }
63
64 SignOn::AccessReply *handleRequest(const SignOn::AccessRequest &request) {
65 Q_UNUSED(request);
66 return 0;
67 }
68
69private:
70 friend class AccessControlManagerHelperTest;
71 QMap<QString,QStringList> m_permissions;
72 QString m_keychainWidgetAppId;
73};
74// } mock AbstractAccessControlManager
75
76class AccessControlManagerHelperTest: public QObject
77{
78 Q_OBJECT
79
80public:
81 AccessControlManagerHelperTest();
82
83private Q_SLOTS:
84 void init();
85 void testOwnership_data();
86 void testOwnership();
87 void testIdentityAccess_data();
88 void testIdentityAccess();
89
90public:
91 static AccessControlManagerHelperTest *instance() { return m_instance; }
92 SignonDaemonNS::CredentialsDB *credentialsDB() { return &m_db; }
93
94private:
95 void setDbOwners(const QStringList &owners) {
96 if (owners.contains("db-error")) {
97 m_dbOwners = QStringList();
98 m_dbLastError = CredentialsDBError("DB error!",
99 CredentialsDBError::ConnectionError);
100 } else {
101 m_dbOwners = owners;
102 }
103 }
104
105 void setDbAcl(const QStringList &acl) {
106 if (acl.contains("db-error")) {
107 m_dbAcl = QStringList();
108 m_dbLastError = CredentialsDBError("DB error!",
109 CredentialsDBError::ConnectionError);
110 } else {
111 m_dbAcl = acl;
112 }
113 }
114
115private:
116 friend class SignonDaemonNS::CredentialsDB;
117 static AccessControlManagerHelperTest *m_instance;
118 AcmPlugin m_acmPlugin;
119 SignonDaemonNS::CredentialsDB m_db;
120 SignOn::CredentialsDBError m_dbLastError;
121 QStringList m_dbAcl;
122 QStringList m_dbOwners;
123 QDBusConnection m_conn;
124};
125
126AccessControlManagerHelperTest *AccessControlManagerHelperTest::m_instance = 0;
127
128namespace SignonDaemonNS {
129// mock CredentialsDB {
130CredentialsDB::CredentialsDB(const QString &metaDataDbName,
131 SignOn::AbstractSecretsStorage *secretsStorage):
132 QObject()
133{
134 Q_UNUSED(metaDataDbName);
135 Q_UNUSED(secretsStorage);
136}
137
138CredentialsDB::~CredentialsDB()
139{
140}
141
142SignOn::CredentialsDBError CredentialsDB::lastError() const
143{
144 return AccessControlManagerHelperTest::instance()->m_dbLastError;
145}
146
147QStringList CredentialsDB::accessControlList(const quint32 identityId)
148{
149 Q_UNUSED(identityId);
150 return AccessControlManagerHelperTest::instance()->m_dbAcl;
151}
152
153QStringList CredentialsDB::ownerList(const quint32 identityId)
154{
155 Q_UNUSED(identityId);
156 return AccessControlManagerHelperTest::instance()->m_dbOwners;
157}
158// } mock CredentialsDB
159
160// mock CredentialsAccessManager {
161CredentialsDB *CredentialsAccessManager::credentialsDB() const {
162 return AccessControlManagerHelperTest::instance()->credentialsDB();
163}
164CredentialsAccessManager *CredentialsAccessManager::instance() {
165 return 0;
166}
167} // namespace
168// } mock CredentialsAccessManager
169
170AccessControlManagerHelperTest::AccessControlManagerHelperTest():
171 QObject(),
172 m_db(QString(), 0),
173 m_conn(QLatin1String("test-connection"))
174{
175 m_instance = this;
176}
177
178void AccessControlManagerHelperTest::init()
179{
180 m_dbOwners = QStringList();
181 m_dbAcl = QStringList();
182 m_dbLastError = CredentialsDBError();
183}
184
185void AccessControlManagerHelperTest::testOwnership_data()
186{
187 QTest::addColumn<QString>("peer");
188 QTest::addColumn<QStringList>("ownerList");
189 QTest::addColumn<int>("expectedOwnership");
190
191 QTest::newRow("DB error") <<
192 "tom" <<
193 (QStringList() << "db-error") <<
194 int(AccessControlManagerHelper::ApplicationIsNotOwner);
195
196 QTest::newRow("empty") <<
197 "tom" <<
198 QStringList() <<
199 int(AccessControlManagerHelper::IdentityDoesNotHaveOwner);
200
201 QTest::newRow("is only owner") <<
202 "tom" <<
203 (QStringList() << "tom") <<
