def test_01_write_update_delete_cache(self): teststart = datetime.datetime.utcnow() r = add_to_cache(self.username, self.realm, self.resolver, self.password) self.assertTrue(r > 0) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertEqual(auth.username, self.username) self.assertEqual(auth.authentication, _hash_password(self.password)) self.assertTrue(auth.first_auth > teststart) self.assertEqual(auth.last_auth, auth.first_auth) update_cache_last_auth(r) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertTrue(auth.last_auth > teststart) r_delete = delete_from_cache(self.username, self.realm, self.resolver, self.password) self.assertEqual(r, r_delete) auth = AuthCache.query.filter( AuthCache.username == self.username).first() self.assertEqual(auth, None)
def test_01_write_update_delete_cache(self): teststart = datetime.datetime.utcnow() r = add_to_cache(self.username, self.realm, self.resolver, auth_hash=self.pw_hash) self.assertTrue(r > 0) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertEqual(auth.username, self.username) self.assertEqual(auth.authentication, self.pw_hash) self.assertTrue(auth.first_auth > teststart) self.assertEqual(auth.last_auth, None) update_cache_last_auth(r) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertTrue(auth.last_auth > teststart) r_delete = delete_from_cache(self.username, self.realm, self.resolver, self.pw_hash) self.assertEqual(r, r_delete) auth = AuthCache.query.filter(AuthCache.username == self.username).first() self.assertEqual(auth, None)
def test_12_authcache(self): password = "******" username = "******" realm = "myrealm" resolver = "reso001" r = save_resolver({"resolver": "reso001", "type": "passwdresolver", "fileName": "tests/testdata/passwords"}) (added, failed) = set_realm("myrealm", ["reso001"]) def fake_check_user_pass(user, passw, options=None): return True, {"message": "Fake Authentication"} set_policy(name="pol1", scope=SCOPE.AUTH, realm=realm, resolver=resolver, action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h/5m")) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} # This successfully authenticates against the authcache # We have an authentication, that is within the policy timeout AuthCache(username, realm, resolver, _hash_password(password), first_auth=datetime.datetime.utcnow() - timedelta(hours=3), last_auth=datetime.datetime.utcnow() - timedelta(minutes=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Authenticated by AuthCache." ) # We have an authentication, that is not read from the authcache, # since the authcache first_auth is too old. delete_from_cache(username, realm, resolver, password) AuthCache(username, realm, resolver, _hash_password(password), first_auth=datetime.datetime.utcnow() - timedelta(hours=5), last_auth=datetime.datetime.utcnow() - timedelta( minutes=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Fake Authentication") # We have an authentication, that is not read from authcache, since # the last_auth is too old = 10 minutes. delete_from_cache(username, realm, resolver, password) AuthCache(username, realm, resolver, _hash_password(password), first_auth=datetime.datetime.utcnow() - timedelta(hours=1), last_auth=datetime.datetime.utcnow() - timedelta( minutes=10)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Fake Authentication") # We have a policy, with no special last_auth delete_policy("pol1") set_policy(name="pol1", scope=SCOPE.AUTH, realm=realm, resolver=resolver, action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h")) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} delete_from_cache(username, realm, resolver, password) AuthCache(username, realm, resolver, _hash_password(password), first_auth=datetime.datetime.utcnow() - timedelta(hours=2), last_auth=datetime.datetime.utcnow() - timedelta( hours=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Authenticated by AuthCache.") # Clean up delete_policy("pol1") delete_realm("myrealm") delete_resolver("reso001")
def test_12_authcache(self): password = "******" username = "******" realm = "myrealm" resolver = "reso001" pw_hash = binascii.hexlify(hashlib.sha256(password).digest()) r = save_resolver({"resolver": "reso001", "type": "passwdresolver", "fileName": "tests/testdata/passwords"}) (added, failed) = set_realm("myrealm", ["reso001"]) def fake_check_user_pass(user, passw, options=None): return True, {"message": "Fake Authentication"} set_policy(name="pol1", scope=SCOPE.AUTH, realm=realm, resolver=resolver, action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h/5m")) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} # This successfully authenticates against the authcache # We have an authentication, that is within the policy timeout AuthCache(username, realm, resolver, pw_hash, first_auth=datetime.datetime.utcnow() - timedelta(hours=3), last_auth=datetime.datetime.utcnow() - timedelta(minutes=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Authenticated by AuthCache." ) # We have an authentication, that is not read from the authcache, # since the authcache first_auth is too old. delete_from_cache(username, realm, resolver, pw_hash) AuthCache(username, realm, resolver, pw_hash, first_auth=datetime.datetime.utcnow() - timedelta(hours=5), last_auth=datetime.datetime.utcnow() - timedelta( minutes=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Fake Authentication") # We have an authentication, that is not read from authcache, since # the last_auth is too old = 10 minutes. delete_from_cache(username, realm, resolver, pw_hash) AuthCache(username, realm, resolver, pw_hash, first_auth=datetime.datetime.utcnow() - timedelta(hours=1), last_auth=datetime.datetime.utcnow() - timedelta( minutes=10)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Fake Authentication") # We have a policy, with no special last_auth delete_policy("pol1") set_policy(name="pol1", scope=SCOPE.AUTH, realm=realm, resolver=resolver, action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h")) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} delete_from_cache(username, realm, resolver, pw_hash) AuthCache(username, realm, resolver, pw_hash, first_auth=datetime.datetime.utcnow() - timedelta(hours=2), last_auth=datetime.datetime.utcnow() - timedelta( hours=1)).save() r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"), password, options=options) self.assertTrue(r[0]) self.assertEqual(r[1].get("message"), "Authenticated by AuthCache.") # Clean up delete_policy("pol1") delete_realm("myrealm") delete_resolver("reso001")
def test_06_delete_other_invalid_entries(self): # Test deletion of expired entries r1 = add_to_cache(self.username, self.realm, self.resolver, u"somethingDifferent") r2 = add_to_cache(self.username, self.realm, self.resolver, self.password) auth1 = AuthCache.query.filter(AuthCache.id == r1).first() auth2 = AuthCache.query.filter(AuthCache.id == r2).first() last_valid_cache_time = auth1.first_auth new_valid_cache_time = auth2.first_auth self.assertFalse(auth1.first_auth == auth2.first_auth) # delete entries where password matches or first_auth is older than last_valid_cache_time delete_from_cache(self.username, self.realm, self.resolver, self.password, last_valid_cache_time=last_valid_cache_time) auth = AuthCache.query.filter( AuthCache.username == self.username).first() # r2 should have been deleted since the password matches, # r1 is still there since it's first_auth is equal to last_valid_cache_time self.assertEqual(auth.id, r1) # by setting the last_valid_cache_time to the first_auth of r2, the # entry r1 should be deleted as well delete_from_cache(self.username, self.realm, self.resolver, 'unknown_pw', last_valid_cache_time=new_valid_cache_time) auth = AuthCache.query.filter( AuthCache.username == self.username).first() self.assertEqual(None, auth) # Test deletion if max_auths is reached r1 = add_to_cache(self.username, self.realm, self.resolver, self.password) r2 = add_to_cache(self.username, self.realm, self.resolver, u"somethingDifferent") update_cache(r2) update_cache(r2) auth2 = AuthCache.query.filter(AuthCache.id == r2).first() self.assertEqual(2, auth2.auth_count) # this deletes the entries matching the password and max_auth delete_from_cache(self.username, self.realm, self.resolver, self.password, max_auths=2) auth = AuthCache.query.filter( AuthCache.username == self.username).first() self.assertEqual(auth, None)