Beispiel #1
0
 def testNoACLs(self):
     """All checking is skipped if no API.HandlerACLFile is defined."""
     with test_lib.ConfigOverrider({"API.HandlerACLFile": ""}):
         auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()
         auth_mgr.CheckAccess(self.mock_handler, "u1")
         bad_handler = mock.MagicMock()
         bad_handler.enabled_by_default = True
         bad_handler.__class__.__name__ = "BadHandler"
         auth_mgr.CheckAccess(bad_handler, "u2")
Beispiel #2
0
    def testRaiseIfGroupsDefined(self):
        """We have no way to expand groups, so raise if defined."""
        acls = """
handler: "ApiCallHandler"
groups: ["g1"]
"""
        with mock.patch.object(__builtin__, "open",
                               mock.mock_open(read_data=acls)):
            with self.assertRaises(NotImplementedError):
                api_auth_manager.SimpleAPIAuthorizationManager()
Beispiel #3
0
    def testDenyAll(self):
        acls = """
handler: "ApiCallHandler"
"""
        with mock.patch.object(__builtin__, "open",
                               mock.mock_open(read_data=acls)):
            auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()

        with self.assertRaises(access_control.UnauthorizedAccess):
            auth_mgr.CheckAccess(self.mock_handler, "u1")
Beispiel #4
0
 def testHandleApiCallNotEnabled(self):
     """Raises if no matching ACL and enabled_by_default=False."""
     with test_lib.ConfigOverrider({"API.HandlerACLFile": ""}):
         auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()
         self.mock_handler.enabled_by_default = False
         with mock.patch.object(api_call_handlers, "API_AUTH_MGR",
                                auth_mgr):
             with self.assertRaises(access_control.UnauthorizedAccess):
                 api_call_handlers.HandleApiCall(self.mock_handler,
                                                 "",
                                                 token=self.token)
Beispiel #5
0
    def testSimpleAPIAuthorizationManager(self):
        acls = """
handler: "DummyAuthManagerTestApiHandler"
users:
- "u1"
- "u2"
"""
        with mock.patch.object(__builtin__, "open",
                               mock.mock_open(read_data=acls)):
            auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()

        auth_mgr.CheckAccess(self.mock_handler, "u1")
        auth_mgr.CheckAccess(self.mock_handler, "u2")
        with self.assertRaises(access_control.UnauthorizedAccess):
            auth_mgr.CheckAccess(self.mock_handler, "u4")
Beispiel #6
0
    def testHandleApiCallNotEnabledWithACL(self):
        """Matching ACL and enabled_by_default=False is allowed."""
        acls = """
handler: "ApiCallHandler"
users:
- "test"
"""
        with mock.patch.object(__builtin__, "open",
                               mock.mock_open(read_data=acls)):
            auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()

        self.mock_handler.enabled_by_default = False
        with mock.patch.object(api_call_handlers, "API_AUTH_MGR", auth_mgr):
            api_call_handlers.HandleApiCall(self.mock_handler,
                                            "",
                                            token=self.token)

        self.mock_handler.Render.assert_called_once_with("", token=self.token)