def test_warnWithBadFilename(self):
     """
     When the file auth plugin is given a file that doesn't exist, it
     should produce a warning.
     """
     oldOutput = cred_file.theFileCheckerFactory.errorOutput
     newOutput = StringIO.StringIO()
     cred_file.theFileCheckerFactory.errorOutput = newOutput
     strcred.makeChecker('file:' + self._fakeFilename())
     cred_file.theFileCheckerFactory.errorOutput = oldOutput
     self.assertIn(cred_file.invalidFileWarning, newOutput.getvalue())

def get_www():
    from buildbot.plugins import util
    from twisted.cred import strcred
    import private

    return dict(
        port = "unix:/home/buildbot/buildbot.sock",
        plugins = dict(
            waterfall_view = {},
            console_view = {},
            grid_view = {},
            badges = {}
        ),
        auth = util.GitHubAuth(
            private.github_client_id,
            private.github_client_secret,
            apiVersion = 4,
            getTeamsMembership = True
        ),
        authz = util.Authz(
            allowRules = [
                util.AnyControlEndpointMatcher(role = "SFML")
            ],
            roleMatchers = [
                util.RolesFromGroups()
            ]
        ),
        change_hook_dialects = {'base': True, 'github' : {}},
        change_hook_auth = [strcred.makeChecker("file:changehook.passwd")]
    )

 def setUp(self):
     self.admin = credentials.UsernamePassword('admin', 'asdf')
     self.alice = credentials.UsernamePassword('alice', 'foo')
     self.badPass = credentials.UsernamePassword('alice', 'foobar')
     self.badUser = credentials.UsernamePassword('x', 'yz')
     self.filename = self.mktemp()
     FilePath(self.filename).setContent('admin:asdf\nalice:foo\n')
     self.checker = strcred.makeChecker('file:' + self.filename)

 def test_isChecker(self):
     """
     Verifies that strcred.makeChecker('anonymous') returns an object
     that implements the L{ICredentialsChecker} interface.
     """
     checker = strcred.makeChecker('anonymous')
     self.assertTrue(checkers.ICredentialsChecker.providedBy(checker))
     self.assertIn(credentials.IAnonymous, checker.credentialInterfaces)

    def makeService(self, options):
        with open(options.config, "r") as config_file:
            config = json.load(config_file)

        root = resource.Resource()
        root.putChild('jsMath', static.File(config["global"]["jsmath"]))

        bot = service.MultiService()
        xmppclient = XMPPClient(JID(config["global"]["jid"]),
                                config["global"]["password"])
        xmppclient.logTraffic = options['verbose']
        xmppclient.setServiceParent(bot)
        xmppclient.dbpool = DatabaseRunner(config["global"]["database"])
        xmppclient.rooms = dict()

        xmlrpc_port = config["global"].get("xml-rpc-port", None)
        if xmlrpc_port is not None:
            xmlrpcinterface = XMLRPCInterface(xmppclient)
            rpc = internet.TCPServer(xmlrpc_port, server.Site(xmlrpcinterface))
            rpc.setName('XML-RPC')
            rpc.setServiceParent(bot)

        for muc_config in config["mucs"]:
            room_jid = JID(muc_config["jid"])
            mucbot = KITBot(room_jid, muc_config.get("password", None),
                            config["global"]["logpath"])
            mucbot.setHandlerParent(xmppclient)

            if "xml-rpc-id" in muc_config:
                xmppclient.rooms[muc_config["xml-rpc-id"]] = mucbot

            # Log resource
            portal = Portal(
                LogViewRealm(os.path.join(config["global"]['logpath'],
                                          room_jid.user + '.log')),
                [strcred.makeChecker(muc_config["log-auth"])]
            )
            credential_factory = DigestCredentialFactory('md5', 'Hello Kitty!')
            auth_resource = HTTPAuthSessionWrapper(portal, [credential_factory])
            root.putChild(room_jid.user, auth_resource)

        httpd_log_view = internet.TCPServer(config["global"]["http-port"],
                                            server.Site(root))
        httpd_log_view.setServiceParent(bot)

        # REPL over SSH
        def makeREPLProtocol():
            namespace = dict(bot=xmppclient)
            return insults.ServerProtocol(manhole.ColoredManhole, namespace)
        repl_realm = manhole_ssh.TerminalRealm()
        repl_realm.chainedProtocolFactory = makeREPLProtocol
        repl_checker = checkers.SSHPublicKeyDatabase()
        repl_portal = Portal(repl_realm, [repl_checker])
        repl_factory = manhole_ssh.ConchFactory(repl_portal)
        repl = internet.TCPServer(config["global"]["ssh-port"], repl_factory)
        repl.setServiceParent(bot)

        return bot

 def testAnonymousAccessSucceeds(self):
     """
     Test that we can log in anonymously using this checker.
     """
     checker = strcred.makeChecker('anonymous')
     request = checker.requestAvatarId(credentials.Anonymous())
     def _gotAvatar(avatar):
         self.assertIdentical(checkers.ANONYMOUS, avatar)
     return request.addCallback(_gotAvatar)

 def setUp(self):
     self.admin = credentials.UsernamePassword('admin', 'asdf')
     self.alice = credentials.UsernamePassword('alice', 'foo')
     self.badPass = credentials.UsernamePassword('alice', 'foobar')
     self.badUser = credentials.UsernamePassword('x', 'yz')
     self.checker = strcred.makeChecker('unix')
     # Hack around the pwd and spwd modules, since we can't really
     # go about reading your /etc/passwd or /etc/shadow files
     if pwd:
         self._pwd_getpwnam = pwd.getpwnam
         pwd.getpwnam = self._pwd
     if spwd:
         self._spwd_getspnam = spwd.getspnam
         spwd.getspnam = self._spwd

    def test_setupSiteWithHookAndAuth(self):
        fn = self.mktemp()
        with open(fn, 'w') as f:
            f.write("user:pass")
        new_config = self.makeConfig(
            port=8080,
            plugins={},
            change_hook_dialects={'base': True},
            change_hook_auth=[strcred.makeChecker("file:" + fn)])
        self.svc.setupSite(new_config)

        yield self.svc.reconfigServiceWithBuildbotConfig(new_config)
        rsrc = self.svc.site.resource.getChildWithDefault('', mock.Mock())

        res = yield self.render_resource(rsrc, '')
        self.assertIn('{"type": "file"}', res)

        rsrc = self.svc.site.resource.getChildWithDefault('change_hook', mock.Mock())
        res = yield self.render_resource(rsrc, '/change_hook/base')
        # as UnauthorizedResource is in private namespace, we cannot use assertIsInstance :-(
        self.assertIn('UnauthorizedResource', repr(res))