Beispiel #1
0
    def _get_auth(self, token):
        user_id = token.get('userId')
        username = token.get('username')
        scopes = token.get('scopes', [])
        roles = token.get('roles', [])

        if not user_id:
            raise Exception('user_id is missing')
        if not username:
            raise Exception('username is missing')
        if not scopes:
            raise Exception('scopes not specified')

        scopes = [scope.strip() for scope in scopes.split(',')]

        if roles:
            roles = [role.strip() for role in roles.split(',')]

        organizations = token.get('organizations')
        if organizations:
            organizations = [org.strip() for org in organizations.split(',')]

        namespaces = token.get('namespaces')
        if namespaces:
            namespaces = [ns.strip() for ns in namespaces.split(',')]

        return Auth(user_id,
                    username,
                    roles=roles,
                    organizations=organizations,
                    namespaces=namespaces,
                    scopes=scopes)
def test_security_context():
    """Test SecurityContext with thread-local based context.
    """
    local_context = local()
    sc = SecurityContext(local_context)

    assert sc.has_auth() is False

    auth = Auth(user_id="test", username="******")

    sc.set_auth(auth)

    assert local_context.microkubes_auth is not None
    assert sc.has_auth() is True

    result = sc.get_auth()
    assert result is not None
    assert result == auth

    sc.clear_auth()

    assert local_context.microkubes_auth is None

    assert sc.has_auth() is False
    assert sc.get_auth() is None
def test_set_auth():
    """Test set_auth to a thread-local based context.
    """
    ctx = local()
    auth = Auth(user_id="test-001", username="******")

    set_auth(ctx, auth)

    assert ctx.microkubes_auth is not None
    assert ctx.microkubes_auth == auth
def test_get_auth():
    """Test get auth from thread-local based context.
    """
    ctx = local()
    auth = Auth(user_id="test-001", username="******")
    ctx.microkubes_auth = auth

    result = get_auth(ctx)
    assert result is not None
    assert auth == result
def test_has_auth():
    """Test has_auth with thread-local based context.
    """
    ctx = local()
    auth = Auth(user_id="test-001", username="******")

    assert has_auth(ctx) is False

    ctx.microkubes_auth = auth

    assert has_auth(ctx)
def test_auth_eq():
    """Test Auth equality override.
    """
    a1 = Auth(user_id="a1", username="******")
    a2 = Auth(user_id="a1", username="******")

    assert a1 == a2
    assert a2 == a1

    a1 = Auth(user_id="a1", username="******", roles=["user"])
    a2 = Auth(user_id="a1", username="******")

    assert a1 != a2
    assert a2 != a1

    a1 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"],
              namespaces=["ns1", "ns2"], scopes="api:read,api:write")
    a2 = Auth(user_id="a1", username="******", roles=["user"], organizations=["o1", "o2"],
              namespaces=["ns1", "ns2"], scopes="api:read,api:write")

    assert a1 == a2

    # mix up the names in the lists
    a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"],
              namespaces=["ns1", "ns2"], scopes="api:read,api:write")
    a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"],
              namespaces=["ns2", "ns1"], scopes="api:read,api:write")

    assert a1 == a2

    # mix, but should not be equal
    a1 = Auth(user_id="a1", username="******", roles=["user", "r2"], organizations=["o1", "o2"],
              namespaces=["ns1", "ns2", "ns3"], scopes="api:read,api:write")
    a2 = Auth(user_id="a1", username="******", roles=["r2", "user"], organizations=["o2", "o1"],
              namespaces=["ns2", "ns1"], scopes="api:read,api:write")

    assert a1 != a2
    def _get_auth(self, attributes={}):
        """Create authentication object
        """

        user_id = attributes.get('urn:oid:0.9.2342.19200300.100.1.1', [])[0]
        email = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.6', [])[0]
        roles = attributes.get('urn:oid:1.3.6.1.4.1.5923.1.1.1.1', [])

        if not user_id:
            raise Exception('user_id is missing')
        if not email:
            raise Exception('email is missing')
        if not roles:
            raise Exception('roles not specified')

        # TODO: Add scopes, namespaces and organizations in session created from Microkubes Identity Provider
        # and user's fullname if possible
        return Auth(user_id, email, roles=roles)