204 int(AccessControlManagerHelper::ApplicationIsOwner);
205
206 QTest::newRow("is co-owner") <<
207 "tom" <<
208 (QStringList() << "Bob" << "tom" << "harry") <<
209 int(AccessControlManagerHelper::ApplicationIsOwner);
210}
211
212void AccessControlManagerHelperTest::testOwnership()
213{
214 QFETCH(QString, peer);
215 QFETCH(QStringList, ownerList);
216 QFETCH(int, expectedOwnership);
217
218 setDbOwners(ownerList);
219
220 m_acmPlugin.m_permissions["tom"] = QStringList() << "tom" << "Tom";
221
222 /* forge a QDBusMessage */
223 QDBusMessage msg =
224 QDBusMessage::createMethodCall(peer, "/", "interface", "hi");
225
226 SignonDaemonNS::AccessControlManagerHelper helper(&m_acmPlugin);
227
228 AccessControlManagerHelper::IdentityOwnership ownership =
229 helper.isPeerOwnerOfIdentity(m_conn, msg, 3);
230
231 QCOMPARE(int(ownership), expectedOwnership);
232}
233
234void AccessControlManagerHelperTest::testIdentityAccess_data()
235{
236 QTest::addColumn<QString>("peer");
237 QTest::addColumn<QStringList>("ownerList");
238 QTest::addColumn<QStringList>("acl");
239 QTest::addColumn<bool>("expectedIsAllowed");
240
241 QTest::newRow("DB error") <<
242 "tom" <<
243 (QStringList() << "tom") <<
244 (QStringList() << "db-error") <<
245 false;
246
247 QTest::newRow("is owner, ACL empty") <<
248 "tom" <<
249 (QStringList() << "tom") <<
250 QStringList() <<
251 true;
252
253 QTest::newRow("is owner, not in ACL") <<
254 "tom" <<
255 (QStringList() << "tom") <<
256 (QStringList() << "bob") <<
257 true;
258
259 QTest::newRow("is owner, in ACL") <<
260 "tom" <<
261 (QStringList() << "tom") <<
262 (QStringList() << "bob" << "tom" << "harry") <<
263 true;
264
265 QTest::newRow("is owner, ACL=*") <<
266 "tom" <<
267 (QStringList() << "tom") <<
268 (QStringList() << "*") <<
269 true;
270
271 QTest::newRow("not owner, ACL empty") <<
272 "tom" <<
273 (QStringList() << "bob") <<
274 QStringList() <<
275 false;
276
277 QTest::newRow("not owner, not in ACL") <<
278 "tom" <<
279 (QStringList() << "bob") <<
280 (QStringList() << "bob") <<
281 false;
282
283 QTest::newRow("not owner, in ACL") <<
284 "tom" <<
285 (QStringList() << "bob") <<
286 (QStringList() << "bob" << "tom" << "harry") <<
287 true;
288
289 QTest::newRow("not owner, ACL=*") <<
290 "tom" <<
291 (QStringList() << "bob") <<
292 (QStringList() << "*") <<
293 true;
294}
295
296void AccessControlManagerHelperTest::testIdentityAccess()
297{
298 QFETCH(QString, peer);
299 QFETCH(QStringList, ownerList);
300 QFETCH(QStringList, acl);
301 QFETCH(bool, expectedIsAllowed);
302
303 setDbOwners(ownerList);
304 setDbAcl(acl);
305
306 m_acmPlugin.m_permissions["tom"] = QStringList() << "tom" << "Tom";
307
308 /* forge a QDBusMessage */
309 QDBusMessage msg =
310 QDBusMessage::createMethodCall(peer, "/", "interface", "hi");
311
312 SignonDaemonNS::AccessControlManagerHelper helper(&m_acmPlugin);
313
314 bool isAllowed = helper.isPeerAllowedToUseIdentity(m_conn, msg, 3);
315
316 QCOMPARE(isAllowed, expectedIsAllowed);
317}
318
319QTEST_MAIN(AccessControlManagerHelperTest)
320#include "tst_access_control_manager_helper.moc"
0321
=== added file 'tests/signond-tests/tst_access_control_manager_helper.pro'
--- tests/signond-tests/tst_access_control_manager_helper.pro 1970-01-01 00:00:00 +0000
+++ tests/signond-tests/tst_access_control_manager_helper.pro 2014-11-28 12:00:40 +0000
@@ -0,0 +1,13 @@
1TARGET = tst_access_control_manager_helper
2
3include(signond-tests.pri)
4
5SOURCES = \
6 $${SIGNOND_SRC}/accesscontrolmanagerhelper.cpp \
7 tst_access_control_manager_helper.cpp
8
9HEADERS = \
10 $${SIGNOND_SRC}/accesscontrolmanagerhelper.h \
11 $${SIGNOND_SRC}/credentialsdb.h
12
13check.commands = "./$$TARGET"

Subscribers

People subscribed via source and target branches